information warfare

  • t71cyberreconMany in the marketplace today serve up data and information as intelligence. They focus almost exclusively on collection and collection feeds to some sort of visual tool that presents pictures of links, some with trends and a few with patterns and tendencies. They call this analyzed intelligence. However, we know that intelligence analysis requires significant skill. These are skills that almost all do not have since they do not recognize what intelligence analysis really is. Treadstone 71 is experienced and skilled at intelligence analysis. Our methods followed traditional structured analytic techniques that require patience, perseverance, aptitude and skills. Attributes highly sought after in the industry but seldom found. Treadstone 71 drives research and extracts data from both the surface internet and the darknet.

    We collect - We organize - We decompose - We prioritize - We analyze - We think - We report - We deliver - Iterative lifecycle methods incorporating objective analysis with intuition and structured methods of anlaysis - Since 2002

     Contact Treadstone 71 for Cyber Intelligence and Traditional Cyber Security Services:

  • baseballcardsTargeting focuses on achieving stakeholder objectives. It is the function of targeting to achieve efficiently those objectives within the parameters set at the operational level, directed limitations, the rules of engagement, or rules for the use of force in the cyber world, and other guidance given by stakeholders.baseballcards2

    Targeting seeks to create specific desired effects through adversary infiltration and data extraction. Target analysis encompasses all possible means to create desired effects, drawing from all available capabilities. The art of targeting seeks to create desired effects with the least risk and expenditure of time and resources. Targeting is a fundamental task of cyber operations that encompasses many disciplines and requires participation from skilled intelligence operators with many different capabilities that far exceed technical skills.

  • The legal issues notwithstanding, offensive cyber actions are the only way we are going to get our adversaries to pay attention. Whether they are cyber criminals, foreign intelligence services, cyber proxies, hackers, hacktivists, or some other such adversary, we need to do more than just stand and take a beating. Read the blog here: 

  • This course provides an look into the technical aspects of computer cybercrime investigations. It correlates cyber situations with that of traditional investigations while focusing on the threats and attacks that are used by terrorists and criminals. Counter tactics as well as methods to leverage the same tools, techniques, and processes for investigations will also be highlighted. It follows in sequence after cyber intelligence and cyber counterintelligence.
    At the completion of this course, participants will be able to:

    • Understand the challenges of investigating cyber crimes
    • Develop an integral asymmetric mindset
    • Understand the multitude of legal, ethical, and privacy related issues associated with cybercrime investigations
    • Correlate and address the impact that the cyber realm has within the Criminal Justice field
    • Compare and contrast various theoretical and social perspectives used to explain cybercrime
    • Discuss and analyze the impact the cybercriminals can create on cybercrime victims, society and economic, as well as predicting emerging and controversial cybercrime issues
    • Apply cyber laws, regulations, and cybercrime-related legal concepts to explaining cybercrime activities
    • Explain important steps law enforcement use to investigate cybercrime cases and bring the cases to trial
    • Analyze the potential effectiveness of the federal government’s responses to addressing cybercrime and threat to critical information infrastructures
    • Understand the importance and use of Mutual Legal Assistance Treaties and Letters Rogatory
    • Cyber Criminal investigations objectives:  1) Determine if a crime was committed; 2) Collect information and evidence legally to identify who was responsible; 3) Apprehend the person responsible; 4) Recover stolen property; 5) Present the best possible case to the prosecutor; and 6) Provide clear, concise testimony.
  • Cyber Intelligence Training

    This five-day course examines Sherman Kent’s Analytic Doctrine from the cyber perspective as well as the availability and use of OSINT tools. Students will be able to understand the cyber intelligence lifecycle, the role and value of cyber intelligence relative to online targeting and collection, in modern organizations, businesses, and governments at the completion of this course. In addition, students will understand the use methods of only anonymity, the fundamentals behind cyber intelligence collection and analysis and how these current methods can be employed in their organizations to assist in online operational security and in their defense against adversaries. The course is a combination of lecture, hands-on and student deliverables seen by many as an apprenticeship.

