Cyber Threat Intelligence Analysis Training

Cyber Threat Intelligence Analysis Training

Print Friendly, PDF & Email


Cyber Threat Intelligence Analysis Training Workshop with Hands-On Exercises (Online, Onsite and Classroom Live)

This 5-day Cyber Threat Intelligence Analysis Training course teaches network defenders to collect, analyze, and apply targeted cyber intelligence to defensive operations in order to proactively act on and adapt to sophisticated and dedicated attacks by cyber adversaries. As malicious software incorporates more advanced counter-detection techniques, the limited signature and heuristic analysis capabilities of anti-virus software and Intrusion Detection and Prevention Systems (IDS/IPS) become less and less effective. White-listing and sandboxing technologies have proven to mitigate many host-based attacks, but additional methodologies of analysis and attribution of known and unknown Advanced Persistent Threat (APT) actors are needed to positively identify and prioritize the most formidable threats to the network.

This Cyber Threat Intelligence Analysis Training course applies the Intelligence Cycle to the full-spectrum exercise of proactive network defense. It is intended as the core competency of Threat Intelligence operations and as the precursor to additional technical intelligence collection courses. It further serves to provide students with the all-source methodology of employing cyber collection sources and disciplines in a cumulative effort to apply to network defensive postures. When properly employed, this process fosters a cyber environment of preemptive action and provides network defenders and operators with an understanding of the tools, techniques and procedures (TTPs) needed to generate the timely and relevant intelligence that is required to preemptively apply network fortifications before compromise and to respond to cyber events in an expeditious manner.

What’s Included?

  • 5 Days of Cyber Threat Intelligence Analysis Training from an Authorized Instructor
  • Official Student Electronic Courseware
  • Certificate of Completion


Cyber Threat Intelligence Analysis – Related Courses

Cyber Threat Intelligence Analysis Training – Customize It:

  • We can adapt this Cyber Threat Intelligence Analysis course to your group’s background and work requirements at little to no added cost.
  • If you are familiar with some aspects of this Cyber Threat Intelligence Analysis course, we can omit or shorten their discussion.
  • We can adjust the emphasis placed on the various topics or build the Cyber Threat Intelligence Analysis around the mix of technologies of interest to you (including technologies other than those included in this outline).
  • If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Cyber Threat Intelligence Analysis course in manner understandable to lay audiences.

Cyber Threat Intelligence Analysis – Audience/Target Group

The target audience for this Cyber Threat Intelligence Analysis course:

  • Individuals are tasked with network defense, internal risk assessment, or the analysis of cyber threats to their respective organizations’ networks.
  • Incident Response Team Members
  • Security Practitioners
  • Threat Hunters
  • Security Operations Center Personnel
  • Federal Agents and Law Enforcement Officials
  • Digital Forensic Analysts and Malware Analysts

Cyber Threat Intelligence Analysis Training – Class Prerequisites:

The knowledge and skills that a learner must have before attending this Cyber Threat Intelligence Analysis course are:

  • There are no required prerequisites for course attendance, but students will benefit from possessing a relative working knowledge of network defenses and networking.

Cyber Threat Intelligence Analysis Training – Objectives:

  • Students will learn how to apply all-source cyber intelligence-informed operational methodologies, including proactive cyber analysis, to accurately identify risks from specific threats. This is delivered through method-driven instruction of Intelligence Analysis techniques taught by experienced Intelligence Community (IC) professionals. The instructors will teach the intelligence-driven operations cycle – data collection, exploitation, analysis, reporting, and dissemination – to develop the methods of identifying threats and assessing and prioritizing risk. Students will be introduced to cyber intelligence sourcing, risk management and assessment, indicators of compromise, application and assessment of adversarial profiles and TTPs to proactively defend networks.
  • The principle objective of this course is to equip network defenders, intelligence analysts, and other security operations personnel with a modern methodology to characterizing, investigating, attributing, and responding to advanced cyber threats in a collaborative, real-time environment. Students should expect to leave this course with proficiency in intelligence-driven network defense operations.

Cyber Threat Intelligence Analysis Training – Course Outlines:

What is Intelligence?

  • Intelligence vs. Information (vs. Evidence)
  • The Intelligence Cycle: Refining Intelligence from Information
  • Reducing Uncertainty

The pursuit of Truth: Bias and Cognition

  • Cognitive Biases
  • Logical Fallacies
  • Cognition: Thinking About Thinking

Intelligence vs The Cyber Threat

  • Why Cyber Threat Intelligence?
  • Contextual Cyber Threat Intelligence
  • Know Thy Enemy: The Actors
  • Hacking Methodology, Attack Cycle & ATT&CK

Implementing TI for Proactive Network Defense

  • Conceptualizing the Conflict
  • Threat Intelligence Driven Risk Management
  • Proactive Cyber Defense Cycle
  • Risk Profiles & Risk Assessment

Planning for Intelligence Operations

  • Intelligence Planning: Strategic, Operational, Tactical, and Technical
  • Generating Requirements

Collection Management, Planning & Tasking

  • Collection Management
  • Project Management for Intelligence Operations

Cyber Threat Intelligence Collection

  • Open Source Intelligence (OSINT)
  • Surface Web Searching
  • Deep and Dark Web Searching
  • Proactive Adversary Research
  • Intelligence Sharing, Knowledge-bases, and TI Platforms

Specialized Single-Scope Collection Operations

  • Data Collection and Analysis
  • Malware Collection and Analysis
  • HUNT Operations: Manning the Gap
  • Network Security Operations

Techniques in Analyzing the Threat

  • Validation and Triage
  • Structured Analytic Techniques

Anatomy of a Report

  • Reporting for Appropriate Dissemination
  • Types of Cyber Threat Intelligence Reports

Completing the Circle

  • Post-Compromise IR Guidance Report

Cyber Threat Intelligence Analysis Training

Whether you are looking for general information or have a specific question, we want to help!

Request More Information

    Time frame: