Analysis as a Service from Treadstone 71

Analysis as a Service from Treadstone 71
Retainer Targeted Research and Analysis Service

Many in the marketplace today serve up data and information as intelligence. They focus almost exclusively on collection and collection feeds to some sort of visual tool that presents pictures of links, some with trends and a few with patterns and tendencies. They call this analyzed intelligence. However, we know that intelligence analysis requires significant skill. These are skills that almost all do not have since they do not recognize what intelligence analysis really is. Treadstone 71 is experienced and skilled at intelligence analysis. Our methods followed traditional structured analytic techniques that require patience, perseverance, aptitude, and skills. Attributes highly sought after in the industry but seldom found. Treadstone 71 drives research and extracts data from both the surface internet and the darknet.

  • Treadstone 71 uses analytic tradecraft and standards, including alternative analysis, new analytic tools, and techniques, driving collaboration amongst collectors/researchers, analysts and stakeholders.
  • Provide stakeholders with collaborative and transparent views of our analysis.
  • Prepare stakeholders, principals, and clients with the intelligence needed to make decisions.
  • Use subject matter experts to fill collection and analysis gaps.
  • Treadstone 71 helps you determine the state of the collection, analysis, or intelligence operations resource gaps.
  • We develop and publish intelligence that identifies and formulates strategies to mitigate gaps; advise stakeholders of gaps, mitigation strategies, progress against the strategies, and assessment of the effectiveness of both the strategies and the closing of the intelligence gaps.
  • Treadstone 71 helps your intelligence team Influence organizational policy development and strategy implementation for information security, risk, and governance.
  • We develop analytic production strategies in concert with your cyber threat intelligence team ensuring the examination of major shortfalls on your target areas of responsibility within a collaborative community of interest.
  • We assess, evaluate, and determine the state of analysis by assessment of the quality of analysis and ensure you conduct competitive and alternative analysis on high-priority topics.
  • Identify research and developmental opportunities to defend, advocate for, and institute justifications for continued, additional or dedicated funding.
  • We help you liaise with internal intelligence communities to drive greater intelligence integration, perform outreach, and give resources and priority attention to targets.
  • We direct and oversee advocacy initiatives to integrate and optimize contributions from current and planned technical, analytic, and openly available sources.
  • We enable you to manage a professional staff in successfully defining and managing complex programs and projects that may include ill-defined requirements, ambiguity, parallel tasks, multiple dependencies, high risks, and multiple interfaces; ensure timelines, costs, deliverables, and the achievement of defined outcomes according to approved plans.
  • Treadstone 71 teaches and trains you to strive for superior analytical and critical thinking skills, including the ability to think strategically and identify needs, requirements, and develop innovative recommendations and solutions for improvement.

Treadstone 71 Collection and Analysis is not compartmentalized but directly engaged as a single unit. Continuous feedback loops and constant communication ensure rapid changes to collection plans and advanced adversary targeting.

Contact us now to learn more about our annual retainer services tiered for the level of support you need. Treadstone 71 Research, Analysis, and Reporting retainer services provide contextually detailed reports and assessments based on your intelligence requirements and stakeholder needs. We shift quickly. We do not change order you to financial ruin. We deliver intelligence and not daily news.

  • We research sets of standardized queries related to cyber threats for clients on a regular basis (daily, weekly, monthly, quarterly) while producing (peer-reviewed) finished intelligence reports addressing priority intelligence requirements.
  • We provide full cyber intelligence lifecycle support from stakeholder interfaces and management, intelligence requirements definition, collection and research management, planning and execution, data and information production, structured analysis, analysis, and analytic writing and delivery.
  • Track intelligence trends across industries and technologies and generating effective and efficient ways to collect and analyze.
  • Proactively monitor and analyze the cyber battlefield and the assessment of intelligence risk and applicability to the client.
  • We model and analyze the likelihood of emerging threats defining their motivation, impact, and capabilities relative to the organization.
  • We author intelligence advisories, estimates, warnings, executive and strategic reports, and briefs with recommendations to risk and technology team.
  • We enable intelligence sharing and engage with other functions providing input and requirements to influence threat mitigation strategies.
  • Collect and analyze information from various sources, including open-source reports, information sharing partners, and intelligence vendors.
    • We synthesize findings to assess adversary threats to the organization.
  • We develop global technical expertise on threat actors, attack trends, and attack tactics, techniques, and procedures (TTPs) while leveraging 30 years of expertise to identify novel techniques and their ability to bypass common security controls.
  • Provide situational awareness on the current threat landscape and the TTPs associated with specific threats to your business.
  • Conduct trending and correlation of cyber intelligence for the purposes of attribution and set up strategic countermeasures.
  • We create procedural, intelligence-driven internal, and external interfaces with stakeholders and teams building RACI models and clear methods of communication.

We collect - We organize - We decompose - We prioritize - We analyze - We think - We report - We deliver - Iterative lifecycle methods incorporating objective analysis with intuition and structured methods of analysis - Since 2002

Contact Treadstone 71 for Cyber Intelligence, Cyber Threat Intelligence, and CounterIntelligence Analysis Services

  • High Wealth Intelligence Assessments, Monitoring, and Remediation
  • Cyber Intelligence Attack Surface Assessment
  • Targeted Adversary Research - Research, Warning, Estimative Reporting
  • Targeted Adversary Mitigative and Retributive Operations
  • Information Operations
  • Anonymity and Persona Development
  • Corporate Leadership Attack Surface Assessments
  • Corporate Attack Surface Assessments
  • Customized Targeting and Reporting / Monitoring
  • Culturalnomics - Social-Linguistic-Political-Religious Subject Matter Expertise
  • Deception Planning and Management

Liability Free, Cyber Intelligence Services

Treadstone 71 is your source for Analysis as a Service. We do collect. We do organize and produce but our specialty and focus is on intelligence analysis. Many indicated that they analyze intelligence. Treadstone 71 produces intelligence after analyzing data and information. We create bottom-line-up-front recommendations and opportunities – actionable intelligence. Our process is rigorous yet flexible. Our objectivity upheld as a baseline ethos of the methodology.

Treadstone 71 provides liability free, cyber intelligence services to select clients. We will help you improve your security posture, enhance business acumen, investigate adversaries, verify and validate sources, assess the high value and high-income targets, or examine areas of compromise and exploitation. We use honed cyber intelligence and analysis tradecraft to define and execute priority intelligence requirements from operational planning through campaign execution.

The Treadstone 71 Analysis as a Service you will not find elsewhere. If you are searching for intelligence analysts, come to the shop that focuses on analysis. Uncluttered, focused, skilled – Treadstone 71 Analysis as a Service.

Below is a short listing of our Targeted Research Services:

  • Baseline and foundational research customized to client requirements.
  • Deep-dive intelligence reporting covering cyber threats that are target centric.
  • Adversary reports covering detailed assessments of threat actors, TTPs, patterns, timelines/chronologies
  • Strategic Intelligence Assessments covering business risk issues targeting senior level stakeholders assisting in their decision-making process.
  • Onsite General Intelligence Briefings on current events, actors/adversaries
  • Onsite Customer Intelligence Briefings on targeted topics which may include STEMPLES Plus and Indicators of Change
  • Onsite Report Clarification Briefings - General and Customized by Bronze/Silver/Gold
  • Sensitive Intelligence Briefs (TLP Orange and Red)

Please complete the Contact form to receive the Data Sheet

Contact Treadstone 71

Please note that only corporate email domains are allowed. Gmail, Hotmail, Yahoo, etc will be rejected.

Please type your full name.

Invalid Input

Invalid Input

Invalid email address.

Please tell us your area of interest.

Invalid Input

Cyber Intelligence Lifecycle Management


The module drives continuous feedback loops throughout the lifecycle engaging users to follow structured methods of collection, data organization, production, analysis, and management. The Cyber Intelligence Lifecycle solution:

  1. Captures stakeholder needs including intelligence requirements
  2. Enables prioritization of those requirements
  3. Build manage and track collection plans
  4. Focuses on evidence-based intelligence analysis
  5. Drives structured analytic techniques such as:
    1. Key Assumptions
    2. Hypotheses Generation
    3. Analysis of Competing Hypotheses
    4. Scenario Analysis
    5. STEMPLES Plus with Indicators of Change and Hofstede Principles
      1. Social, Technical, Economic, Military, Political, Legal, Educational, Security (internal) with a catch-all Plus for Religion, Demographics, Psychological 
      2. Indicators of Change providing an objective baseline for tracking events
    6. Indicators and Indicators Validation non-inclusively.

The module integrates and manages the cyber threat intelligence lifecycle functions in a contextually focused environment that helps author intelligence advisories, situation reports, and forecasts. The Cyber Intelligence Lifecycle solution enables teams:

  • The ability to manage and track historical trends of adversaries and their campaigns with full data transparency
  • Contextually align your cyber threat intelligence to your organizations as opposed to generic data feeds
  • Minimize cycle time while reducing overhead and operational risk
  • Enforce an iterative feedback loop enable continuous touchpoints between stakeholders and the cyber threat intelligence team.

The cyber intelligence lifecycle module enables collectors and analysts to work together on company-specific intelligence requirements, giving collection management the ability for continuous oversight supporting relevancy and rapidly redirect collection targets as needed. This will speed the decision making on threats helping to estimate possible next steps. Teams will be able to provide their own credibility, validity, and relevancy ratings to the data collected.


  • The combination of Treadstone 71 training and education with the cyber intelligence lifecycle solution enables historical pattern and trend analysis while creating clear pictures of adversary tendencies. Treadstone 71 will provide discounted training rates to teams using the solution.

The solution is not meant to replace threat intelligence platforms but to provide an integrated series of modules that manages your intelligence program. We intend to enable the integration of strategic intelligence plans, policies, procedures, process flows, questionnaires, diagrams, presentations, reports, and briefs to managing the cyber threat intelligence lifecycle.

Contact Treadstone 71 at info @ treadstone71 dot com for more information or call 888.714.0071

Cyber Intelligence Request for Information (RFI)

Request for Information (RFI) – Cyber Threat Intelligence

The RFI process includes any specific time-sensitive ad hoc requirement for intelligence information or products to support an ongoing event or incident not necessarily related to standing requirements or scheduled intelligence production. When the Cyber Threat Intelligence Center (CTIC) submits an RFI to internal groups, there is a series of standard requirements for the context and quality of the data requested.

Download Brief

Please provide a valid email address to access your download.

Continue... ×

Cyber Intelligence Wiki - CyberIntellipedia


This wiki is an online system for collaborative data sharing built and used by Treadstone 71 to aid in building Cyber Threat Intelligence programs while establishing intelligence sharing and communities of interest. The Treadstone 71 Cyber Intelligence Training Courses led to the establishment of CyberIntellipedia, a wiki consisting of multiple sections covering strategic planning, policies, procedures, templates, taxonomy, examples, dossiers, finished intelligence, estimative intelligence, open-source tools, adversary research, process flow diagrams, reporting, analytic tools and methods, threat intelligence TTPs, and more. From job descriptions and C-Suite presentations to cyber intelligence maturity models and threat matrices, Treadstone 71 is now selling the CyberIntellipedia to the public beginning December 20, 2019. Initial access is screened with tiered pricing. Tiered pricing includes full access to access to the forum area. We are seeking beta testers to participate in the review at discounted pricing.

CyberIntellipedia aligns with the Treadstone 71 Cyber Intelligence Training Courses including aspects of cyber intelligence tradecraft and cyber counterintelligence tradecraft. The wiki follows the intelligence lifecycle providing in-depth documentation for each aspect of the iterative process. We continue to enhance and build CyberIntellipedia including adding a historical cyber adversary component covering attacks, adversaries, their methods, tactics, techniques, and procedures indexed for rapid search.

CyberIntellipedia delivers the tools necessary to build a sustainable program. The wiki gives users access to twelve years of effort demonstrating proven success for cyber threat intelligence strategies, operational efficiencies, tactical methods, and technical alignment. Organizations pay hundreds of thousands of dollars over years of labor to establish what is in the Cyber & Threat Intelligence Wiki - CyberIntellipedia. With guidance and time-based direction, clients can build a complete intelligence program, educate stakeholders, staff, and leadership, without the usual massive outlay for time and materials, and commitment to constant consultant change orders.