    Upon completion of the course, each student will be able to:


    1. Identify the differences and intersections between open source data, open source information and open source intelligence
    2. Understand the role and value of cyber intelligence relative to online targeting and collection, in modern organizations, businesses, and governments at the completion of this course
    3. Understand the use of online anonymity
    4. Understand collection and analysis of online human intelligence, geospatial information, imagery intelligence, and cyber intelligence
    5. Understand the fundamentals behind cyber intelligence collection and analysis and how these current methods can be employed in their organizations for prevention
    6. Understand the basics of Analysis of Competing Hypotheses (ACH) tool and usage
    7. Gain the ability to use open source intelligence tools to target, collect, produce and analyze data points into actionable intelligence.
    8. Understand how to quickly examine the data for new targeting and potential immediate recommendations and/or opportunities
    9. Understand how to gather information based upon provided targets
    10. Understand how to use several OSINT tools for data collection
    11. Understand how to collect, product and analyze data that provides my organization with a valid view of its Cyber-OPSEC posture
    12. Understand what type of information my adversaries know about my organization and how students can use this to enhance organizational security postures and improve prevention through situational awareness

    This class is for anyone wishing to learn about cyber intelligence concepts and methods using open source tools for operational security, infiltration, analysis, recommendations and opportunities presentations, that provide their organizations with an immediate understanding of their Internet attack surface. Students wishing to understand adversarial methods and concepts surrounding the virtual manifestation of the traditional intelligence tradecraft are urged to attend.

    Call today 1-888-714-0071 or email us at This email address is being protected from spambots. You need JavaScript enabled to view it.

  • The plethora of 2017 cyber security predictions do nothing but distract practitioners from executing actual controls and methods of defense and prevention. Each year we get slammed with predictions that aret71training never followed, are common sense, and serve to market and sell products and services. The so-called information and cyber security experts, many times self-proclaimed, spew predictions on all potential areas. This is not much more than fake news and methods to direct readers to vendor products. The vendor products that claim to solve these predictions and therefore, become self-fulfilling prophecies. For the most part, once the predictions are published, the follow-up to their success is non-existent. Their purposes are to market and sell, drive perception, manage the market, and drive a false sense of vendor expertise.

    Treadstone 71 Training 2017

    We should focus on actual problem resolution and change the failed paradigm within which security exists. We continue to propagate vendor products and services that do not work, only treating the symptoms. This is not much different from the pharmaceutical industry that markets pills to you each evening during the news and prime time. Pills that treat symptoms and cause more side effects than they do solve issues. Advertisements that drive up the cost of the product manipulating the market and those that prescribe the 'solutions' to recommend purchase.

    The only way we change this paradigm, and I mean we, is to push back on these vendors to solve problems and quit selling products that treat symptoms. We must also correct our own internal behaviors. A few weeks ago, I published a potential list of 12 items to change this paradigm (the 12th is a shameless plug so 11). They are listed below.

    We need to forget the Jerry Springer-like entertainment of annual cyber predictions and focus on solving the hard problems we face.

    What does Treadstone 71 seek? We seek an end to the noise and an understanding that our information, our intellectual property, and our way of life is under constant siege. We are in a cyber war with skirmishes and battlesoccurring 24x7. We need to direct the carpetbaggingvendors to cease in their war profiteering and take a moral stance in fighting our adversaries. We also need to correct and adjust how we run IT and information security. The list of 11 is below. We welcome your comments, your additions, and your assistance in this call to action to change the failed paradigm.


  • The Cyber Shafarat - Check out what is trending. Syrian Electronic Army Posts 1-11 with a 80GB data dump - Cyber Remediation of Daesh, Urban Cyber Warfare. The Cyber Shafarat

    One stop news source includes data points, open source intelligence, cyber intelligence with a focus on the Middle East. Customized advisory services, research/warning/estimative/threat and targeted intelligence. Structured analytic techniques and offensive cyber actions. Subject matter expertise in cyber socio-cultural techniques and methods. Follow Cyber Reconnaissance to stay abreast of the latest info. At your fingertips for free. Timely, Relevant, Useful.

