Command Line Essentials for Security Analysts

Command Line Essentials for Security Analysts teaches you the core command-line skills you need to operate with precision, speed, and confidence in an investigative context. Whether you’re working in a Linux terminal or a Windows command shell, this course gives you a practical foundation rooted in real-world analysis skills.

This isn’t just a “here’s what grep does” kind of course. It’s designed specifically for security analysts, with a focus on making the command line an extension of your brain. You’ll learn to use it to find answers, spot anomalies, and accelerate your investigations.

You’ll build comfort with a wide range of command-line tools and techniques by applying them to common investigative tasks in Bash, Windows CMD, and PowerShell. Topics include:

Searching

• Find values or expressions in one file or across thousands
• Search for multiple values at once, or filter out noise entirely
• Locate files of different types and execute actions against them

Data Properties

• Count characters, lines, or unique values in a file
• Identify MIME types, hash files for integrity checks, and understand file sizes at a glance
• Compare files for similarities and differences

Manipulating Data

• Replace values with sed and awk
• Add line numbers, split files, translate characters, and more
• Count occurrences of unique values in files
• Sort files for anomaly detection

Output & Monitoring

• Read files in reverse, sort output, and monitor real-time changes
• Append, replace, or redirect output to suit your workflow

Parsing for Analysis

• Extract values from delimited text
• Work with CSV, JSON, and XML formatted data at the field level
• Output specific data columns to answer investigative questions

Transferring & Plumbing Data

• Use tools like netcat to send and receive data across systems
• Interact with APIs, make HTTP requests, and proxy data between endpoints

Utility Functions

• Loop through files, suppress errors, and chain commands together
• Write tool output to a file, send it to another tool, or suppress it
• Use man pages effectively, leverage xargs, and compress data when needed

We developed the course content based on skills inventories from working analysts in SOC and digital forensic roles and designed the learning objectives to include must-have information for aspiring and practicing analysts. You’ll quickly become comfortable interacting with investigative data on the command line in a way that will be most useful for you. I'll be with you the entire way to provide feedback on your work and push you forward.

If you want to become comfortable knowing which command line tools to use and how to get the most out of them… Command Line Essentials for Security Analysts is the course you’re looking for.

You can view a detailed course syllabus here and a sample video here.

Command Line Essentials for Security Analysts Includes:

Over 10 hours of demonstration videos. These videos will teach you relevant command line utilities; not just how to use them, but when and why you would want to use them.

Hands-on labs to help you develop and test your skills. You’ll complete lab exercises by leveraging the skills you learn in the demonstration videos to complete command line-centric tasks. I’ll be with you along the way to provide guidance and feedback on your work.

Participation in our student charitable profit-sharing program. A few times a year, we designate a portion of our proceeds for charitable causes. AND students get to take part in nominating charities that are important to them to receive these donations.

Frequently Asked Questions

Is this course live?

This is NOT a live course. It’s an online video course you can take at your own pace. You’ll interact with the instructor asynchronous through the course exercises.

How long do I have access to the course material?

You have access to the course for six months following your purchase date. If you need more time, you can extend your access for a small monthly fee.

Are there any prerequisites or lab requirements for this course?

This course is designed for all security practitioner skill levels and assumes no prior command line experience. We will demonstrate command line techniques using Ubuntu Linux, Windows Command Prompt, and Windows PowerShell. You should have access to the command line interface on each relevant platform you want to follow along with.

How much time does it take to do this course?

Given the number of lab exercises, completing the course takes people varying times. You can plan for around 10 hours of lecture and demonstration lessons and 3-5 hours for lab exercises on your own. We recommend spreading your time in the course out over at least a few weeks to benefit from the effects of spaced learning.

How many CPEs/CMUs is this course worth?

Organizations calculate continuing education credits in different ways, but they are often based on the length of the training. This course averages 15 hours of video+lab work.

Do you offer discounts for groups from the same organization?

Yes. To inquire about discounts or group invoices, please contact us at info@appliednetworkdefense.com.

Meet the Course Author – Tom Harrison

Tom Harrison is a security operations manager, analyst, threat hunter, pen tester, researcher, and CTF enthusiast. By day, he runs a SOC team and teaches cyber security. By night, he plays CTFs, hack things, and eats a professional volume of tacos. ​You can find Tom on LinkedIn or as @s0cm0nkeysec on Twitter.