The core functions of the CyberIntellipedia are:

2019 12 31 7 49 27

  • Enable organizations to quickly understand, adapt and adopt standard cyber intelligence community concepts while pragmatically incorporating cyber intelligence program build solutions incorporated in the wiki.
  • Information Sharing and Safeguarding— improve collaboration while protecting information.
  • Leverage Cyber Intelligence Training from Treadstone 71
  • Consolidate existing and future intelligence requirements into an effective and efficient cyber and threat intelligence ecosystem to enable greater intelligence integration, information sharing, and safeguarding.
  • Provide the intelligence workforce with discovery and access to information based on mission need to deliver timely, tailored, and actionable information.
  • Nurture a culture of innovation and agility that advocates the sharing of ideas and resources adaptable to the changing environment and promotes best practices across the intelligence groups.
  • Prioritization of threats that influence which potential threats get addressed by security organizations and how network security resources are allocated.
  • Collection management is streamlined, and organizations can better communicate their requirements to partners and stakeholders.
  • Cyber threats are widely communicated to the organization, integrated with other intelligence functions, and stakeholders are aware of the most relevant threats.
  • Cyber threats are proactively monitored and prioritized, with updates available to inform stakeholders and leadership.
  • Analytical production aligns with organizational goals, priority intelligence requirements, emerging threats while maintaining awareness of geopolitical and socio-cultural events that impact the cyber environment.



Why the CyberIntellipedia Wiki?

Wikis are about as simple as can be. That simply means that people find them easy to use, just like e-mail and blogs. Like e-mail and blogs, wikis also perform a very useful service in a simple way. A wiki allows a community of interested people to enter and communally edit shared data. Although the documentation included in the full package is open for peer review and suggested changes, that documentation is under the auspices of Treadstone 71. Customers may wish to license the complete CyberIntellipedia library for their own use. Treadstone 71 has a model in process for such a need. Our hope is for the cyber intelligence community of interest represented in CyberIntellipedia to present fundamental principles that guide the understanding of cyber & threat intelligence. Through open intelligence sharing, trusted users may wish to assist in coordinating proactive action towards common community objectives. The market is full of technologies driving technical solutions. CyberIntellipedia is a labor of love that is a full-spectrum, cyber & threat intelligence product designed as an in-depth knowledge-base gleaned from years of hands-on experience.

2019 12 31 7 50 14

  • CyberIntellipedia an overview of cyber and threat operations, operational design methodology, and planning, and execution.
  • CyberIntellipedia includes a review of operational design doctrine and applies these principles to the cyber domain.
  • CyberIntellipedia descriptively and prescriptively defines the cyber intelligence planning process and identifies intelligence lifecycle operations planning concerns.
  • CyberIntellipedia provides an overview of cyber and threat intelligence programs, plans, operations, adversaries, and more taken from ten years of direct support to global clients.
  • CyberIntellipedia includes case studies directly focused on cyber and threat intelligence operations.

Treadstone 71 is making the CyberIntellipedia available for public purchase beginning as a trial (December 2019) to iron out the kinks. Stay tuned for more information or contact us expressing your potential level of interest. For a complete, full-scope solution, see the Treadstone 71 Lifecycle product Conscientia.

Treadstone 71 - Serving you since 2002.

We See What Others Cannot

Details of the RFI Form

Request for Information (RFI) – Cyber Threat Intelligence

The RFI process includes any specific time-sensitive ad hoc requirement for intelligence information or products to support an ongoing event or incident not necessarily related to standing requirements or scheduled intelligence production.

When the Cyber Threat Intelligence Center (CTIC) submits an RFI to internal groups, there is a series of standard requirements for the context and quality of the data requested.