    Cyber Reconnaissance News

  • Treadstone 71 Training 2017  Organizations follow inaccurate definitions of threat intelligence leading to poorly conceived cyber threat intelligence programs. Vendors communicate threat intelligence Reflectionsdefinitions supporting their offerings propagating the fallacy that threat intelligence solves numerous security problems. (updated)

    Cyber Threat Intelligence functions being built on a foundation that is not supported by standard intelligence tradecraft. Many programs support a fraction of the intelligence needs, yet stakeholders hold unrealistic expectations based upon expenditures.

  • NIST is coming out with new standards, updates to existing guidelines and new guidelines at a much faster rate than in previous years. Threats continue to morph, audit requirements continue to become more stringent, and CyberScope questions and audit recommendations from the previous year are being addressed while the agency awaits the 'late' arrival of new CyberScope questions for the existing year (even 5 to 6 RMFmonths into the Fiscal Year).

    As the new guidance from NIST is released, many organizations do not have time to review the extensive documents and come up with a strategy to apply the guidance to their particular environments. In addition, many government agencies are so large and decentralized that many key security and agency staff do not get the message on the new standards and guidance. They are too busy with their day-to-day jobs to spend time understanding what the new information means to them.

    In response to these issues, Treadstone 71 created the FISMA Focused Role Based Training. For example, our training covers all aspects of how to apply the risk management framework (RMF) as defined in NIST Special Publication 800- 37Rev1. We cover the six steps (Figure 1), roles and responsibilities, as well as how to apply the into your systems/software development lifecycle. We provide training on security program assessments as outlined in 800-100; in-depth information on how to apply and build an enterprise integrated risk management program through all three defined Tiers (800-39); the new risk management process as defined in 800-30Rev1; and the most difficult that seems to be giving many organizations trouble - defining, applying and integrating continuous monitoring through all three Tiers and control types (managerial, technical and operational) so a cohesive approach is applied. We even provide training on how best to interface with the office of inspector general (OIG) and other auditors. Treadstone 71 believes this interface and relationship should be not only amicable but also symbiotic in nature.

    Contract Treadstone 71 to find out how we can help you educate your staff, integrated the new guidelines while getting ready for the next OIG audit.

    Call today 1-888-714-0071 or email us at This email address is being protected from spambots. You need JavaScript enabled to view it.

  • This course examines Sherman Kent's Analytic Doctrine from the cyber perspective as well as the availability and use of OSINT tools. Students are able to understand the cyber intelligence lifecycle, the role and value of cyber intelligence relative to online targeting and collection, in modern organizations, businesses, and governments at the completion of this course and, use of our advisory services. 


  • At Treadstone 71, we view cyberspace as a global domain within the information environment consisting of the independent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, embedded processors, controllers -- anything connected, or connected devices. It is a fifth domain of warfare that is under attack daily -- by nation states, nongovernment organizations, terrorists, criminals, and hacktivists.

  • or What I want for Cyber Security and Intelligence Christmas 2016


    1. All CIOs must have served as a CISO for at least 4 years before being allowed to be a CIO.
    2. All CIOs must have a CISSP, CISM, and at least 2 technical information security certifications and have been thoroughly trained and qualified to be a CIO. No more cronyism.
    3. CISOs will never report to the CIO – conflict of interest and a recipe for … what we have now.
    4. If you are the administrator for a device, you secure that device (servers, routers, appliances, etc.). You are responsible and accountable – Secure what you own. Secure what you manage.
    5. CIOs and their leadership will be held liable for deploying vulnerable systems.
    6. All new products (IoT and beyond) must be certified secure before public release. No more figure it out as we go and bolt it on after we have consumers hooked.
    7. All root access / administrative rights for production, critical, supporting, etc., systems and devices are removed and granted only for approved changes and incidents.
    8. All written code and script must be written properly. There is no such thing as secure code, only code the works correctly and does not create vulnerabilities.
    9. All operating systems will be shipped closed and installed closed with a risk rating system for each port, protocol, and/or service. Each modification reduces the security posture of the operating system providing a risk score while automatically offering advice on how to remediate that score with other controls.
    10. New regulations to enforce security and privacy, demanding disclosure of breaches, fining companies and individuals for negligence are put in place, at once.
    11. Vendors posting adversary IoCs, TTPs, and other methods that would normally be seen as ‘telling the enemy what we know, i.e., sedition’ will be fined for such activity.
    12. You will tell yourselves over and over again that contracting with Treadstone 71 to build your cyber intelligence strategy andprogram is the absolute right thing to do (repeat after me …).

