Amsterdam - Cyber Intelligence Tradecraft - Certified Threat Intelligence Analyst

Anonymity and Passive Persona setup
Collection Methods and Techniques
Collection Planning, IRs/PIRs/EEIs/Indicators/SIRs
Collection Process Flow
Collection (OSINT) Tools and Targeting
Threat Intelligence
Most likely Threat Actors
Access to ThreatStream during the class
Use of Maltego – overview
OPSEC – VPNs, Buscador, Authentic8 Silo
OSINT Browser – Oryon C Portable
Proxy Access – the DarkNet
Demonstration – Recorded Future / Intel471
Burn phone set up and use (US Only)
Open Source Intelligence OSINT
Production Methods
Structured Analytic Techniques – Their use
Adversary Denial and Deception
Source Credibility and Relevance
Source Validation
Denial and Deception
Confidence Levels
Types of evidence
Production Management
Critical and Creative Thinking
Cognitive Bias
Glossary and Taxonomy
What Intelligence Can and Cannot Do
Use of Mitre ATT&CK in Analysis
ATT&CK in examining patterns and trends
ATT&CK in Adversary tendencies
Estimation and Forecasting
Campaign analysis
Types and Methods of Analysis
Synthesis and Fusion
Analysis of Competing Hypothesis
Inductive/Abductive/Deductive Reasoning
Stakeholder Identification, and Analysis
Analytic Writing, BLUF, AIMS
Forecasting in your writing
Indicators of Change
Argument Mapping
Types of Reports
Product Line Mapping
Report Serialization, and Dissemination
Live Case Studies – Class briefs

We also have a different module that can be included depending on the audience. This module is geared towards IR and SOC staff:

  • Intro to Cyber Intelligence
    • What does intelligence mean to the SOC?
    • What does intelligence mean to Incident Response?
  • A day in the life of an intelligence analyst
  • Intelligence Lifecycle
    • Define what your group does
    • Define how your group uses intelligence
    • Define how your group produces intelligence
  • Mitre ATT&CK
    • Tactics
    • Techniques
    • Tools
    • ATT&CK Navigator
    • ATT&CK Examples
  • Chronology and Timelines
    • ATT&CK Chronology
    • Comparing past and present
    • Comparing and contrasting different threat groups
  • Estimative ATT&CK
  • Adversary Targeting – Threat Profiling - Threat Matrices
    • Primary Threats
      • Nation-state
      • Foreign intelligence services
      • Military cyber units
      • Threat groups and proxies
      • Cybercriminals
      • Others
    • Adversary skills
    • Adversary maliciousness
    • Interest in your organization
    • Motivation – objective – conditions
      • Opportunity
      • Triggers
      • Course(s) of action
      • Capabilities
    • Level of automation
    • Potential impact
  • Threat Hunting
    • Purpose and Scope
    • Hunt level maturity
    • Threat Hunting Lifecycle
      • Lifecycle and Maturity Level matrix
    • Patrolling
    • Stalking
    • Searching, clustering, grouping, stack counting
    • Process flow
      • Entry point
      • Plan the hunt
      • Execute the hunt
      • Malicious or not?
      • Document the performed steps
      • Document the findings
      • Prepare the report
      • Hunt Key Metrics
    • Establish priorities Iterative Approaches and Feedback Loop
    • RACIs – who does what
    • Tactical Intelligence Risk
    • Situational Awareness
      • Emerging threats
      • Coordination with other groups
      • Likely adversary courses of action
    • Intake Forms
      • Request for Information (RFI)
      • Responding to RFIs
    • Incident Intelligence
      • Interfacing with the Cyber Threat Intelligence (CTI) teams
      • What do we need from CTI?
      • What can CTI do and what can they not do
    • Indicators Cyber DECIDE, DETECT, DELIVER and ASSESS (D3A) framework
    • Specific information requirements Cyber FIND, FIX, FINISH, EXPLOIT, ANALYZE and DISSEMINATE (F3EAD) methodology
    • Crown jewel information
      • Checklist questions
      • Possible intelligence requirements (non-prioritized)

The course delivers pragmatic and practical examples for attendees immediate use upon return to their organizations:

  • Use language that is recognized across the intelligence assessment community.
  • Assist stakeholders with intelligence requirements
    • Understand what Intelligence is and is not
  • Create useful intelligence requirements
  • Develop collection plans with precise targeting and tool selection
  • Provide evaluation and feedback necessary for improving intelligence production, intelligence reporting, collection requirements, and operations
  • Skill in using multiple analytic tools, databases, and techniques such as divergent/convergent thinking, ACH, SATS, etc.)
    • Skill in applying various analytical methods, tools, and techniques (e.g., competing hypotheses; chain of reasoning; scenario methods; denial and deception detection; high impact-low probability; network/association or link analysis; Bayesian, Delphi, and Pattern analyses)
  • Knowledge of how to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused intelligence products
  • Execute safe collection in any environment
  • Ensure data provenance during collection
  • How to validate sources and data credibility
  • Provide subject matter expertise in developing cyber operations indicators
  • Consider efficiency and effectiveness of collection resources when applied against priority information requirements
  • Facilitate continuously updated intelligence, surveillance, and visualization input for stakeholders
  • Skill in identifying cyber threats which may jeopardize organization and supply chain interests
  • Identify collection gaps and potential collection strategies against targets
  • Knowledge of denial and deception techniques
  • Knowledge of intelligence analytic reporting principles, methods, and templates.
  • Ability to recognize and mitigate cognitive biases which may affect analysis
  • Ability to clearly articulate intelligence requirements into well-formulated research questions and requests for information
  • Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner
  • Ability to develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists

Event Properties

Event Date 11-01-2021 1:00 am
Event End Date 11-05-2021 1:00 am
Capacity 15
Cut off date 10-22-2021
Individual Price $3,700.00
Location Amsterdam Airport Schiphol

Contact Treadstone 71 Today for all your Cyber Intelligence needs.