RFI Form

Learn more about the complete Cyber Threat Intelligence online knowledgebase - CyberIntellipedia

  • The data is expected to be curated.
    • Data curation is the organization and integration of data collected from various sources. It involves annotation, publication, and presentation of the data such that the value of the data is maintained over time, and the data remains available for reuse and preservation
  • The data is expected to have been reviewed and validated.
    • Data needs to be cited providing sources to the data (APA format per Microsoft Word).
    • Data should be evaluated for the credibility of the sources and validation of the data (see Appendix A)
  • The data follows the below format each time to speed cycle time. This format should be congruent with the incident response platform in use.
  • Standards must be used such as those associated with NIST or other accepted standards as agreed upon for use within your organization.
  • The data should be formatted to fit your internal processes and procedures. You may wish to consider how you apply the Diamond, Kill chain, and ATT&CK models using standard data fields.
  • The data should be easy to extract, repeatable, and when applicable, quantifiable (cardinal number).
  • The data should have a historical record so we can analyze month-to-month patterns, trends, and tendencies.
  • The dates and times of when the data was created (not created by your organization with respect to the event or incident ingestion but action dates and times of event or incident activities.
  • The data should be classified with standard internal classification levels and TLP designators.

Source Credibility Admiralty Scoring

When and where applicable, the data needs to answer the following questions:

  • What exactly is or was the problem or issue?
  • Why is this happening now, who is doing this, what is their intent/motivation?
    • So what - why do we care and what does it mean to us and our clients?
  • Impact so far if any to our data and systems or the data and systems of our clients?
  • What do we expect to happen next? What is the expected outlook for continued actions if any?
  • Supervisory Action (actions to be or that have been taken based upon data/information/analysis)
  • What recommendations were made and what recommendations were executed?
    • What was/were the course(s) of action?
    • What was the result of the implemented recommendations?
  • Were there any unanticipated implications to the recommendations?
  • What opportunities are there for your organization going forward?
    • Did we find any weaknesses?
    • Did we identify any strengths?
  • What gaps were found in our environment (people, process, technology)?

If the data you send does not come curated, reviewed, and validated with proper citations in the requested format, it may not make it to the report.

Source Credibility

We must treat each vendor report and data feed as nothing more than another source of data. Data that must be evaluated for credibility, reliability, and relevance. To do so, we can use the NATO Admiralty Code to help organizations evaluate sources of data and the credibility of the information provided by that source. Evaluate each vendor report using this coding method while documenting ease of data extraction, relevance to your organizational issues, type of intelligence (strategic, operational, tactical, and technical), and value in solving your security problems. Most publications provide the top-level scoring model. We provide the full model for auto-calculation built into the PDF. 

Find the form here

Intelligence Games in the Power Grid

Intelligence Games in the Power Grid – Russian Cyber and Kinetic Actions Causing Risk

Unusual purchasing patterns from a Russian firm selling PLCs from a Taiwanese company with massive holes in its product software download site. What could go wrong?

Download Brief

Please provide a valid email address to access your download.

Continue... ×

Strategic Intelligence Analysis, Forecasting, Estimative and Warning Intelligence

Strategic Intelligence Analysis
Forecasting, Estimative and Warning Intelligence

In-Person - 5 days

The Strategic Intelligence Analysis, Forecasting, Estimative, and Warning Intelligence (online and in-person) course follows the iterative processes of the intelligence lifecycle. Strategic analysis requires a breakdown of the complexity’s analysts face during data examination. Keeping the analysis and results relevant is difficult. Analysts need to find ways to organize, rank, and present their findings. Analyst’s always keeping a close eye on what the findings will mean to the stakeholders.

Stakeholders need to understand that analysts always work with incomplete and fragmented data. Adversaries work hard to deny analysts the data. Their methods include various types of deception.

This course provides analysts with a framework reducing many of the problems faced with fragmented data.

