Treadstone 71 at RSA

Deception, distortion, dishonesty are core to social media postings. Our adversaries use these methods concocting stories that create illusions that are meant to leave us divided. The talk will cover methods of countering their messaging while applying these tactics to protect your own organization and brand. Moving from intelligence to counterintelligence is the natural next step in our evolution.

Learning Objectives:
1: Learn about Russian adversary methods of deception.
2: Learn tactics that utilize memetic engineering.
3: Learn how to counter the adversaries’ methods.

Cyber-Counterintelligence—Deception, Distortion, Dishonesty

Treadstone 71 offers an affiliate program for known entities who wish to resell our training, both online and in-person. The affiliate program offers percentage commissions that grow based on numbers of registered students. We offer tiered programs that reward the aggressive affiliate.

We also offer white label and partnership programs for organizations that wish to resell our services and partner with our consulting. We offer tiers of commissions based on numbers. The more you sell, the more we both earn. 

Have an idea of how to work with us? Send it along!

To learn more:

Please complete this short form and your data sheet will be emailed to you. All fields are required. Corporate email accounts only - no Gmail, Yahoo, or other free mail accounts accepted.
Please enter your name.

Please enter your title.

Please enter your company.

Please enter a valid email address.

Invalid Input

Details of the RFI Form

Request for Information (RFI) – Cyber Threat Intelligence

The RFI process includes any specific time-sensitive ad hoc requirement for intelligence information or products to support an ongoing event or incident not necessarily related to standing requirements or scheduled intelligence production.

When the Cyber Threat Intelligence Center (CTIC) submits an RFI to internal groups, there is a series of standard requirements for the context and quality of the data requested.

RFI Form

Learn more about the complete Cyber Threat Intelligence online knowledgebase - CyberIntellipedia

  • The data is expected to be curated.
    • Data curation is the organization and integration of data collected from various sources. It involves annotation, publication, and presentation of the data such that the value of the data is maintained over time, and the data remains available for reuse and preservation
  • The data is expected to have been reviewed and validated.
    • Data needs to be cited providing sources to the data (APA format per Microsoft Word).
    • Data should be evaluated for the credibility of the sources and validation of the data (see Appendix A)
  • The data follows the below format each time to speed cycle time. This format should be congruent with the incident response platform in use.
  • Standards must be used such as those associated with NIST or other accepted standards as agreed upon for use within your organization.
  • The data should be formatted to fit your internal processes and procedures. You may wish to consider how you apply the Diamond, Kill chain, and ATT&CK models using standard data fields.
  • The data should be easy to extract, repeatable, and when applicable, quantifiable (cardinal number).
  • The data should have a historical record so we can analyze month-to-month patterns, trends, and tendencies.
  • The dates and times of when the data was created (not created by your organization with respect to the event or incident ingestion but action dates and times of event or incident activities.
  • The data should be classified with standard internal classification levels and TLP designators.

Source Credibility Admiralty Scoring

When and where applicable, the data needs to answer the following questions:

  • What exactly is or was the problem or issue?
  • Why is this happening now, who is doing this, what is their intent/motivation?
    • So what - why do we care and what does it mean to us and our clients?
  • Impact so far if any to our data and systems or the data and systems of our clients?
  • What do we expect to happen next? What is the expected outlook for continued actions if any?
  • Supervisory Action (actions to be or that have been taken based upon data/information/analysis)
  • What recommendations were made and what recommendations were executed?
    • What was/were the course(s) of action?
    • What was the result of the implemented recommendations?
  • Were there any unanticipated implications to the recommendations?
  • What opportunities are there for your organization going forward?
    • Did we find any weaknesses?
    • Did we identify any strengths?
  • What gaps were found in our environment (people, process, technology)?

If the data you send does not come curated, reviewed, and validated with proper citations in the requested format, it may not make it to the report.

Source Credibility

We must treat each vendor report and data feed as nothing more than another source of data. Data that must be evaluated for credibility, reliability, and relevance. To do so, we can use the NATO Admiralty Code to help organizations evaluate sources of data and the credibility of the information provided by that source. Evaluate each vendor report using this coding method while documenting ease of data extraction, relevance to your organizational issues, type of intelligence (strategic, operational, tactical, and technical), and value in solving your security problems. Most publications provide the top-level scoring model. We provide the full model for auto-calculation built into the PDF. 

Find the form here

Treadstone 71 Cyber Threat Intelligence Webinars

Treadstone 71 Cyber Threat Intelligence Webinars

Five One Hour Cyber Threat Intelligence Pre-recorded Webinars covering

Free Short Course on our cyber intelligence training courses (www.cyberinteltrainingcenter.com)


Webinar link to be provided upon enrollment.

