Intelligence and CounterIntelligence Consulting

Treadstone 71 Training Justification

Subject: Request to Attend the Treadstone 71 NAME OF COURSE training

Dear [Decision Maker Name],

The Treadstone 71 Certified Threat Intelligence Analyst training takes place INSERT START DATE through INSERT END DATE at the LOCATION NAME in CITY, STATE, or COUNTRY. The training offers INSERT NUMBER OF DAYS of educational training from a former intelligence community professional. Intelligence professionals regard this class as the world’s leading training program for cyber and threat intelligence professionals. Therefore, I would like to request approval to attend, as I believe it will further develop my threat intelligence skills and build knowledge around greatly improving our cyber threat intelligence program.

The training offers comprehensive, innovative educational sessions following Intelligence Community standards from the International Association for Intelligence Education Standards for Intelligence Analyst Initial Training:

  1. Introduction to Intelligence
  2. Critical Thinking
  3. Analytic Writing
  4. Creative Thinking
  5. Analytic Briefing
  6. Structured Analytic Techniques.
  7. Analytic Issues
  8. Argument Mapping
  9. Case Studies

The course covers critical intelligence skill areas and emerging threat intelligence concepts facing our organization.

If I attend, I’ll receive:

  • Over INSERT NUMBER OF HOURS of educational training and INSERT NUMBER OF CPEs.
  • Hands-on with the latest open-source intelligence tools.
  • Review of normally paid threat intelligence feed solutions (Intel471 and Recorded Future) while in the class.
  • Operational security concepts, including a 30-day VPN license.
  • Intensive training on:
    • Stakeholder Analysis
    • Collection Planning
    • Collection Activities and Targeted Collection
    • Intelligence Requirements Development
    • Open Source Intelligence Methods
    • Adversaries and Campaign Analysis
    • Structured Analytic Techniques for Intelligence
    • Methods and Types of Analysis
    • Analytic Writing and Peer Review
    • Analysis, Reporting, and Dissemination
    • Mitre ATT&CK Analysis and Comparisons
    • Forecasting and Estimative Reporting
    • STEMPLES Plus Strategic Intelligence
    • Synthesis and Fusion Methods.
    • Advanced Adversary Targeting and Campaign Analysis
    • Strategic Intelligence Analysis
  • I’ll also have the chance to understand the methods used in intelligence agencies from an intelligence professional who has been teaching this course for 11 years.
  • I’ll benefit from the instructor’s years of passive data collection on adversaries while maintaining operational security while networking with other students on their experiences in intelligence.


The approximate investment for my attendance is as follows (complete the information as appropriate):

Travel costs


Accommodation (### nights at (DOLLARS xxx/night*)


Full Training Pass (for ### days)


Payback: Our ROI

I believe the insights learned by Treadstone 71 Training will help speed incident response resolution, assist security operations in gaining insights into our cyber adversaries, and enhance our cyber threat intelligence program with intelligence community skills and knowledge. The cost of the course seems a small price to pay for actionable intelligence to help our business combat cyber threats and the reputational damage that results from even a minor compromise. Other courses from other companies in this field charge at least 25% more and usually 30-35% more and you get less from those courses.

When I return from the Treadstone 71 training, I will compile a short presentation covering what we covered in the class, applicable functions to consider for immediate use, methods of collection, how best to use analytic methods, and ways to quickly improve our written products.

[Add standard sign off]

Intelligence for the C-Suite and Stakeholders

Intelligence for the C-Suite and Stakeholders

This is an On-Demand Course

Please contact us to schedule training.

The C-Suite craves new information that drives business decisions. Cyber and Threat Intelligence is just what is needed! Are you in need of awareness of the intelligence lifecycle and how intelligence drives your security team and supports your business? Do you know what Cyber Intelligence and Cyber Threat Intelligence are? This is a one-day (6 hour) course designed to educate corporate leadership and stakeholders in cyber and threat intelligence. There is a general awareness of the need to establish intelligence functions. Many organizations do not have a fundamental understanding of what intelligence is, where the function should reside, how it is different from business and competitive intelligence while understanding the overlaps and natural points of integration. We target corporate leadership delivering a clear and coherent training that equips stakeholders with the understanding and tools they need to assist in building a successful intelligence program.

The seminar covers cyber, threat, competitive, business and supply chain intelligence functions designed to quickly provide leadership with the understanding need to support and build a successful intelligence program. We will cover strategic plan development, approaches, intelligence risk and standard operating procedures helping to tune your threat intelligence strategy to mitigate risk. The seminar includes stakeholder and executive models for supporting the intelligence process ensuring alignment with information security, incident response, security operations and the business. Gain insights into intelligence tradecraft and the need for sharing as methods of preparedness and corporate due diligence.