This course covers the following non-inclusively:

Strategic Intelligence Analysis, Forecasting, Estimative and Warning Intelligence  Relevant actors and their capabilities
Data, Information, Knowledge, and Intelligence Inference
Knowledge Generation Adversary Courses of Action (CoA)
Explicitly versus Tacit Knowledge CoA advantages and disadvantages
Principles of Knowledge Management Likelihood and probability in Adversary CoA
Monitoring your Business Environment Patterns, Trends, Tendencies
Analysis Projects Estimative Intelligence 
Analysis Cycle The Role of Warning Intelligence
Briefing Key Warning Factors in Preparations
Collection Planning What Is Warning?
Collecting from Unsuspecting Sources Indicator Lists: Compiling Indications
Collection from Public Domain  Fundamentals of Indications Analysis
Collection from Images Use of Indicator Lists
Collection from Things Extracting Indications Data
Collection Outsourcing Indications Chronology
Analysis Specifics of the Analytical Method
Introduction How Might they Go to Cyber War?
Attributes of strategic analysis Cyber Order of Battle Methods
Collector - Analyst Relationship Analysis of Cyber Mobilization
Collector-Analyst Differences Recognition of Cyber Buildup
Corporate Alignment Preparation for Cyber Warfare
Organizing a Strategic Analysis Function The preoccupation of Leadership / Stakeholders
Organizing a solid team Cyber Readiness
Towards a world-class strategic analysis org Magnitude and Redundancy of Preparations
Profile of an analyst Cyber Wargaming
Forecasting What is a Cyber Wargame
Multiple Scenarios Generation Why run a Cyber Wargame
Scenario analysis Principal Factors in Timing and Surprise
Influencers Examples of Assessing Timing
Link Analysis and Centrality Warning is Not a Forecast of Imminence
Estimates for future planning The Problem of Deception                                 
  Case Studies and Hands-on


This course teaches students how to think independently and stay away from the low level tactical approaches we see in daily reports. Strategic, big-picture reviews and assessments that incorporate the social, technical, economic, military, political, legislative, educational, and security, plus demographics, religion and the psychometric (STEMPLES Plus) aspects of an adversary are lost in today's world of current news posing as intelligence.  Lecture, Hands-on, Apprenticeship, in-class exercises, student presentations, analytic products, templates, course material—40 CPEs. Books provided by Treadstone 71 with some required read-ahead activities.

In-Person - 5 days

The Treadstone 71 Difference

The Treadstone 71 Difference

Download the Treadstone 71 Difference Data Sheet

We are nothing like competitors who are rooted in defensive posture actions with a pedigree in reverse engineering malware and providing defensive solutions for that malware, and just plain do not understand what intelligence is and is not. Most come from anti-virus firms, information security companies, law enforcement, and many with backgrounds in incident response and security operations. What we provide is a complete focus on intelligence rooted in traditional tradecraft and fully integrated and adapted for the cyber environment.

We build cyber and threat intelligence programs rooted in the intent and capabilities of delivering data, information, and intelligence that forecasts and estimates adversary actions. Intelligence, that enables leadership, business units, and security functions to prepare and prevent malicious activity against your most important systems and information.

Established in 2002, Treadstone 71 is a pure-play cyber intelligence company. The programs we build span technical and tactical intelligence through operational and strategic intelligence facilitating internal and external communities of interest.

Download Data Sheet

Download Data Sheet

Please provide a valid email address to access your download.

Continue... ×

  • we help you improve your incident detection, prevention, and response developing feedback to improve your cyber defenses
  • we assist you in using you threat intelligence to help automate security operations and remediation actions enhancing your operational tradecraft<
  • we guide you in the building of a centralized threat intelligence service that guides cybersecurity activities of other organizational units
  • we drive efficiencies and effectiveness in risk management<
  • we operationalize your threat intelligence from little to no processes to mature procedures, standard operating procedures, and workflows
  • we ensure integration between all things PESTELI +R+E+ and existing technologies in your SOC
  • we ensure you understand how to define credibility and relevance of your threat intelligence feeds that leads to truly actionable intelligence
  • we assist you in understanding your attack surface and online footprint from websites to social media to the darknet creating new opportunities for targeted intelligence collection
  • we help identify, infiltrate, and track adversaries providing information where and when possible to prevent attacks
  • we understand geopolitical factors that helps prepare your cyber environment for current and future contingencies
  • we learn the priorities of your adversaries and help you define a more assertive cyber posture for your organization
  • we tailor strategies and programs based upon your organizational needs and the needs of leadership
  • we teach and embed cyber intelligence tradecraft in your organization that is lasting following structured techniques proven in the intelligence community
  • we educate and drive situational awareness through table top exercises based upon proven military methods adopted for commercial organizations
  • we identify adversary front companies, their means, motives, and targets
  • we look at adversary’s skills, motivation, maliciousness, types of adversaries, level of automation and rate, informational impacts, targets, defensive measures, adversary course(s) of action, operational impact, line of business impact, and attack vectors
  • we create and maintain a presence on their virtual soil using virtual HUMINT methods to help identify your attack surface, your digital footprint
  • we know methods of collection, organization/production, structured analytic techniques, how to determine source credibility, communicate gaps and confidence levels, analyze using standard methods of inference, deductive and inductive reasoning, apply clear process for critical thinking, and deliver product in standard analytic writing methods that is clear and concise
  • we have been penetrating adversary sites, forums and social media since 2004 using both active and passive methods of cyber engagement – we have been in business since 2002
  • we listen

