Collection Manager’s Course

All too often we see organizations receive information on threat actors only to point-and-shoot when it
comes to collection. There is little to no structure in this critical task that drives all intelligence
production, analysis, and analytic writing.

This course prepares the organization’s designated intelligence professional as the person in charge of
Managing collection planning, staffing, targeting, ensuring integrated, synchronized, and deconflicted collection actions. As information is received from internal requests for information, analysis of existing data, information, and intelligence on the subject in question, the collection manager correlates and determine gaps in preparing the collection plan. This course prepares students in the development of collection requirements, designed to maximize the effectiveness of your limited resources covering what may seem as vast areas of online targets. The course assists the collection manager in determining where to look, when to look, and what to look for. We provide students with situation and event templates, how to fill them out, how to manage the ever-changing problem iteratively, and how to establish collection priorities base on the courses of action the threat actor may likely adopt.

The collection manager works with the intelligence and priority intelligence requirements to develop the collection plan translating these into specific information requirements used to provide targeting while managing the availability and capabilities of the collection/research team.

The course prepares the collection manager with the following non-inclusively:

  • Collection Planning Screening Sources
  • Interpretation of Stakeholder Needs Data Segmentation and Prioritization
  • Intelligence Requirements Establishing a program of record
  • Moving from intelligence requirements to priority intelligence requirements Intelligence Gaps
  • Essential elements of information Targeting
  • Indicators Cyber DECIDE, DETECT, DELIVER and ASSESS (D3A) framework
  • Specific information requirements Cyber FIND, FIX, FINISH, EXPLOIT, ANALYZE and DISSEMINATE (F3EAD) methodology
  • Analysis of requirements against the existing knowledge base Open Source Collection
  • What do you have? Tools, Methods, Resources
  • What do you not have? Using the TIP
  • What is the gap? Vendor Report Reviews
  • Where and how will you acquire that data? Threat Intelligence Platform Use and Data Extraction
  • How much time do you have? Tagging strategies
  • What resources are available to you? The Standard Desktop
  • What skills do you have to accomplish the task? Rules of Engagement
  • What skills do you not have? Escalation Guidelines and Rules
  • Mission and Requirements Management Passive Collection
  • Convert RFI’s to collection requirements Observables
  • Converting intelligence-related information requirements into collection requirements Strategic, Tactical, Technical
  • Establish priorities Iterative Approaches and Feedback Loop
  • Coordinate with other internal and external sources Data/Information dissemination
  • Iterative re-tasking Continuous monitoring of collection results
  • Anticipate collection requirements Meeting SIR requirements
  • Validate preplanned collection tasks Awareness of production and analysis status
  • Update adaptive collection plans Redirects and information reporting to
  • Collection Planning Forms and Tracking Collection plan effectiveness
  • The Collection Manager’s Matrix Feedback loop
  • Credibility / Validity / Relevance After action reviews – at any time
  • Probability Scoring Collection Operational Security
  • Data Provenance - Dates/Times Collection Planning Process Flow and Metrics
  • Types of Evidence Collection Manager Oversight
  • Collection Manager Communications and Sharing

Lecture, Hands-on, Apprenticeship, in class exercises, student presentations, templates, course material—24 CPEs 3-days

Contact Treadstone 71 Today for all your Cyber Intelligence needs.