Analysis as a Service from Treadstone 71

Analysis as a Service from Treadstone 71
Retainer Targeted Research and Analysis Service

Many in the marketplace today serve up data and information as intelligence. They focus almost exclusively on collection and collection feeds to some sort of visual tool that presents pictures of links, some with trends and a few with patterns and tendencies. They call this analyzed intelligence. However, we know that intelligence analysis requires significant skill. These are skills that almost all do not have since they do not recognize what intelligence analysis really is. Treadstone 71 is experienced and skilled at intelligence analysis. Our methods followed traditional structured analytic techniques that require patience, perseverance, aptitude, and skills. Attributes highly sought after in the industry but seldom found. Treadstone 71 drives research and extracts data from both the surface internet and the darknet.

  • Treadstone 71 uses analytic tradecraft and standards, including alternative analysis, new analytic tools, and techniques, driving collaboration amongst collectors/researchers, analysts and stakeholders.
  • Provide stakeholders with collaborative and transparent views of our analysis.
  • Prepare stakeholders, principals, and clients with the intelligence needed to make decisions.
  • Use subject matter experts to fill collection and analysis gaps.
  • Treadstone 71 helps you determine the state of the collection, analysis, or intelligence operations resource gaps.
  • We develop and publish intelligence that identifies and formulates strategies to mitigate gaps; advise stakeholders of gaps, mitigation strategies, progress against the strategies, and assessment of the effectiveness of both the strategies and the closing of the intelligence gaps.
  • Treadstone 71 helps your intelligence team Influence organizational policy development and strategy implementation for information security, risk, and governance.
  • We develop analytic production strategies in concert with your cyber threat intelligence team ensuring the examination of major shortfalls on your target areas of responsibility within a collaborative community of interest.
  • We assess, evaluate, and determine the state of analysis by assessment of the quality of analysis and ensure you conduct competitive and alternative analysis on high-priority topics.
  • Identify research and developmental opportunities to defend, advocate for, and institute justifications for continued, additional or dedicated funding.
  • We help you liaise with internal intelligence communities to drive greater intelligence integration, perform outreach, and give resources and priority attention to targets.
  • We direct and oversee advocacy initiatives to integrate and optimize contributions from current and planned technical, analytic, and openly available sources.
  • We enable you to manage a professional staff in successfully defining and managing complex programs and projects that may include ill-defined requirements, ambiguity, parallel tasks, multiple dependencies, high risks, and multiple interfaces; ensure timelines, costs, deliverables, and the achievement of defined outcomes according to approved plans.
  • Treadstone 71 teaches and trains you to strive for superior analytical and critical thinking skills, including the ability to think strategically and identify needs, requirements, and develop innovative recommendations and solutions for improvement.

Treadstone 71 Collection and Analysis is not compartmentalized but directly engaged as a single unit. Continuous feedback loops and constant communication ensure rapid changes to collection plans and advanced adversary targeting.

Contact us now to learn more about our annual retainer services tiered for the level of support you need. Treadstone 71 Research, Analysis, and Reporting retainer services provide contextually detailed reports and assessments based on your intelligence requirements and stakeholder needs. We shift quickly. We do not change order you to financial ruin. We deliver intelligence and not daily news.

  • We research sets of standardized queries related to cyber threats for clients on a regular basis (daily, weekly, monthly, quarterly) while producing (peer-reviewed) finished intelligence reports addressing priority intelligence requirements.
  • We provide full cyber intelligence lifecycle support from stakeholder interfaces and management, intelligence requirements definition, collection and research management, planning and execution, data and information production, structured analysis, analysis, and analytic writing and delivery.
  • Track intelligence trends across industries and technologies and generating effective and efficient ways to collect and analyze.
  • Proactively monitor and analyze the cyber battlefield and the assessment of intelligence risk and applicability to the client.
  • We model and analyze the likelihood of emerging threats defining their motivation, impact, and capabilities relative to the organization.
  • We author intelligence advisories, estimates, warnings, executive and strategic reports, and briefs with recommendations to risk and technology team.
  • We enable intelligence sharing and engage with other functions providing input and requirements to influence threat mitigation strategies.
  • Collect and analyze information from various sources, including open-source reports, information sharing partners, and intelligence vendors.
    • We synthesize findings to assess adversary threats to the organization.
  • We develop global technical expertise on threat actors, attack trends, and attack tactics, techniques, and procedures (TTPs) while leveraging 30 years of expertise to identify novel techniques and their ability to bypass common security controls.
  • Provide situational awareness on the current threat landscape and the TTPs associated with specific threats to your business.
  • Conduct trending and correlation of cyber intelligence for the purposes of attribution and set up strategic countermeasures.
  • We create procedural, intelligence-driven internal, and external interfaces with stakeholders and teams building RACI models and clear methods of communication.

We collect - We organize - We decompose - We prioritize - We analyze - We think - We report - We deliver - Iterative lifecycle methods incorporating objective analysis with intuition and structured methods of analysis - Since 2002

Contact Treadstone 71 for Cyber Intelligence, Cyber Threat Intelligence, and CounterIntelligence Analysis Services

  • High Wealth Intelligence Assessments, Monitoring, and Remediation
  • Cyber Intelligence Attack Surface Assessment
  • Targeted Adversary Research - Research, Warning, Estimative Reporting
  • Targeted Adversary Mitigative and Retributive Operations
  • Information Operations
  • Anonymity and Persona Development
  • Corporate Leadership Attack Surface Assessments
  • Corporate Attack Surface Assessments
  • Customized Targeting and Reporting / Monitoring
  • Culturalnomics - Social-Linguistic-Political-Religious Subject Matter Expertise
  • Deception Planning and Management

Liability Free, Cyber Intelligence Services

Treadstone 71 is your source for Analysis as a Service. We do collect. We do organize and produce but our specialty and focus is on intelligence analysis. Many indicated that they analyze intelligence. Treadstone 71 produces intelligence after analyzing data and information. We create bottom-line-up-front recommendations and opportunities – actionable intelligence. Our process is rigorous yet flexible. Our objectivity upheld as a baseline ethos of the methodology.

Treadstone 71 provides liability free, cyber intelligence services to select clients. We will help you improve your security posture, enhance business acumen, investigate adversaries, verify and validate sources, assess the high value and high-income targets, or examine areas of compromise and exploitation. We use honed cyber intelligence and analysis tradecraft to define and execute priority intelligence requirements from operational planning through campaign execution.

The Treadstone 71 Analysis as a Service you will not find elsewhere. If you are searching for intelligence analysts, come to the shop that focuses on analysis. Uncluttered, focused, skilled – Treadstone 71 Analysis as a Service.

Below is a short listing of our Targeted Research Services:

  • Baseline and foundational research customized to client requirements.
  • Deep-dive intelligence reporting covering cyber threats that are target centric.
  • Adversary reports covering detailed assessments of threat actors, TTPs, patterns, timelines/chronologies
  • Strategic Intelligence Assessments covering business risk issues targeting senior level stakeholders assisting in their decision-making process.
  • Onsite General Intelligence Briefings on current events, actors/adversaries
  • Onsite Customer Intelligence Briefings on targeted topics which may include STEMPLES Plus and Indicators of Change
  • Onsite Report Clarification Briefings - General and Customized by Bronze/Silver/Gold
  • Sensitive Intelligence Briefs (TLP Orange and Red)

Please complete the Contact form to receive the Data Sheet

Contact Treadstone 71

Please note that only corporate email domains are allowed. Gmail, Hotmail, Yahoo, etc will be rejected.

Please type your full name.

Invalid Input

Invalid Input

Invalid email address.

Please tell us your area of interest.

Invalid Input

Cyber Intelligence Request for Information (RFI)

Request for Information (RFI) – Cyber Threat Intelligence

The RFI process includes any specific time-sensitive ad hoc requirement for intelligence information or products to support an ongoing event or incident not necessarily related to standing requirements or scheduled intelligence production. When the Cyber Threat Intelligence Center (CTIC) submits an RFI to internal groups, there is a series of standard requirements for the context and quality of the data requested.

Download Brief

Please provide a valid email address to access your download.

Continue... ×

Cyber Intelligence Wiki - CyberIntellipedia


This wiki is an online system for collaborative data sharing built and used by Treadstone 71 to aid in building Cyber Threat Intelligence programs while establishing intelligence sharing and communities of interest. The Treadstone 71 Cyber Intelligence Training Courses led to the establishment of CyberIntellipedia, a wiki consisting of multiple sections covering strategic planning, policies, procedures, templates, taxonomy, examples, dossiers, finished intelligence, estimative intelligence, open-source tools, adversary research, process flow diagrams, reporting, analytic tools and methods, threat intelligence TTPs, and more. From job descriptions and C-Suite presentations to cyber intelligence maturity models and threat matrices, Treadstone 71 is now selling the CyberIntellipedia to the public beginning December 20, 2019. Initial access is screened with tiered pricing. Tiered pricing includes full access to access to the forum area. We are seeking beta testers to participate in the review at discounted pricing.

CyberIntellipedia aligns with the Treadstone 71 Cyber Intelligence Training Courses including aspects of cyber intelligence tradecraft and cyber counterintelligence tradecraft. The wiki follows the intelligence lifecycle providing in-depth documentation for each aspect of the iterative process. We continue to enhance and build CyberIntellipedia including adding a historical cyber adversary component covering attacks, adversaries, their methods, tactics, techniques, and procedures indexed for rapid search.

CyberIntellipedia delivers the tools necessary to build a sustainable program. The wiki gives users access to twelve years of effort demonstrating proven success for cyber threat intelligence strategies, operational efficiencies, tactical methods, and technical alignment. Organizations pay hundreds of thousands of dollars over years of labor to establish what is in the Cyber & Threat Intelligence Wiki - CyberIntellipedia. With guidance and time-based direction, clients can build a complete intelligence program, educate stakeholders, staff, and leadership, without the usual massive outlay for time and materials, and commitment to constant consultant change orders.

The core functions of the CyberIntellipedia are:

2019 12 31 7 49 27

  • Enable organizations to quickly understand, adapt and adopt standard cyber intelligence community concepts while pragmatically incorporating cyber intelligence program build solutions incorporated in the wiki.
  • Information Sharing and Safeguarding— improve collaboration while protecting information.
  • Leverage Cyber Intelligence Training from Treadstone 71
  • Consolidate existing and future intelligence requirements into an effective and efficient cyber and threat intelligence ecosystem to enable greater intelligence integration, information sharing, and safeguarding.
  • Provide the intelligence workforce with discovery and access to information based on mission need to deliver timely, tailored, and actionable information.
  • Nurture a culture of innovation and agility that advocates the sharing of ideas and resources adaptable to the changing environment and promotes best practices across the intelligence groups.
  • Prioritization of threats that influence which potential threats get addressed by security organizations and how network security resources are allocated.
  • Collection management is streamlined, and organizations can better communicate their requirements to partners and stakeholders.
  • Cyber threats are widely communicated to the organization, integrated with other intelligence functions, and stakeholders are aware of the most relevant threats.
  • Cyber threats are proactively monitored and prioritized, with updates available to inform stakeholders and leadership.
  • Analytical production aligns with organizational goals, priority intelligence requirements, emerging threats while maintaining awareness of geopolitical and socio-cultural events that impact the cyber environment.



Why the CyberIntellipedia Wiki?