Treadstone 71 Training Justification

Subject: Request to Attend the Treadstone 71 NAME OF COURSE training

Dear [Decision Maker Name],

The Treadstone 71 Certified Threat Intelligence Analyst training takes place INSERT START DATE through INSERT END DATE at the LOCATION NAME in CITY, STATE, or COUNTRY. The training offers INSERT NUMBER OF DAYS of educational training from a former intelligence community professional. Intelligence professionals regard this class as the world’s leading training program for cyber and threat intelligence professionals. Therefore, I would like to request approval to attend, as I believe it will further develop my threat intelligence skills and build knowledge around greatly improving our cyber threat intelligence program.

The training offers comprehensive, innovative educational sessions following Intelligence Community standards from the International Association for Intelligence Education Standards for Intelligence Analyst Initial Training:

  1. Introduction to Intelligence
  2. Critical Thinking
  3. Analytic Writing
  4. Creative Thinking
  5. Analytic Briefing
  6. Structured Analytic Techniques.
  7. Analytic Issues
  8. Argument Mapping
  9. Case Studies

The course covers critical intelligence skill areas and emerging threat intelligence concepts facing our organization.

If I attend, I’ll receive:

  • Over INSERT NUMBER OF HOURS of educational training and INSERT NUMBER OF CPEs.
  • Hands-on with the latest open-source intelligence tools.
  • Review of normally paid threat intelligence feed solutions (Intel471 and Recorded Future) while in the class.
  • Operational security concepts, including a 30-day VPN license.
  • Intensive training on:
    • Stakeholder Analysis
    • Collection Planning
    • Collection Activities and Targeted Collection
    • Intelligence Requirements Development
    • Open Source Intelligence Methods
    • Adversaries and Campaign Analysis
    • Structured Analytic Techniques for Intelligence
    • Methods and Types of Analysis
    • Analytic Writing and Peer Review
    • Analysis, Reporting, and Dissemination
    • Mitre ATT&CK Analysis and Comparisons
    • Forecasting and Estimative Reporting
    • STEMPLES Plus Strategic Intelligence
    • Synthesis and Fusion Methods.
    • Advanced Adversary Targeting and Campaign Analysis
    • Strategic Intelligence Analysis
  • I’ll also have the chance to understand the methods used in intelligence agencies from an intelligence professional who has been teaching this course for 11 years.
  • I’ll benefit from the instructor’s years of passive data collection on adversaries while maintaining operational security while networking with other students on their experiences in intelligence.


The approximate investment for my attendance is as follows (complete the information as appropriate):

Travel costs


Accommodation (### nights at (DOLLARS xxx/night*)


Full Training Pass (for ### days)


Payback: Our ROI

I believe the insights learned by Treadstone 71 Training will help speed incident response resolution, assist security operations in gaining insights into our cyber adversaries, and enhance our cyber threat intelligence program with intelligence community skills and knowledge. The cost of the course seems a small price to pay for actionable intelligence to help our business combat cyber threats and the reputational damage that results from even a minor compromise. Other courses from other companies in this field charge at least 25% more and usually 30-35% more and you get less from those courses.