In Person - ON DEMAND - 1 Day

The course prepares the executive with the following understanding non-inclusively:

Actors and Campaigns
Analysis Overview
Analyst Activities
Analytic Writing
Basic Concepts Concerning Intelligence
BLUF and AIMS, Supervisory Actions, Summary Paragraphs
Challenges for Stakeholders to Accept Intelligence
Collection Management
Estimative, Warning, Advisories, STEMPLES Plus
Feedback Loop
Functions and Capabilities
Goals / Objectives
Guiding Principles
ICD 203, 206, 208
Implementing Intelligence Programs
Indicators of Change
Indicators of Compromise
Intelligence Requirements
Intelligence Risk
Intelligence Strategic Challenges
Intelligence: Role, Definitions, and Concepts
Issues, Tactics, Techniques, Methods, and Principles Managing Intelligence Projects
Job Descriptions
Know your professor, get an A – Communicating Up
Leading the Team
Maturity Model and Tracking
Measurements of Effectiveness
Mitre ATT&CK
Operational, Technical, Tactical
Peer review
Priority Intelligence Requirements
Production Management
Providing Focused Leadership
Relevance, Timeliness, Completeness, Accuracy, Usability
Reports and Reporting
Roles and Responsibilities
Rules for developing analysts - Alignment and as collectors/researchers
Source Data Analysis
Stakeholder checklist and stakeholder management needs
Stakeholder Views: Impact on Intelligence
Strategic Analysis Leading to Strategic Decisions
Strategic Plan development, acceptance, and dissemination
The Analyst’s Roles and Responsibilities - RACI(s)
The Executive / Stakeholder's Roadmap
The Need for Sharing – Safely/Securely/Trust
The Role of Intelligence Management
The Role of Strategic Intelligence and Its Impact on Stakeholders
The Role, Responsibilities, and Functions of the Analyst
The Strategic Intelligence Process - Operations to Tactics
The Treadstone 71 Method
Threat Intelligence
Threat Intelligence Platform
Threat Matrix
TIP Selection Process
Understanding Issues and the Process
What is Intelligence?
What is not Intelligence?
What the Analyst will face
Who/What, Why Now, So What, Impact So Far, Outlook, & Implications
Why Stakeholders and Executives Need Strategic Analysis


This is a one-day interactive seminar used to educate, work with, understand, and prepare stakeholders and leadership for effectively building and managing a cyber threat intelligence team.

Read more: Intelligence for the C-Suite and Stakeholders

Collection Manager’s Course

Collection Manager’s Course

Online On-Demand Course 8 Weeks easily extended

All too often we see organizations receive information on threat actors only to point-and-shoot when it comes to collection. There is little to no structure in this critical task that drives all intelligence production, analysis, and analytic writing.


This course prepares the organization’s designated intelligence professional as the person in charge of managing collection planning, staffing, targeting, ensuring integrated, synchronized, and deconflicted collection actions. As information is received from internal requests for information, analysis of existing data, information, and intelligence on the subject in question, the collection manager correlates and determine gaps in preparing the collection plan. This course prepares students in the development of collection requirements, designed to maximize the effectiveness of your limited resources covering what may seem as vast areas of online targets. The course assists the collection manager in determining where to look, when to look, and what to look for. We provide students with situation and event templates, how to fill them out, how to manage the ever-changing problem iteratively, and how to establish collection priorities base on the courses of action the threat actor may likely adopt.

The collection manager works with the intelligence and priority intelligence requirements to develop the collection plan translating these into specific information requirements used to provide targeting while managing the availability and capabilities of the collection/research team.

The course prepares the collection manager with the following non-inclusively:

