Cyber Threat Intelligence 101 with Wade Wells

The curriculum covers a broad spectrum of topics from the foundational concepts of threat intelligence to advanced applications in various organizational contexts. Through a mix of theoretical knowledge and practical exercises, participants will learn to develop, manage, and implement an effective threat intelligence program tailored to their organization’s needs.

This class is less about tools and more about learning frameworks, process, and logic tools to provide intelligence.

1. Introduction to Threat Intelligence

• Defining Threat Intelligence: Understand the nuances of threat intelligence and how it differs across industries
• Applications Across Sectors: Explore the unique applications of threat intelligence in different sectors such as finance, healthcare, and government
• Data to Intelligence: Learn methodologies to transform raw data into actionable intelligence
• Intelligence Types: Detailed discussion on Tactical, Strategic, Operational, and Technical intelligence

2. Intelligence Frameworks and Protocols

• Traffic Light Protocol: Guidelines for data sharing sensitivity
• Cyber Kill Chain and Diamond Model: Understanding attacker engagement sequences and the facets of an intrusion
• Pyramid of Pain and MITRE ATT&CK: Tactical approaches to understanding attacker behaviors and methodologies

3. Cognitive Biases in Intelligence

• Identification and Mitigation: Learn to identify common cognitive biases and strategies to mitigate their impact on intelligence analysis

4. Intelligence Life Cycle

• Comprehensive Overview: From direction setting to feedback integration, each phase of the intelligence lifecycle is explored with relevant tools and techniques for enhancement

5. Inventory and Asset Management

• Internal Assessment: Techniques to inventory critical organizational assets and understand the attack surface
• Attack Surface Management Tools: Explore tools and techniques for effective management and threat assessment

6. Threat Modeling, Landscaping, and Profiling

• Threat Modeling Techniques: Introduction to STRIDE, PASTA, and decision trees
• Threat Landscaping and Actor Profiling: Learn to define the threat landscape and profile potential threat actors based on intent and capabilities

7. Priority Intelligence Requirements (PIRs)

• Development and Communication: Crafting effective PIRs and strategies for cross-departmental communication

8. Advanced Intelligence Dissemination and Tools

• Choosing Intelligence Vendors and Platforms: Criteria and best practices for selecting threat intelligence vendors and platforms
• Tools and Techniques: Exploration of dark web analysis tools, deception technology, note-taking methodologies, visualization tools, and domain intelligence