IR Now
How it works

From zero to ready,
without the consulting bill

IR Now turns your organization's real systems and playbooks into training your team actually remembers. Here's the whole journey.

STEP 01

Tell us about your org

Answer a guided profile — industry, tech stack, team size, and compliance needs. 37 fields quietly shape every module that follows.

  • Cloud providers, identity stack, and key tools
  • Frameworks you report against (SOC 2, ISO 27001)
  • Team roles and existing playbook references
irnow.net/courses/new · step 1 of 4
Financial technology
51–200
AWS
SOC 2ISO 27001PCI DSS
STEP 02

AI tailors the training

IR Now generates a full course — foundations, team-tailored tracks, and scenario deep-dives — written around the systems you actually run.

  • Foundations everyone shares, tracks tuned by team
  • Review and edit any module before publishing
  • Regenerate sections with one click
irnow.net/courses/review
What ransomware does to fintech · Foundations6 min
On-call engineer: first 15 minutes · Team8 min
Isolating an AWS workload · Scenario10 min
Notifying stakeholders & counsel · Foundations5 min
STEP 03

Your team trains

Learners work through scenario-based modules and timed quizzes that test real judgment — multiple choice, ordering, spot-the-mistake, and timed decisions.

  • Role-specific content for every team member
  • Inline feedback that explains the right call
  • Pass to earn a verifiable certificate
irnow.net/learn · module 3 quiz
A workstation is encrypting files across a shared drive. What's your first move?
A Isolate the host from the network immediately
B Reboot the machine to stop the process
C Wait to confirm with the file owner
D Pay the ransom to recover quickly
STEP 04

Measure readiness

See module-level scores, knowledge gaps by question type, and certification status across the whole team — then schedule recurring training to keep it fresh.

  • Readiness scores by team and individual
  • Gap analysis pinpoints weak topics
  • Automatic re-certification cycles
irnow.net/reports
87%
Team readiness
94%
Certified
3
Open gaps
Containment92%
Detection78%
Recovery64%
Coverage

Incident scenarios covered

14 scenario modules — every one available on every plan. Tap any scenario to see what your team practices.

Every scenario module follows the same deep structure: detection signals → response priorities → your org's context → team scenario → role-specific actions → tool-specific steps.
Malware & extortion

Ransomware

On every plan

Malware encrypts systems and demands payment to restore access. Drills rapid isolation, recovery from backups, and the discipline to coordinate before paying anything.

Detection signals

  • Mass file-extension changes
  • Ransom notes appearing on hosts
  • Backup deletion or tampering

Response priorities

  • Isolate affected hosts fast
  • Preserve evidence & scope spread
  • Engage backups, legal & comms
Every learner also works through
What it isWhy it mattersDetection signalsResponse prioritiesYour org's contextTeam scenarioRole-specific actionsTool-specific stepsKey takeaways
Built for every team

Different teams, different training

10 role-specific modules — each team gets a track written for what they actually do during an incident. Tap a team to see what its module covers.

Leads the response

Security Team

The security team runs point on every incident — hunting threats, triaging forensics, and driving containment from detection to recovery.

What this team's module covers 6 sections
  • Role overview & responsibilities
  • Threat hunting during active incidents
  • Forensic triage
  • Containment strategy
  • Runbook & tooling maintenance
  • IR leadership

↑ Tap any team to see the module IR Now tailors for them

How a course is built

Three layers of training

Layer 1

Foundations

Shared fundamentals every learner completes — the common language and baseline of incident response.

Includes: fundamentals, communication, evidence handling, severity, readiness.
Layer 2

Team-tailored

Tracks tuned by department — engineers, leadership, support, and GTM each get what's relevant to them.

Custom tags: label learners by team, location, office — or anything you define. Assign tailored modules and break analytics down by any tag.
Layer 3

Scenario deep-dives

Focused walkthroughs of individual incidents — detection, containment, and recovery in detail.

Up to 7 scenarios per course on Pro and Enterprise.
Set expectations

What IR Now is — and isn't

IR Now is

  • Grounded in expert IR frameworks, tailored to your real systems and playbooks
  • Scenario-based, testing real decision-making
  • Continuously updated as threats evolve
  • Fast to deploy — live in hours, not weeks

IR Now isn't

  • Generic, off-the-shelf compliance training
  • A penetration testing or vulnerability scanning tool
  • A SIEM, detection, or monitoring tool
  • A one-time, set-and-forget course

See it built for your stack.

Request access and we'll generate a course from your organization's real profile.

Request access