    • Collection Planning Screening Sources
    • Interpretation of Stakeholder Needs Data Segmentation and Prioritization
    • Intelligence Requirements Establishing a program of record
    • Essential elements of information Targeting
    • Analysis of requirements against the existing knowledge base Open Source Collection
    • What do you have? Tools, Methods, Resources
    • What do you not have? Using the TIP
    • What is the gap? Vendor Report Reviews
    • Where and how will you acquire that data? Threat Intelligence Platform Use and Data Extraction
    • How much time do you have? Tagging strategies
    • STEMPLES Plus – Strategic Analysis
    • What skills do you have to accomplish the task? Rules of Engagement
    • What skills do you not have? Escalation Guidelines and Rules
    • Mission and Requirements Management Passive Collection
    • Convert RFI’s to collection requirements Observables
    • Data Provenance
    • Collection Manager Communications and Sharing
    • Support to Leadership
    • Purpose of Stakeholder Analysis
    • Questions used to organize your products
    • Know your customer checklist
    • Getting started checklist
    • High-level process overview
      • How to Communicate Up
    • Steps to follow
      • Sample Invitation Letter
    • Strategic Questioning and Listening
      • Active and Empathic Listening
    • Stakeholder Collection and Tracking Model
      • Reporting formats for real-time interaction
      • Choices of visual support materials
      • Stakeholder Impact and Influence
    • Stakeholder Tracking
    • Priority Intelligence Requirements (PIR) – What are they?
      • Intelligence Requirements
    • Common Adversaries
    • Information Requirements Process Flow
      • Intelligence Requirements
      • Essential Elements of Information
      • Specific Information Requirements
      • Indicators
      • The Overall IR Process Flow
    • Targeting – Intelligence Collection
    • Information Required Prior to Intelligence Requirements
    • Prioritization
      • What is an Intelligence Requirement
      • What is a Priority Intelligence Requirement
      • Prioritization continued
    • Collector/Analyst Need to Understand
    • Stakeholder knowledge of their systems and data
    • Intelligence Team Priority Intelligence Requirements Examples
    • Collection – Research RACI
    • Indicators and Warnings
    • Intelligence Requirements Tracking
    • Get them to requirements
    • What is D3A?
    • D3A Targeting Requirements
      • Adversary Identification
      • Breakdown
    • Bring in Stakeholder Requirements
    • What is F3EAD?
    • The D3A/F3EAD Integrated Process
      • Aligned to the Cyber Threat Intelligence Lifecycle
      • Integrated Lifecycle Breakdown
      • The Full Lifecycle
      • The Treadstone 71 D3A and F3EAD Diagram and Intel Lifecycle
    • Logical Adversaries to Intelligence Requirement Development
      • Building Threat Matrices
      • Simple to Complex
      • Inclusion of ATT&CK Groups aligned to Nation-States
    • Threat Matrices
      • Simple to Complex
    • Wrap-up // Q&A
    • The Six Categories – ASCOPE
      • Area
      • Structures
      • Capabilities
      • Organizations
      • People
      • Events
    • D3A Targeting F3EAD
    • STEMPLES Plus
      • Social
      • Technical
      • Economic
      • Military
      • Political
      • Legal/Legislative
      • Educational
      • Security
      • PLUS
      • Religion
      • Demographics
      • Linguistics
      • Psychological
      • Other
    • Indicators of change
      • Motive thru Capabilities
        • Levels of Concern
        • Examples
    • Hofstede Principles
      • Power and Distance
      • Individualism and Collectivism
      • Masculinity and Femininity
      • Uncertainty Avoidance
      • Long Term and Short Term
      • Indulgence and Restraint
      • Hofstede Country Comparison Exercise
    • Strategic Analysis with STEMPLES
    • Indicators – Indicators of Change Matrices
    • STEMPLES Plus Template and Example
    • Definition
    • Requirements Management
    • Mission Management
      • Mission Analysis
      • Gaps
    • Collection Planning
      • Simplified Process
    • Collection Strategy
      • Intelligence Collection Synchronization
      • Red Team Support
      • Collection Tasking
    • Collection Operations
      • Principles
    • Collection Manager Tasks
      • Bringing in Intelligence Requirements
      • A Multidisciplinary Approach
      • Prioritization of Requirements
      • Available Assets
      • Iterative re-tasking Continuous monitoring of collection results
      • Anticipate collection requirements Meeting SIR requirements
    • Operational Security Rules (OPSEC)
      • Laptops and Access
      • Like a SCIF
      • Anonymity of your passive collection
      • List of items to consider
      • Standards and words to follow
      • Browser plug-ins / extensions
      • Recommended Software
      • Standard Desktop
    • Rules of Engagement (RoE)
      • Purpose
      • Pre-conditions required for RoE
      • Team Roles and Responsibilities
      • Use of Cyber Personas
      • Rules for the Rules
      • Internal and External Threats
      • Tools and Resources – High-Level
      • Escalation Cycle
    • Cyber Persona Methods and Techniques
      • Concepts – Logline
        • Establish the Logline – Create the Plot
      • Persona Archetypes
        • Archetype Review and Understanding
        • 16 Persona Motivations
        • Persona Perception
        • Persona Link Analysis
          • Types of Links to Consider
        • Persona Characterization
        • Persona Profile Sketch
        • Persona Tracking – Standard Fields
        • Persona First Steps
          • Memorable or not?
          • Dimensions
      • Twelve Essential Questions
      • Clandestine Cyber HUMINT - Screenplay
    • Request for Information
      • RFI Template
      • Request for Support
      • Data/Information dissemination
      • Coordinate with other internal and external sources
      • Validate preplanned collection tasks
      • Awareness of production and analysis status
      • Update adaptive collection plans
      • Redirects and information reporting to
      • Collection Planning Forms and Tracking Collection plan effectiveness
      • The Collection Manager’s Matrix Feedback loop
    • Complete a Plan
      • The Collection Plan Templates
      • Breakdown of the templates
        • PDF Form
        • Spreadsheet Collection Plan
        • Collection Tasking Worksheet
        • Intelligence Synchronization Matrix
      • Collection Manager Tasks Redux
      • Example completed plan
      • Iterative feedback – Constant communication
        • The Collection Manager’s Matrix Feedback loop
        • Converting intelligence-related information requirements into collection requirements Strategic, Tactical, Technical
    • Data Provenance - Dates/Times Collection Planning Process Flow and Metrics
    • Credibility / Validity / Relevance After-action reviews – at any time
      • Skimming / Speed Reading
      • Data Verification
      • Admiralty Scoring
        • Use and structure
      • Types of Evidence Collection Manager Oversight
      • Pitfalls in Evaluating Evidence
    • Intelligence Risk
    • Confidence Levels for your findings
    • Collection Plan Templates
    • Case Study Finals
    • Review
    • Q&A

