Cyber Intelligence Collection Manager's Course - Certified Threat Intelligence Collection Manager

 Cyber Intelligence Collection Manager's Course - Certified Threat Intelligence Collection Manager

Course syllabus and content proprietary to Treadstone 71

For questions on the course, contract Treadstone 71 at osint AT treadstone71 DOT com
All who sign up must agree to the Course EULA. Signing up for the course indicates click-through consent.
Three-day course

Treadstone 71 Cyber Intelligence Collection Manager’s Course

All too often we see organizations receive information on threat actors only to point-and-shoot when it comes to collection. There is little to no structure in this critical task that drives all intelligence production, analysis, and analytic writing.

This course prepares the organization’s designated intelligence professional as the person in charge of Managing collection planning, staffing, targeting, ensuring integrated, synchronized, and deconflicted collection actions. As information is received from internal requests for information, analysis of existing data, information, and intelligence on the subject in question, the collection manager correlates and determine gaps in preparing the collection plan. This course prepares students in the development of collection requirements, designed to maximize the effectiveness of your limited resources covering what may seem as vast areas of online targets. The course assists the collection manager in determining where to look, when to look, and what to look for. We provide students with situation and event templates, how to fill them out, how to manage the ever-changing problem iteratively, and how to establish collection priorities base on the courses of action the threat actor may likely adopt.

The collection manager works with the intelligence and priority intelligence requirements to develop the collection plan translating these into specific information requirements used to provide targeting while managing the availability and capabilities of the collection/research team.

The class includes:  
Collection Planning Iterative Approaches and Feedback Loop
Interpretation of Stakeholder Needs Data/Information dissemination
Intelligence Requirements Continuous monitoring of collection results
Moving from intelligence requirements to priority intelligence requirements Meeting SIR requirements
Essential elements of information Awareness of production and analysis status
Indicators Redirects and information reporting to
Specific information requirements Collection plan effectiveness
Analysis of requirements against the existing knowledge base Feedback loop
What do you have? After action reviews – at any time
What do you not have? Collection Operational Security
What is the gap? Collection Planning Process Flow and Metrics
Where and how will you acquire that data? Collection Manager Oversight
How much time do you have? Collection Manager Communications and Sharing
What resources are available to you? Building your Adversary Targeting – Threat Profiling - Threat Matrices 
What skills do you have to accomplish the task? Primary Threats 
What skills do you not have? Nation-state
Mission and Requirements Management Foreign intelligence services
Convert RFI’s to collection requirements Military cyber units
Converting intelligence-related information requirements into collection requirements Threat groups and proxies
Establish priorities Cybercriminals
Coordinate with other internal and external sources Others
Iterative re-tasking Adversary skills
Anticipate collection requirements Adversary maliciousness
Validate preplanned collection tasks Interest in your organization
Update adaptive collection plans Motivation – objective – conditions 
Collection Planning Forms and Tracking Opportunity
The Collection Manager’s Matrix Triggers
Credibility / Validity / Relevance Course(s) of action
Probability Scoring Capabilities
Data Provenance - Dates/Times Level of automation
Types of Evidence Potential impact
Screening Sources Threat Hunting Planning and Collection
Data Segmentation and Prioritization Purpose and Scope
Establishing a program of record Hunt level maturity
Intelligence Gaps Threat Hunting Lifecycle 
Targeting Establish priorities Iterative Approaches and Feedback Loop
Cyber DECIDE, DETECT, DELIVER and ASSESS (D3A) framework RACIs – who does what
Cyber FIND, FIX, FINISH, EXPLOIT, ANALYZE and DISSEMINATE (F3EAD) methodology Tactical Intelligence Risk
Open Source Collection Situational Awareness 
Tools, Methods, Resources Emerging threats
Using the TIP Coordination with other groups
Vendor Report Reviews Likely adversary courses of action
Threat Intelligence Platform Use and Data Extraction Intake Forms 
Tagging strategies Request for Information (RFI)
The Standard Desktop Responding to RFIs
Rules of Engagement RFIs as Analytic Writing Documents
Escalation Guidelines and Rules Incident Intelligence 
Passive Collection Interfacing with the Cyber Threat Intelligence (CTI) teams
Observables What do we need from CTI?
Strategic, Tactical, Technical What can CTI do and what can they not do
  Crown jewel information 
  Checklist questions
  Possible intelligence requirements (non-prioritized)
  • Learn how to drive integrated information gathering on a strategic, operational, and tactical topics
  • Explore methods of research and get publicly available information in response to intelligence gaps
  • Expand your ability to find relevant sources for data collection
  • Support internal cyber and threat intelligence develop, acquire, evaluate and/or implement collection tools and methodologies
  • Devise methods to develop information discoverability processes

Event Properties

Event Date 12-09-2019 7:45 am
Event End Date 12-11-2019 5:00 pm
Registration Start Date 05-15-2019
Capacity Unlimited
Cut off date 12-05-2019 11:55 pm
Individual Price $2,490.00
Location Hyatt Regency Coconut Point
We are no longer accepting registration for this event