REGISTRATION REQUIREMENT: A VALID COMPANY EMAIL ADDRESS - ANY REGISTRATION OUTSIDE THIS REQUIREMENT WILL BE REJECTED. DO NOT REGISTER WITH GMAIL, HOTMAIL, OUTLOOK, YAHOO, PROTONMAIL, MAIL, TUTANOTA OR ANY TEMPORARY OR NON-GOVERNMENT OR COMPANY EMAIL. COMPANY MUST BE LEGITIMATE. THE ORGANIZATION MUST NOT BE TIED TO AN ADVERSARY GOVERNMENT OR ORGANIZATION.

Students Receive:

  • 1 CPE per Webinar
  • Templates and Forms used in the Webinars
  • 10% discounts on Treadstone 71 Training (online and in-person) for up to 1 year from the last Webinar completion date (May 12 to May 11, 2021)

Student requirements:

  • Laptop
  • WebEx software
  • Earphones and microphone preferred

Cyber Threat Intelligence – Stakeholder Management

On-Demand Webinar Registration

  1. Support to Leadership
    1. During Webinar Exercise
  2. Purpose of Stakeholder Analysis
  3. Questions used to organize your products
  4. Know your customer checklist
  5. Getting started checklist
  6. High-level process overview
  7. Steps to follow
    1. Sample Invitation Letter
  8. Strategic Questioning and Listening
    1. Active and Empathic Listening
  9. Stakeholder Collection and Tracking Model
    1. Reporting formats for real-time interaction
    2. Choices of visual support materials
    3. Stakeholder Impact and Influence
  10. Exercise Redux
  11. Wrap-up // Q&A

Cyber Threat Intelligence – Adversary Targeting

On-Demand Webinar Registration

  1. What is D3A?
  2. D3A Targeting Requirements
    1. Adversary Identification
    2. Breakdown
  3. Bring in Stakeholder Requirements
  4. What is F3EAD?
  5. The D3A/F3EAD Integrated Process
    1. Aligned to the Cyber Threat Intelligence Lifecycle
    2. Integrated Lifecycle Breakdown
    3. The Full Lifecycle
  6. Logical Adversaries to Intelligence Requirement Development
    1. Building Threat Matrices
    2. Simple to Complex
    3. Inclusion of ATT&CK Groups aligned to Nation-States
  7. Exercise Redux
  8. Wrap-up // Q&A

Cyber Threat Intelligence – Intelligence Requirements

On-Demand Webinar Registration

  1. Introduction
  1. Priority Intelligence Requirements (PIR) – What are they?
    1. During Webinar Exercise
  2. Intelligence Requirements
  3. Common Adversaries
  4. Information Requirements Process Flow
    1. Intelligence Requirements
    2. Essential Elements of Information
    3. Specific Information Requirements
    4. Indicators
    5. The Overall IR Process Flow
  5. Targeting – Intelligence Collection
  6. Information Required Prior to Intelligence Requirements
  7. Prioritization
    1. What is an Intelligence Requirement
    2. What is a Priority Intelligence Requirement
    3. Prioritization continued
  8. Collector/Analyst Need to Understand
  9. Stakeholder knowledge of their systems and data
  10. Intelligence Team Priority Intelligence Requirements Examples
  11. Get them to requirements
  12. Exercise Review
  13. Wrap-up and Q&A

Cyber Threat Intelligence – STEMPLES Plus – Indicators of Change – Hofstede Principles

On Demand Webinar Registration

  1. STEMPLES Plus – Strategic Analysis
  2. The Six Categories – ASCOPE
    1. Area
    2. Structures
    3. Capabilities
    4. Organizations
    5. People
    6. Events
  3. D3A Targeting F3EAD
  4. STEMPLES Plus
    1. Social
    2. Technical
    3. Economic
    4. Military
    5. Political
    6. Legal/Legislative
    7. Educational
    8. Security
    9. PLUS
      1. Religion
      2. Demographics
      3. Linguistics
  1. Psychological
  2. Other
  3. Indicators of change
    1. Motive thru Capabilities
    2. Levels of Concern
    3. Example
  4. Hofstede Principles
    1. Power and Distance
    2. Individualism and Collectivism
    3. Masculinity and Femininity
    4. Uncertainty Avoidance
    5. Long Term and Short Term
    6. Indulgence and Restraint
    7. Hofstede Country Comparison Exercise
  5. Wrap up and Q&A