Recorded Lectures, Hands-on execution, templates, forms, and artifacts to get you off the ground and running. Real-world case studies. Scheduled for 8 weeks but easily adjusted to fit your schedule. Lectures released weekly. 40 CPE

On-Demand Online

Read more: Collection Manager’s Course

Introduction to OSINT for Maximum Results

Introduction to Open Source Intelligence for Maximum Results

In-Person - 3 Days

When conducting open source intelligence targeting and collection, we must ensure our efforts support stakeholder’s intent, the impact the collection will have on the business, and any potential business and technology shifts the results may produce.

One of the main benefits of open source collection is the ability to share our findings with internal and external partners. We can benefit greatly from information exchanges that foster a common view of the operating environment while building trust through sharing.

This course takes you through standard definitions, why and how OSINT will benefit your organization, the framework for collecting information and the application of OSINT to live situations. This course gives you the skills necessary to orderly plan and collection open source data and information. We focus on:

  • Understanding search engine indexing and ranking protocols.
  • Surface and Deep Web advanced searching strategies and tools.
  • Hiding web documents from search engines and recovering pages that have been removed from Web servers.
  • Researching forums, discussion boards, newsgroups and mailing lists.
  • Introduction to multi-media search, weblogs, searching the blogsphere, social networks, wiki databases.
  • Online privacy and anonymity.
  • OSINT counterintelligence techniques used by the criminal element.
  • Web site mapping and archiving techniques and tools.
  • Introduction to Open Source Intelligence and the Intelligence Analysis process.
  • Effectively planning online OSINT projects.
  • How to search in foreign sites.
  • Where to find you threat actors.
  • Methods of forum enrolment.
  • Using the Threat Intelligence Platform to ‘jump-off’ from.
  • Collection planning overview and management.
  • Managing your collection for tracking and data provenance.
  • Tools for collating and organizing Internet

The course prepares the collection manager with the following non-inclusively:

