Reviewed by Harry Sidhu — ISO 27001 Lead Implementer, NV1-cleared · Updated May 2026
A practical guide to the PECB Certified Incident Responder (CIR) — the 5-day, hands-on incident-response certification for SOC analysts, blue-teamers, and cybersecurity professionals in Australia. Covers the curriculum, the 3-hour exam, the two credential tiers, and real AUD cost.
The PECB Certified Incident Responder (CIR) is a 5-day, hands-on incident-response certification, priced at $1,165 AUD through Aegentra, that proves you can detect, contain, and remediate ransomware, malware, perimeter, and persistence incidents.
CIR is a 5-day, hands-on cybersecurity incident-response certification from PECB. It equips security professionals to detect, respond to, and mitigate incidents across the modern threat landscape — ransomware, malware, perimeter threats, and advanced persistence mechanisms — through threat intelligence, malware analysis, containment strategies, digital forensics, and building tailored response playbooks. View the full course details.
Incident response is now a legal and regulatory expectation. The Notifiable Data Breaches scheme under the Privacy Act requires notifying the OAIC and affected individuals of eligible breaches. The SOCI Act requires critical-infrastructure operators to report significant cyber incidents to ASD and the ACSC within 12 hours, and other reportable incidents within 72 hours. APRA CPS 234 requires material information-security incidents to be notified to APRA. This drives strong demand for SOC analysts, blue-team operators, and incident responders.
Day 1 covers incident-response fundamentals, team coordination, and response playbooks. Day 2 covers ransomware and malware response, containment, and recovery. Day 3 covers perimeter threat intelligence, detection, and containment. Day 4 covers advanced persistence mechanisms, digital forensics, evidence handling, and post-incident review. Day 5 is the certification exam.
The CIR exam is a 3-hour exam combining multiple-choice and scenario-based questions across five competency domains: fundamental concepts of incident response, ransomware incident response, malware incident response, perimeter threats detection and response, and incident response to persistent mechanisms. The pass mark is 70% and the exam is remotely proctored, so you can sit it from anywhere in Australia.
Both tiers require passing the exam and signing the PECB Code of Ethics. The Provisional Incident Responder credential has no experience requirement. The full Certified Incident Responder credential additionally requires two years of incident-response or cybersecurity experience and 300 hours of project activity — you can upgrade once you meet those thresholds.
Through Aegentra, an official PECB partner, CIR is $1,165 AUD (GST added at checkout). The price includes 450+ pages of official course materials, hands-on exercises and simulations, the official PECB exam voucher, one free resit within 12 months, 31 CPD credits, and 12 months access via myPECB.
CIR maps to roles such as incident responder, SOC analyst, blue-team operator, cybersecurity analyst, and security operations lead. Enrol through Aegentra, work through the materials at your own pace, sit the exam, and claim your credential. Browse the whole Aegentra Academy catalogue or enrol in Certified Incident Responder.