    Merry Cyber Christmas from Treadstone 71

  • We are nothing like competitors who are rooted in defensive posture actions with a pedigree in reverse engineering malware and providing defensive solutions for that malware. Most come from anti-virus and law enforcementInterestedinyour success
    backgrounds where 'see, detect, and arrest' is their mantra. They offer technology solutions based upon this method of protection. Although they do provide information on adversaries, the information is based on the technology. Most are VC funded and need to sell product and do so as a lead requirement. Technology is not the solution only a tool. Treadstone 71 is profitable without VC overhead and have only your best interests at hand. We are not an MSSP. Treadstone 71 does not sell product. We are independent of technology companies and not beholden to venture capital overhead. We are not cyber carpetbaggers.

    What Treadstone 71 provides is a full-spectrum solution that takes the information you provide in your SOC and incident response functions combining that with complete political, economic, social, technological, environmental, legislative, industrial, educational, and religious aspects of the adversary as well as adversary dossiers and organizational structures. What you receive from Treadstone 71 is detailed information and intelligence on your adversary that far surpasses the technical realm. Where Treadstone 71 service excels is in the ability to provide you with techniques, methods, capabilities, functions, strategies, and programs to not only build a fully functional intelligence capability, but a sustainable program rooted in stakeholder requirements and needs.  Treadstone 71 is rooted in strong military and intelligence community backgrounds.

    Sample areas of the Treadstone 71 difference: 

    • we help you improve your incident detection, prevention, and response developing feedback to improve your cyber defenses
    • we assist you in using you threat intelligence to help automate security operations and remediation actions enhancing your operational tradecraft
    • we guide you in the building of a centralized threat intelligence service that guides cybersecurity activities of other organizational units
    • we drive efficiencies and effectiveness in risk management
    • we operationalize your threat intelligence from little to no processes to mature procedures, standard operating procedures, and workflows
    • we ensure integration between all things PESTELI +R+E+ and existing technologies in your SOC
    • we ensure you understand how to define credibility and relevance of your threat intelligence feeds that leads to truly actionable intelligence
    • we assist you in understanding your attack surface and online footprint from websites to social media to the darknet creating new opportunities for targeted intelligence collection
    • we help identify, infiltrate, and track adversaries providing information where and when possible to prevent attacks
    • we understand geopolitical factors that helps prepare your cyber environment for current and future contingencies
    • we learn the priorities of your adversaries and help you define a more assertive cyber posture for your organization
    • we tailor strategies and programs based upon your organizational needs and the needs of leadership
    • we teach and embed cyber intelligence tradecraft in your organization that is lasting following structured techniques proven in the intelligence community
    • we educate and drive situational awareness through table top exercises based upon proven military methods adopted for commercial organizations
    • we identify adversary front companies, their means, motives, and targets
    • we look at adversary’s skills, motivation, maliciousness, types of adversaries, level of automation and rate, informational impacts, targets, defensive measures, adversary course(s) of action, operational impact, line of business impact, and attack vectors
    • we create and maintain a presence on their virtual soil using virtual HUMINT methods to help identify your attack surface, your digital footprint
    • we know methods of collection, organization/production, structured analytic techniques, how to determine source credibility, communicate gaps and confidence levels, analyze using standard methods of inference, deductive and inductive reasoning, apply clear process for critical thinking, and deliver product in standard analytic writing methods that is clear and concise
    • we have been penetrating adversary sites, forums and social media since 2004 using both active and passive methods of cyber engagement – we have been in business since 2002
    • we listen


  • The Beacon Series

    Learn about intelligence tradecraft.