Additional OSINT web resources Documentation application/Hunchly Metadata
Addresses, phone numbers, user names, emails Effective Research Habits Methods of collection – Tools
Advance search methods for blogs and social networks Email, Phone Address, People Methods of secure communication
Advanced Search Techniques Email, Phone, Address, People Methods of Social Media Research
Advanced search techniques Engaging your target Methods that may reveal what OSINT is doing to a target
Analyze the text Establish links to performance metrics Mobile OSINT
Analyzing data Evaluate OSINT for Collection platform Monitoring for change
Analyzing, organizing, and preparing of written reports Explain the SWOT of OSINT Networking and VPNs
Approaches to Searching Extensive OSINT lists News Media Content
Apps & Utilities Forums, discussion boards, newsgroups Note-taking applications
Archiving methodologies and extraction tools Fundamentals of OSINT On line database systems
Assess OSINT’s role Gathering data Online privacy / anonymity tools
Backlinks Gathering requirements Open Source Data
Basic Internet Geolocation methods Opinion Community
Basic Search Techniques Geolocation tools OPSEC
Benefits Geospatial Analysis Optimizing transfer of large files
Best ways to use screen shot capabilities Glossary and Taxonomy Organize, Analyze, Summarize & Report – Report Your Results Easily in a Formal Report
Blogs and wikis Goals of OSINT Collection OSINT Collection and Production.
Business Sites Google Custom Search Engine, Alerts, Scholar, News OSINT Collection Planning – Cyber Operations Order
Buzz campaign Google dorks and Google Hacking database OSINT Communities
Cast a wide net Google Guide OSINT Methodology
Chat Windows Google Hangouts OSINT Subtypes
Cloud server Government – Media Other Open Sources
Collection, Process, Exploitation, Production Gray Literature Password management
Content Analysis How to document Pay Databases – Best systems to utilize, Cost Efficient Approaches, Pros and Cons
Counterintelligence techniques used by the criminal elements Identifying fraudulent opinions People search
Creating an inviting environment Image recognition technology Planning and direction
Creating and manipulating the buzz Instant Messaging Planning for OSINT Collection & Analysis
Creating output for customer Intelligence integration Privacy and Proxies – Protect Yourself First
Cyber Criminals International Search Engines and Tools Privacy and Security Settings
Cyber HUMINT – Social Media Lecture on Intelligence and Cyber Intelligence Publication Access
Data Provenance - Hunch.ly Link Analysis Query Input
Deep Web Part 1 – People Searches Maltego, Spiderfoot, Paliscope, Shodan, ORYON, OSINT Browser, Buscador Quick Reference
Deep Web Part 2 – Public Records Managing social media communities Real Time News
Deep Web Part 3 – Social Networks, Blogs, Forums and Social Media Search Tips Measure what matters Review and use of open source tools
Determining Your Threat Profile Media – Image, Video, & Documents Sanitizing your platform
Discussion Forums Media Image, Video & Document Screenshots

Lecture, Hands-on, Apprenticeship, in class exercises, student presentations, templates, course material—24 CPEs 3-days

In-Person - 3 days

Read more: Introduction to OSINT for Maximum Results

Cyber CounterIntelligence Tradecraft Certification - Certified Threat CounterIntelligence Analyst

Certified Threat CounterIntelligence Analyst
Cyber CounterIntelligence Tradecraft

In-Person - 5 days

This course presents the student with foundational concepts and processes in the discipline of cyber counterintelligence with a focus on cyber counterintelligence missions, defensive counterintelligence, offensive counterintelligence, and counterespionage as these realms apply to traditional tradecraft, and how they are or will evolve into the cyber domain. The course includes a very different approach to counterintelligence using models exhibited online over the past few years to steer the conversation to the desired outcome.

Cyber Infiltration
Information Operations
Standard Glossary and Taxonomy
Mission-Based Counterintelligence
Counter Collection and Anticipation
Denial and Deception
Counter-Denial and Deception
Open Source Intelligence in Deception Operations
VPNs and Burn Phones (US Only)
Methods of Social Media Research
Social media demographics
Cyber Target Acquisition and Exploitation
Identify Active Adversary Campaigns
Intent, Motivation, Goals, & Requirements
Passive data collection
Campaign development
Vectors of approach
Courses of action
Elicitation and exfiltration
Memetic Engineering
Content Creation
Propaganda and Fallacies
Media Manipulation
Charts, Graphs, Generators
Deception Planning
Deception Chain
Types of Denial and Deception
D&D Usage
Perception as Deception
Avoid and Deny
Shifting the Conversation
Forum Manipulation - COINTELPRO
Social Psychology
Differences in Culture/Diversity
Hofstede Dimensions
Reciprocity and Consistency
Social validation
Liking, Authority, and Scarcity
Rules of Disinformation
Information Warfare
Operational Security
Cyber Psychological Operations
Target analysis and manipulation
Authoring of blogs and articles for influencing
Placement of specific concepts and phrases
Cyber Persona Layer
Cyber Persona Development and Maintenance
Character archetypes
Establish the storyline
Establish the plot synopsis
Story weaving and management
Target profiles – dossiers
Target gap analysis
Clandestine Collection Operation
Surveillance and Counter Surveillance
CI Insider Threat, Investigations
Guide to Underhanded Tactics
Rules for Radicals
Case Studies
Team Presentations

Lecture, Hands-on, Apprenticeship, in class exercises, student presentations, templates, course material—32 CPEs 4.5-days

In-Person - 5 days

Read more: Cyber CounterIntelligence Tradecraft Certification - Certified Threat CounterIntelligence Analyst

Contact Treadstone 71 Today for all your Cyber Intelligence needs.