Wikis are about as simple as can be. That simply means that people find them easy to use, just like e-mail and blogs. Like e-mail and blogs, wikis also perform a very useful service in a simple way. A wiki allows a community of interested people to enter and communally edit shared data. Although the documentation included in the full package is open for peer review and suggested changes, that documentation is under the auspices of Treadstone 71. Customers may wish to license the complete CyberIntellipedia library for their own use. Treadstone 71 has a model in process for such a need. Our hope is for the cyber intelligence community of interest represented in CyberIntellipedia to present fundamental principles that guide the understanding of cyber & threat intelligence. Through open intelligence sharing, trusted users may wish to assist in coordinating proactive action towards common community objectives. The market is full of technologies driving technical solutions. CyberIntellipedia is a labor of love that is a full-spectrum, cyber & threat intelligence product designed as an in-depth knowledge-base gleaned from years of hands-on experience.

2019 12 31 7 50 14

  • CyberIntellipedia an overview of cyber and threat operations, operational design methodology, and planning, and execution.
  • CyberIntellipedia includes a review of operational design doctrine and applies these principles to the cyber domain.
  • CyberIntellipedia descriptively and prescriptively defines the cyber intelligence planning process and identifies intelligence lifecycle operations planning concerns.
  • CyberIntellipedia provides an overview of cyber and threat intelligence programs, plans, operations, adversaries, and more taken from ten years of direct support to global clients.
  • CyberIntellipedia includes case studies directly focused on cyber and threat intelligence operations.

Treadstone 71 is making the CyberIntellipedia available for public purchase beginning as a trial (December 2019) to iron out the kinks. Stay tuned for more information or contact us expressing your potential level of interest. For a complete, full-scope solution, see the Treadstone 71 Lifecycle product Conscientia.

Treadstone 71 - Serving you since 2002.

We See What Others Cannot

Details of the RFI Form

Request for Information (RFI) – Cyber Threat Intelligence

The RFI process includes any specific time-sensitive ad hoc requirement for intelligence information or products to support an ongoing event or incident not necessarily related to standing requirements or scheduled intelligence production.

When the Cyber Threat Intelligence Center (CTIC) submits an RFI to internal groups, there is a series of standard requirements for the context and quality of the data requested.

RFI Form

Learn more about the complete Cyber Threat Intelligence online knowledgebase - CyberIntellipedia

  • The data is expected to be curated.
    • Data curation is the organization and integration of data collected from various sources. It involves annotation, publication, and presentation of the data such that the value of the data is maintained over time, and the data remains available for reuse and preservation
  • The data is expected to have been reviewed and validated.
    • Data needs to be cited providing sources to the data (APA format per Microsoft Word).
    • Data should be evaluated for the credibility of the sources and validation of the data (see Appendix A)
  • The data follows the below format each time to speed cycle time. This format should be congruent with the incident response platform in use.
  • Standards must be used such as those associated with NIST or other accepted standards as agreed upon for use within your organization.
  • The data should be formatted to fit your internal processes and procedures. You may wish to consider how you apply the Diamond, Kill chain, and ATT&CK models using standard data fields.
  • The data should be easy to extract, repeatable, and when applicable, quantifiable (cardinal number).
  • The data should have a historical record so we can analyze month-to-month patterns, trends, and tendencies.
  • The dates and times of when the data was created (not created by your organization with respect to the event or incident ingestion but action dates and times of event or incident activities.
  • The data should be classified with standard internal classification levels and TLP designators.

Source Credibility Admiralty Scoring

When and where applicable, the data needs to answer the following questions:

  • What exactly is or was the problem or issue?
  • Why is this happening now, who is doing this, what is their intent/motivation?
    • So what - why do we care and what does it mean to us and our clients?
  • Impact so far if any to our data and systems or the data and systems of our clients?
  • What do we expect to happen next? What is the expected outlook for continued actions if any?
  • Supervisory Action (actions to be or that have been taken based upon data/information/analysis)
  • What recommendations were made and what recommendations were executed?
    • What was/were the course(s) of action?
    • What was the result of the implemented recommendations?
  • Were there any unanticipated implications to the recommendations?
  • What opportunities are there for your organization going forward?
    • Did we find any weaknesses?
    • Did we identify any strengths?
  • What gaps were found in our environment (people, process, technology)?