  • Treadstone 71 Cyber Intelligence Program - Align with the needs of leadership - Force Multiplier Advisory Services

    Years ago, Treadstone 71 crafted a series of training classes at the Master's level for students eager to learn about cyber intelligence. Since then, Treadstone 71 continued to hone the courses to current events and organizational needs.  Organizations need training in cyber intelligence. All too often we find a dire lack of understanding outside of collection. Most organizations have staff that are proficient at collecting data well. But the next steps in the cyber intelligence lifecycle is lacking. Our training solves that problem providing students with the tools necessary to organize, produce, analyze and deliver recommendations and opportunities to leadership.  


  • Treadstone 71 trains, advises and builds cyber intelligence, threat, business, and competitive intelligence programs. Since 2002, Treadstone 71's footprint is the basis for many intelligence programs.

    Half Moon Bay, CA – February 8, 2017 - Treadstone 71 announced today enhancements and expansion of their industry leading Force Multiple Intelligence Advisory Services. “Our services deliver actionable intelligence to consumers enabling proactive threat mitigation strategies,” said Jeff Bardin, Chief Intelligence Officer for Treadstone 71. “The intelligence community proven methods, structured techniques, and Kent/Heuer-based procedures increase client awareness of their threat posture while supporting rapid response to their cyber incidents.”

    The Treadstone 71 Force Multiplier Intelligence Advisory Services clarifies the cyber threat intelligence strategy while illuminating a path for tactical implementation. In developing this strategy, we adhere to guiding principles. Principles validated when building-outthreat intelligence programs from Arizona to Australia. The Treadstone 71 advisory services enable:

  • head of threat intel


    Treadstone 71 provides threat intelligence leadership service that is designed to assess and benchmark your organization's cyber intelligence program examining incident response, cybercrime, hunt groups, red/blue/purple teams, threat intelligence, leadership/stakeholder issues and needs, reporting, integration, and communication. The Interim Head of Threat Intelligence Service is customized and scaled based on the size of your organization and industry type. Treadstone 71 provides a structured approach used to measure and develop your intelligence direction.  for organizations using internationally recognized information security standards. 

    NOTE: Sign up for Treadstone 71 Cyber Intelligence Tradecraft Certification training here:

    Part of the Treadstone 71 Force Multiplier Intelligence Advisory Services


    Online sign up coming soon (

    The Treadstone 71 Cyber Intelligence, Threat Intelligence, Cyber CounterIntelligence training courses follow standard intelligence community lifecycle including collection methods, techniques, planning, PIRs, and collection tools and targeting with a focus on intelligence analysis. Intelligence production methods and process flows are covered as well as evidence credibility, reliability, denial and deception, and confidence levels. Students are required to demonstrate understanding and use structured analytic techniques as well as various types of analysis including synthesis and fusion of data and information into actionable intelligence. Learn the tradecraft taught in the US Intelligence Community. 

     Sign up for courses here

  • puzzleThis includes integrating, evaluating, and analyzing all available data—which is often fragmented and even contradictory—and distilling it into the final intelligence products, which highlight information on topics of immediate importance or make long-range assessments. Treadstone 71 Cyber and Threat Intelligence Program Build Services - 10 years running

    Analysts, who are subject-matter specialists, absorb incoming information, evaluate it, produce an assessment of the current state of affairs within an assigned field or substantive area, and then forecast future trends or outcomes.

    They integrate data into a coherent whole,putting the evaluated information in context, and produce finished intelligence that includes assessments of events and judgments about the implications of the information for your organization.

    Use structured analytic techniques and types of analysis

    Analysts are encouraged to include alternative futures in their assessments and to look for opportunities to warn about developments abroad that could either provide threats to or opportunities for organizational security and policy interests.

    Analysts also develop requirements for the collection of new information. From analysis, we move to analytic writing.

