This comprehensive 2-day course on Threat Intelligence Management is designed for cybersecurity professionals who aspire to master the art of analyzing and mitigating cyber threats effectively.

The curriculum covers a broad spectrum of topics from the foundational concepts of threat intelligence to advanced applications in various organizational contexts. Through a mix of theoretical knowledge and practical exercises, participants will learn to develop, manage, and implement an effective threat intelligence program tailored to their organization’s needs.

This class is less about tools and more about learning frameworks, process, and logic tools to provide intelligence.

Syllabus

Introduction to Threat Intelligence
- Defining Threat Intelligence: Understanding the nuances of threat intelligence and its application across various industries.
- Applications Across Sectors: Explore the unique applications of threat intelligence in different sectors such as finance, healthcare, and government.
- Data to Intelligence: Learn methodologies to transform raw data into actionable intelligence.
- Intelligence Types: Detailed discussion on Tactical, Strategic, Operational, and Technical intelligence.
Intelligence Frameworks and Protocols
- Traffic Light Protocol: Guidelines for data sharing sensitivity.
- Cyber Kill Chain and Diamond Model: Understanding attacker engagement sequences and the facets of an intrusion.
- Pyramid of Pain and MITRE ATT&CK: Tactical approaches to understanding attacker behaviors and methodologies.
Structured Analytic Techniques
- Identification and Mitigation: Learn to identify common cognitive biases and strategies to mitigate their impact on intelligence analysis.
Intelligence Life Cycle
- Comprehensive Overview: From direction-setting to feedback integration, each phase of the intelligence lifecycle is explored, along with relevant tools and techniques for enhancement.
Inventory and Asset Management
- Internal Assessment: Techniques to inventory critical organizational assets and understand the attack surface.
- Attack Surface Management Tools: Explore tools and techniques for effective management and threat assessment.
Threat Modeling, Landscaping, and Profiling
- Threat Modeling Techniques: Introduction to STRIDE, PASTA, and decision trees.
- Threat Landscaping and Actor Profiling: Learn to define the threat landscape and profile potential threat actors based on intent and capabilities.
Priority Intelligence Requirements (PIRs)
- Development and Communication: Crafting effective PIRs and strategies for cross-departmental communication.
AI and CTI
- Language model usage for clustering, report generation
- Threats from AI-assisted phishing, deepfakes
Threat Intelligence Sharing Models
- ISACs,
- TLP application in trust groups
- Barriers to sharing and building information exchange networks
Open Source Intelligence (OSINT)
- Intro to passive OSINT for infrastructure discovery
- Tools: Spiderfoot, Maltego, Shodan, FOFA
- Ethical/legal boundaries in collection
Operational Security-
- Understand the principles and importance of OPSEC in CTI work.
- Recognize situations where poor OPSEC can lead to attribution, compromise, or adversary adaptation.
- Apply safe practices when collecting, researching, or interacting with threat actor infrastructure or forums.
Dark Web
- Understand the structure and purpose of the dark web and deep web
- Identify common platforms, marketplaces, and forums used by threat actors.
- Learn safe, ethical, and legal methods for dark web monitoring.
- Recognize the value of dark web intelligence in threat profiling, credential monitoring, and early breach detection.
Advanced Intelligence Dissemination and Tools
- Choosing Intelligence Vendors and Platforms: Criteria and best practices for selecting threat intelligence vendors and platforms.
- Tools and Techniques: Exploration of dark web analysis tools, deception technology, note-taking methodologies, visualization tools, and domain intelligence.