If the data you send does not come curated, reviewed, and validated with proper citations in the requested format, it may not make it to the report.

Source Credibility

We must treat each vendor report and data feed as nothing more than another source of data. Data that must be evaluated for credibility, reliability, and relevance. To do so, we can use the NATO Admiralty Code to help organizations evaluate sources of data and the credibility of the information provided by that source. Evaluate each vendor report using this coding method while documenting ease of data extraction, relevance to your organizational issues, type of intelligence (strategic, operational, tactical, and technical), and value in solving your security problems. Most publications provide the top-level scoring model. We provide the full model for auto-calculation built into the PDF. 

Find the form here

Intelligence Games in the Power Grid

Intelligence Games in the Power Grid – Russian Cyber and Kinetic Actions Causing Risk

Unusual purchasing patterns from a Russian firm selling PLCs from a Taiwanese company with massive holes in its product software download site. What could go wrong?

Download Brief

Please provide a valid email address to access your download.

Continue... ×

The Treadstone 71 Difference

The Treadstone 71 Difference

Download the Treadstone 71 Difference Data Sheet

We are nothing like competitors who are rooted in defensive posture actions with a pedigree in reverse engineering malware and providing defensive solutions for that malware, and just plain do not understand what intelligence is and is not. Most come from anti-virus firms, information security companies, law enforcement, and many with backgrounds in incident response and security operations. What we provide is a complete focus on intelligence rooted in traditional tradecraft and fully integrated and adapted for the cyber environment.

We build cyber and threat intelligence programs rooted in the intent and capabilities of delivering data, information, and intelligence that forecasts and estimates adversary actions. Intelligence, that enables leadership, business units, and security functions to prepare and prevent malicious activity against your most important systems and information.

Established in 2002, Treadstone 71 is a pure-play cyber intelligence company. The programs we build span technical and tactical intelligence through operational and strategic intelligence facilitating internal and external communities of interest.

Download Data Sheet

Download Data Sheet

Please provide a valid email address to access your download.

Continue... ×

  • we help you improve your incident detection, prevention, and response developing feedback to improve your cyber defenses
  • we assist you in using you threat intelligence to help automate security operations and remediation actions enhancing your operational tradecraft<
  • we guide you in the building of a centralized threat intelligence service that guides cybersecurity activities of other organizational units
  • we drive efficiencies and effectiveness in risk management<
  • we operationalize your threat intelligence from little to no processes to mature procedures, standard operating procedures, and workflows
  • we ensure integration between all things PESTELI +R+E+ and existing technologies in your SOC
  • we ensure you understand how to define credibility and relevance of your threat intelligence feeds that leads to truly actionable intelligence
  • we assist you in understanding your attack surface and online footprint from websites to social media to the darknet creating new opportunities for targeted intelligence collection
  • we help identify, infiltrate, and track adversaries providing information where and when possible to prevent attacks
  • we understand geopolitical factors that helps prepare your cyber environment for current and future contingencies
  • we learn the priorities of your adversaries and help you define a more assertive cyber posture for your organization
  • we tailor strategies and programs based upon your organizational needs and the needs of leadership
  • we teach and embed cyber intelligence tradecraft in your organization that is lasting following structured techniques proven in the intelligence community
  • we educate and drive situational awareness through table top exercises based upon proven military methods adopted for commercial organizations
  • we identify adversary front companies, their means, motives, and targets
  • we look at adversary’s skills, motivation, maliciousness, types of adversaries, level of automation and rate, informational impacts, targets, defensive measures, adversary course(s) of action, operational impact, line of business impact, and attack vectors
  • we create and maintain a presence on their virtual soil using virtual HUMINT methods to help identify your attack surface, your digital footprint
  • we know methods of collection, organization/production, structured analytic techniques, how to determine source credibility, communicate gaps and confidence levels, analyze using standard methods of inference, deductive and inductive reasoning, apply clear process for critical thinking, and deliver product in standard analytic writing methods that is clear and concise
  • we have been penetrating adversary sites, forums and social media since 2004 using both active and passive methods of cyber engagement – we have been in business since 2002
  • we listen

