Certified Threat Intelligence Analyst
Cyber Intelligence Tradecraft

The Certified Threat Intelligence Analyst - Cyber Intelligence Tradecraft training course follows the iterative processes of the intelligence lifecycle while covering non-inclusively. This course follows the International Association for Intelligence Education Standards for Intelligence Analyst Initial Training incorporating intelligence community member validated content and hands-on experience in the cyber environment since 2004.

I. Introduction to Intelligence
II. Critical Thinking
III. Analytic Writing
IV. Creative Thinking
V. Analytic Briefing
VI. Structured Analytic Techniques.
VII. Analytic Issues
VIII. Argument Mapping
IX. Case Studies

This course is unique and innovative providing students with academic understanding, live case studies, and a course that drives practical over memorization for a test. 

The course is likened to an apprenticeship during an intensive 5-day training course covering the intelligence lifecycle.

Anonymity and Passive Persona setup
Collection Methods and Techniques
Collection Planning, IRs/PIRs/EEIs/Indicators/SIRs
Collection Process Flow
Collection (OSINT) Tools and Targeting
Threat Intelligence
Most likely Threat Actors
Access to ThreatStream during the class
Hunch.ly
Use of Maltego – overview
OPSEC – VPNs, Buscador, Authentic8 Silo
OSINT Browser – Oryon C Portable
Proxy Access – the DarkNet
Demonstration – Recorded Future / Intel471
Burn phone setup and use (US Only)
Open Source Intelligence OSINT
Production Methods
Structured Analytic Techniques – Their use
Adversary Denial and Deception
Source Credibility and Relevance
Source Validation
Denial and Deception
Confidence Levels
Types of evidence
Production Management
Critical and Creative Thinking
Cognitive Bias
Glossary and Taxonomy
What Intelligence Can and Cannot Do
Use of Mitre ATT&CK in Analysis
ATT&CK in examining patterns and trends
ATT&CK in Adversary tendencies
Estimation and Forecasting
Campaign analysis
Types and Methods of Analysis
Synthesis and Fusion
Analysis of Competing Hypothesis
Inductive/Abductive/Deductive Reasoning
Stakeholder Identification, and Analysis
Analytic Writing, BLUF, AIMS
Forecasting in your writing
STEMPLES Plus
Indicators of Change
Argument Mapping
Types of Reports
Product Line Mapping
Report Serialization, and Dissemination
Live Case Studies – Class briefs

Lecture, Hands-on, Apprenticeship, in-class exercises, student presentations covering structured analytic techniques, analysis of competing hypotheses, analytic writing and deliver, analytic products, templates, course material—40 CPEs

 

We also have a different module that can be included depending on the audience. This module is geared towards IR and SOC staff:

  • Intro to Cyber Intelligence
    • What does intelligence mean to the SOC?
    • What does intelligence mean to Incident Response?
  • A day in the life of an intelligence analyst
  • Intelligence Lifecycle
    • Define what your group does
    • Define how your group uses intelligence
    • Define how your group produces intelligence
  • Mitre ATT&CK
    • Tactics
    • Techniques
    • Tools
    • ATT&CK Navigator
    • ATT&CK Examples
  • Chronology and Timelines
    • ATT&CK Chronology
    • Comparing past and present
    • Comparing and contrasting different threat groups
  • Estimative ATT&CK
  • Adversary Targeting – Threat Profiling - Threat Matrices
    • Primary Threats
      • Nation-state
      • Foreign intelligence services
      • Military cyber units
      • Threat groups and proxies
      • Cybercriminals
      • Others
    • Adversary skills
    • Adversary maliciousness
    • Interest in your organization
    • Motivation – objective – conditions
      • Opportunity
      • Triggers
      • Course(s) of action
      • Capabilities
    • Level of automation
    • Potential impact
  • Threat Hunting
    • Purpose and Scope
    • Hunt level maturity
    • Threat Hunting Lifecycle
      • Lifecycle and Maturity Level matrix
    • Patrolling
    • Stalking
    • Searching, clustering, grouping, stack counting
    • Process flow
      • Entry point
      • Plan the hunt
      • Execute the hunt
      • Malicious or not?
      • Document the performed steps
      • Document the findings
      • Prepare the report
      • Hunt Key Metrics
    • Establish priorities Iterative Approaches and Feedback Loop
    • RACIs – who does what
    • Tactical Intelligence Risk
    • Situational Awareness
      • Emerging threats
      • Coordination with other groups
      • Likely adversary courses of action
    • Intake Forms
      • Request for Information (RFI)
      • Responding to RFIs
    • Incident Intelligence
      • Interfacing with the Cyber Threat Intelligence (CTI) teams
      • What do we need from CTI?
      • What can CTI do and what can they not do
    • Indicators Cyber DECIDE, DETECT, DELIVER and ASSESS (D3A) framework
    • Specific information requirements Cyber FIND, FIX, FINISH, EXPLOIT, ANALYZE and DISSEMINATE (F3EAD) methodology
    • Crown jewel information
      • Checklist questions
      • Possible intelligence requirements (non-prioritized)

Contact Treadstone 71 Today for all your Cyber Intelligence needs.

CONTACT US TODAY