When I return from the Treadstone 71 training, I will compile a short presentation covering what we covered in the class, applicable functions to consider for immediate use, methods of collection, how best to use analytic methods, and ways to quickly improve our written products.

[Add standard sign off]

Treadstone 71 Unveils Cyber Intelligence Lifecycle Solution

HALF MOON BAY, Calif., June 10, 2019 (SEND2PRESS NEWSWIRE) -- Treadstone 71, the leading cyber and threat intelligence tradecraft company, today announced the availability of a new offering: Cyber Intelligence Lifecycle. The new module will enable teams to organize their cyber threat intelligence program, publish their strategic plans, build stakeholder models, establish collection plans, rate and verify data and sources, use structured techniques, and prepare for analytic writing peer reviews.

The module drives continuous feedback loops throughout the lifecycle engaging users to follow structured methods of collection, data organization, production, analysis, and management. The Cyber Intelligence Lifecycle solution captures stakeholder needs including intelligence requirements, their prioritization, collection planning and tracking while focusing on evidence-based intelligence analysis. The solution enables organizations to track how they got from A to B in the lifecycle, what worked and what did not while incorporating iterative methods of analysis.CyberIntelLifecycleExample1

“No longer will cyber threat intelligence teams have to kludge together methods of managing the cyber threat intelligence lifecycle,” said Jeff Bardin, Chief Intelligence Officer for Treadstone 71. “The ability to have continuous access to priority intelligence requirements, open source intelligence actions in various stages of collection, the development of new hypotheses based on usable data, directly input to structured analytic techniques as some of the final steps before analytic writing and review are huge.”

  • The module integrates and manages cyber threat intelligence lifecycle functions in a contextually focused environment that helps author intelligence advisors, situation reports, and forecasts.
  • The ability to manage and track historical trends of adversaries and their campaigns with full data transparency, from your own perspective and not that of generic data feeds, minimizes cycle time while reducing overhead and operational risk.
  • The cyber intelligence lifecycle module enables collectors and analysts to work together on company-specific intelligence requirements, giving collection management the ability for continuous oversight supporting relevancy and rapidly redirect collection targets as needed.
  • We see this as speeding the decision making on threats helping to estimate possible next steps.

“We plan to start offering the solution in August with a full rollout by mid-October,” continued Bardin. “Our training solutions enable this module providing organizations with the intelligence community skills necessary to more than adequately manage collection operations, analysis, and analytic writing. The need for this in the market is great.”

  • Data verification is a hidden calculation in data and threat intelligence feeds. Bayesian algorithms aid in the process, but human interaction is still a core capability that most organizations do not have.
  • Skills in this area are lacking.
  • The combination of Treadstone 71 training and education with the cyber intelligence lifecycle solution enables historical pattern and trend analysis while creating clear pictures of adversary tendencies.

"For a long time, CyberIntelLifecycleExample2we described threat intelligence as the core solution for cyber threat intelligence teams. What is missing are the core functions of intelligence that goes well beyond indicators of compromise and technical details, collected after a breach occurs,” added Bardin. “We know that intelligence is for warning and prevention. We know that intelligence forecasting and estimates are the keys to prevention. Something that is missing in organizations today. We are shifting the paradigm to mature intelligence programs assisting in your digital transformation the reduces risk.”

The solution is not meant to replace threat intelligence platforms but to provide an integrated series of modules that manages your intelligence program. We intend to enable the integration of strategic intelligence plans, policies, procedures, process flows, questionnaires, diagrams, presentations, reports, and briefs to managing the cyber threat intelligence lifecycle.


About Treadstone 71

Treadstone 71's Certified Threat Intelligence and CounterIntelligence Analyst training are the gold standard in the industry today derived from both academia, the intelligence community, and from Treadstone 71’s experience in building cyber and threat intelligence programs at Fortune 500 organizations worldwide. Treadstone 71 is delivering the only complete cyber threat intelligence lifecycle management solution enabling information sharing, internal intelligence communities of interest while empowering lifecycle management with an iterative feedback loop.

More information: https://www.treadstone71.com/

Contact Treadstone 71 Today for all your Cyber Intelligence needs.