Tracer FIRE

A week-long hands-on computer security training and exercise for cyber defenders in DOE, other government agencies, and related critical infrastructure.

The event consists of 2½ days of intensive, hands on training, followed by a 2 day exercise carefully crafted to reinforce the training and introduce more new concepts.

Register Upcoming Events

Training Tracks

Tracer FIRE begins with two days of intensive training in the participant's choice of one of four tracks, and then an additional half-day flyover in a second track:

Network Archaeology

Analyzing network traffic and log files to find evidence, malware, or behavior; and reverse-engineering unknown binary protocols.

Host Forensics

Investigating and retrieving malicious software artifacts from Windows systems.

Detailed Overview

Malware Analysis

Navigating Windows API calls, program logic, and x86 byte code on Windows platforms to recognize patterns useful for creating detection rules.

Incident Coordination

Learning how to coordinate a large-scale incident; tying together analysts, management, IT, and any other interested parties.

Detailed Overview


Training is followed by a 2 day puzzle-based exercise

How it works

Participants self-form into teams; people who haven't yet joined a team get instructor help in joining others at a similar skill level. The teams are then let loose on a free-form set of challenges spanning multiple categories. Team members work together to solve puzzles, sharing tips and making new professional contacts.

In addition to puzzles carefully designed to test techniques taught in the training courses, additional puzzle categories challenge participants to further develop their skill set through learn-as-you-play exercises in new skill areas.

In previous events, participants reported making an average of 4 new professional contacts. The quality of the training tracks and contest were each rated at greater than 4 out of 5.

Exercise Categories

Some of the categories from Tracer FIRE 4 in 2012:

  • Forensic analysis
  • Javascript deobfuscation
  • Network archaeology
  • Malware reverse-engineering
  • Sequence analysis
  • Binary file reverse-engineering
  • Snort® mastery
  • Splunk® mastery


Upcoming and Past Tracer FIRE Events

Upcoming Events

  • Tracer FIRE 6M: 20-24 April 2015, DOE CyberSecurity Conference, Kansas City
  • Tracer FIRE 6E: 1-5 June 2015, Washington DC
  • Tracer FIRE 7W: TBD 2015/2016, Western States
  • Tracer FIRE 7E: TBD 2016, Eastern States

Past Events

  • Tracer FIRE 2: February 2010, Santa Fe
  • Tracer FIRE 3: 7-10 March 2011, Santa Fe
  • Tracer FIRE 4: 6-10 February 2012, Santa Fe
  • Tracer FIRE 5: 4-8 February 2013, Online

Register for Tracer FIRE 6E

  • June 1-5, 2015
  • Hyatt Regency Reston
  • Reston, VA

Training: Monday and Tuesday

We will endeavor to place you in your first preference for training. But if class space fills up, we may need to bump you into your second preference.

First preference
Second preference

Flash Training: Wednesday morning

For Tracer FIRE 6E only, we are providing a 4-hour "flash training" topic overview in a second category. Please indicate your primary and backup choices for this flash training.

First preference
Second preference


We use Tracer FIRE as an opportunity to conduct research on training effectiveness, teamwork, and how to build a community of computer security professionals. During the Tracer FIRE exercise, we may observe your activities, record when your team checks out a puzzle, your team's puzzle solutions and times they were submitted, and your team's written comments (if any) on the puzzles. You may choose whether or not to participate in other research activities, including talking directly to researchers and/or filling out questionnaires and evaluation forms. We will not record your name or other information that could identify you as an individual in any material collected for research purposes.

If you have any questions or concerns, please contact us at the link below, or contact the Los Alamos National Laboratory Human Subjects Research Review Board at (505) 667-1848 or

Contact us