    What to know more? Sign up for Treadstone 71 Cyber Intelligence Training 



Search Our Site

Treadstone 71 YouTube Channel 



The Cyber Intelligence Training adds rapid returns to both Cyber Intel Analysts, and Security Ops Centers.  Each student receives quality instruction and hands-on experience with today’s OSINT tools and intelligence tradecraft.  This is necessary for anyone new to Cyber Intelligence and complimentary to any Security Operations within your enterprise. This 4.5-day class provides the student with the resources and fundamentals needed to establish cyber intelligence as a force as both a proactive offensive step and a counter intelligence-contributing arm of your larger team.  – Antonio 

Online Cyber Intelligence Training Center for online courses

Jan 14-18, 2019 Cyber Intelligence - Amsterdam, NL

Cyber Intelligence Tradecraft Certification - Reston, VA March 4-8, 2019           

Cyber CounterIntelligence Tradecraft Certification - Reston, VA March 11-14, 2019

Intelligence Tradecraft - CounterIntelligence - Clandestine Cyber HUMINT  - Cyber Psyops - Persona Creation and Management - Cyber Influence Operations - Middle Eastern Cyber Warfare Tradecraft

Blended courses - Courses on demand - Courses developed per your needs, quietly and quickly

Students and organizations taught (non-inclusively): AIB, American Express, Capital One, NATO, Belgian Military Intelligence, Commonwealth Bank, Bank of America, ING, NCSC NL, Defense Security Services, PNY, Dell Secureworks, HPE Security, EclecticIQ, Darkmatter (AE), General Electric, General Motors, PNC, Sony, Goldman Sachs, NASA, DoD, East West Bank, Naval Air Warfare Center, VISA, USBank, Wyndham Capital, Egyptian Government, DNB Norway, Euroclear, Malaysian Cyberjaya, People's United Bank, Baupost Group, Bank of North Carolina, Fidelity Investments, Citi, Citigroup, T. Rowe Price, Wells Fargo, Discover, Blackknight Financial Services, Intercontinental Exchange (ICE), Citizens Financial Group, Scottrade, MetLife, NY Life, Synchrony Financial, TD Ameritrade, National Reconnaissance Office, FBI, Stellar Solutions, Lockheed Martin, Harvard Pilgrim, State of Florida, Deloitte, Ernst and Young, Mitsubishi, Tower Research, Geller & Company, KeyBank, Fannie Mae, BB&T, Aviation ISAC, JP Morgan Chase, Barclays, Nomura International, ING, Finance CERT Norway, BBVA, PenFED, Santander, Bank of America, Equifax, BNY Mellon, OCC, Verizon, Vantiv, Bridgewater Associates, Bank of Canada, Credit Suisse, HSBC, International Exchange, Vista Equity Partners, Aetna, Betaalvereniging Nederland, Dutch Police, non-inclusively (as well as several other firms by proxy as they hire qualified intelligence professionals trained by Treadstone 71).

Terms of Use - Privacy Policy - Course EULA



"Fantastic class that gets to the foundational aspects of traditional tradecraft. We studied hard examining recent attack campaigns. The analysis training prepared me for real-world efforts. Have to say this is one of the best classes I have ever taken having taken many from SANS.  SANS does not compare. They are more of a class mill today.  The Treadstone 71 course material is unique, focused, and timely."

“This is one of the best, if not the best, Cyber Threat Intelligence training course I've attended.”


Ironically, said Bardin, it was Stuxnet that led Iran to enhance its offensive capability: ‘If Stuxnet had happened to the US or UK, it would have been seen as an act of war. In Iran, it made them invest heavily in offensive cyber operations.’

He revealed that 18 percent of Iranian university students are studying computer science – a cyber warfare talent pool.

Treadstone 71 Interview - Daily Mail on Industrial Control System Hacks



Treadstone 71 Cyber Intelligence Services

Treadstone 71 at Blackhat


Treadstone 71 New Services - Analysis as a Service

Cyber Jihad - 2008-2011 Compilation Part 1

Cyber CoiunterIntelligence Doctrine

Iran Cyber Proxies and Capabilities 

The Irari Report

Gaming as a Method of Jihadist Training

Treadstone 71 Keynote

Treadstone 71 Fox News

Treadstone 71 Hacktivity