Cyber Threat Intelligence – Collection Management

On Demand Webinar Registration

  1. Definition
  2. Requirements Management
  3. Mission Management
    1. Mission Analysis
    2. Gaps
  4. Collection Planning
    1. Simplified Process
  5. Collection Strategy
    1. Intelligence Collection Synchronization
  6. Collection Operations
    1. Principles
  7. Collection Manager Tasks
    1. Bringing in Intelligence Requirements
    2. A Multidisciplinary Approach
    3. Available Assets
  8. Request for Information
    1. RFI Template
  9. Complete a Plan
    1. The Collection Plan Templates
    2. Breakdown of the template
    3. Collection Manager Tasks Redux
    4. Example completed plan
  10. Iterative feedback – Constant communication
  11. Wrap up and Q&A

Contact Treadstone 71

Please note that only corporate email domains are allowed. Gmail, Hotmail, Yahoo, etc will be rejected.

Please type your full name.

Invalid Input

Invalid Input

Invalid email address.

Please tell us your area of interest.

Invalid Input

Conscientia - The Cyber Intelligence Lifecycle Solution

Conscientia - The Cyber and Threat Intelligence Lifecycle Solution

Conscientia enables conscientia screenshot
teams to organize their cyber threat intelligence program, publish their strategic plans, build stakeholder models, establish collection plans, rate and verify data and sources, use structured techniques, and prepare for analytic writing peer reviews.

Conscientia drives continuous feedback loops throughout the lifecycle engaging users to follow structured methods of collection, data organization, production, analysis, and management. Conscientia  captures stakeholder needs including intelligence requirements, prioritization, collection planning, and tracking while focusing on evidence-based intelligence analysis. The solution enables organizations to track how they got from A to B in the lifecycle, what worked and what did not while incorporating iterative methods of analysis.

“No longer will cyber threat intelligence teams have to kludge together methods of managing the cyber threat intelligence lifecycle,” said Jeff Bardin, Chief Intelligence Officer for Treadstone 71. “The ability to have continuous access to priority intelligence requirements, open-source intelligence actions in various stages of collection, the development of new hypotheses based on usable data, directly input to structured analytic techniques as some of the final steps before analytic writing and review are huge.”

Combined with CyberIntellipedia, Conscientia delivers a full-scope solution to cyber and threat intelligence teams.

  • The module integrates and manages cyber threat intelligence lifecycle functions in a contextually focused environment that helps author intelligence advisors, situation reports, and forecasts.
  • The ability to manage and track historical trends of adversaries and their campaigns with full data transparency, from your own perspective and not that of generic data feeds, minimizes cycle time while reducing overhead and operational risk.
  • The cyber intelligence lifecycle module enables collectors and analysts to work together on company-specific intelligence requirements, giving collection management the ability for continuous oversight supporting relevancy and rapidly redirect collection targets as needed.
  • We see this as speeding the decision making on threats helping to estimate possible next steps.
  • Conscientia is easy to use and follows Treadstone 71 Cyber Intelligence Training Courses.

“We plan to start offering the solution in August with a full rollout by mid-October,” continued Bardin. “Our training solutions enable this module providing organizations with the intelligence community skills necessary to more than adequately manage collection operations, analysis, and analytic writing. The need for this in the market is great.”

  • Data verification is a hidden calculation in data and threat intelligence feeds. Bayesian algorithms aid in the process, but human interaction is still a core capability that most organizations do not have.
  • Skills in this area are lacking.
  • The combination of Treadstone 71 Cyber Intelligence Training Courses and education with the cyber intelligence lifecycle solution enables historical pattern and trend analysis while creating clear pictures of adversary tendencies.

lifecycleII"For a long time, we described threat intelligence as the core solution for cyber threat intelligence teams. What is missing are the core functions of intelligence that goes well beyond indicators of compromise and technical details, collected after a breach occurs,” added Bardin. “We know that intelligence is for warning and prevention. We know that intelligence forecasting and estimates are the keys to prevention. Something that is missing in organizations today. We are shifting the paradigm to mature intelligence programs assisting in your digital transformation the reduces risk and that is via Conscientia.”

Conscientia is not meant to replace threat intelligence platforms but to provide an integrated series of modules that manage your intelligence program. Conscientia follows the intelligence lifecycle taken directly from the standards-based Cyber Intelligence Training delivered by Treadstone 71. We intend to enable the integration of strategic intelligence plans, policies, procedures, process flows, questionnaires, diagrams, presentations, reports, and briefs to managing the cyber threat intelligence lifecycle.

Read more: Conscientia - The Cyber Intelligence Lifecycle Solution

Contact Treadstone 71 Today for all your Cyber Intelligence needs.

CONTACT US TODAY