Treadstone 71 Training Justification

Subject: Request to Attend the Treadstone 71 NAME OF COURSE training

Dear [Decision Maker Name],

The Treadstone 71 Certified Threat Intelligence Analyst training takes place INSERT START DATE through INSERT END DATE at the LOCATION NAME in CITY, STATE, or COUNTRY. The training offers INSERT NUMBER OF DAYS of educational training from a former intelligence community professional. Intelligence professionals regard this class as the world’s leading training program for cyber and threat intelligence professionals. Therefore, I would like to request approval to attend, as I believe it will further develop my threat intelligence skills and build knowledge around greatly improving our cyber threat intelligence program.

The training offers comprehensive, innovative educational sessions following Intelligence Community standards from the International Association for Intelligence Education Standards for Intelligence Analyst Initial Training:

  1. Introduction to Intelligence
  2. Critical Thinking
  3. Analytic Writing
  4. Creative Thinking
  5. Analytic Briefing
  6. Structured Analytic Techniques.
  7. Analytic Issues
  8. Argument Mapping
  9. Case Studies

The course covers critical intelligence skill areas and emerging threat intelligence concepts facing our organization.

If I attend, I’ll receive:

  • Over INSERT NUMBER OF HOURS of educational training and INSERT NUMBER OF CPEs.
  • Hands-on with the latest open-source intelligence tools.
  • Review of normally paid threat intelligence feed solutions (Intel471 and Recorded Future) while in the class.
  • Operational security concepts, including a 30-day VPN license.
  • Intensive training on:
    • Stakeholder Analysis
    • Collection Planning
    • Collection Activities and Targeted Collection
    • Intelligence Requirements Development
    • Open Source Intelligence Methods
    • Adversaries and Campaign Analysis
    • Structured Analytic Techniques for Intelligence
    • Methods and Types of Analysis
    • Analytic Writing and Peer Review
    • Analysis, Reporting, and Dissemination
    • Mitre ATT&CK Analysis and Comparisons
    • Forecasting and Estimative Reporting
    • STEMPLES Plus Strategic Intelligence
    • Synthesis and Fusion Methods.
    • Advanced Adversary Targeting and Campaign Analysis
    • Strategic Intelligence Analysis
  • I’ll also have the chance to understand the methods used in intelligence agencies from an intelligence professional who has been teaching this course for 11 years.
  • I’ll benefit from the instructor’s years of passive data collection on adversaries while maintaining operational security while networking with other students on their experiences in intelligence.


The approximate investment for my attendance is as follows (complete the information as appropriate):

Travel costs


Accommodation (### nights at (DOLLARS xxx/night*)


Full Training Pass (for ### days)


Payback: Our ROI

I believe the insights learned by Treadstone 71 Training will help speed incident response resolution, assist security operations in gaining insights into our cyber adversaries, and enhance our cyber threat intelligence program with intelligence community skills and knowledge. The cost of the course seems a small price to pay for actionable intelligence to help our business combat cyber threats and the reputational damage that results from even a minor compromise. Other courses from other companies in this field charge at least 25% more and usually 30-35% more and you get less from those courses.

When I return from the Treadstone 71 training, I will compile a short presentation covering what we covered in the class, applicable functions to consider for immediate use, methods of collection, how best to use analytic methods, and ways to quickly improve our written products.

[Add standard sign off]

Contact Treadstone 71 Today for all your Cyber Intelligence needs.