On-Demand --- Intermediate Cyber Intelligence Tradecraft - Certified Threat Intelligence Analyst - Starting whenever you wish
Watch Promo
Registration runs as on-demand, defined on the main Cyber Intelligence Training Center registration page.
The online courses are instructor video and audio recorded with periodic direct interaction with the instructor via online web meetings. The instructor will have standard office time for question and answer as well as regular access via class email and other messaging options. The target course length is 10 weeks.
Validated and registered students will receive login and preparation information 1 week prior to class start. Prospective students must send an email to [email protected] from a corporate account to validate course eligibility before registration. (Corporate accounts are not Gmail, Hotmail, Yahoo, Mail, Hushmail, Protonmail, and the like). Treadstone 71 reserves the right to restrict course registration based upon certain risk factors.
This course follows the International Association for Intelligence Education Standards for Intelligence Analyst Initial Training with added modules covering (extended) Stakeholder Management, Intelligence Requirements, Adversary Targeting D3A / F3EAD, STEMPLES Plus, and Indicators of Change, and (extended) Collection Management. Course CPE is 46 (the Basic course is 40 CPE).
I. Introduction to Intelligence
II. Critical Thinking
III. Analytic Writing
IV. Creative Thinking
V. Analytic Briefing
VI. Structured Analytic Techniques.
VII. Analytic Issues
VIII. Argument Mapping
IX. Case Studies
Latest student testimonial:
"With my extensive experience working in the Department of Defense on active duty and federal contractor, this training provided industry professionals with a greater perspective for intelligence analysis. The training taught state of the art concepts and applied them to real-world scenarios establishing a solid understanding of using these intelligence tradecrafts to effectively predict and prevent cyber actors from exploiting their organizations. Individuals new to the cyber intelligence field or professionals who want to fine-tune their skills in the intelligence field should strongly consider this training for any intelligence analyst or security professional."
- Anonymity and Passive Persona setup
- Glossary and Taxonomy
- Operational Security - OPSEC
- What Intelligence Can and Cannot Do
- Open-Source Intelligence Techniques and Tools
- Stakeholder Analysis
- Intelligence Requirements to PIRs
- STEMPLES Plus - Hofstede Principles - Indicators of Change
- Adversary Targeting - D3A F3EAD
- Collection Methods and Techniques
- Collection Planning, IRs/PIRs/EEIs/Indicators/SIRs
- Collection Process Flow
- Collection (OSINT) Tools and Targeting
- Most likely Threat Actors
- Hunch.ly
- Use of Maltego – overview
- Open Semantic Search - Oracle Virtual Box - OVA setup - Tracelabs
- Darknet Sites of Interest
- Social Media - Off the beaten path review of social media platforms not in the mainstream
- Burn phone set up and use (US Only)
- Intelligence Lifecycle Production Methods
- Structured Analytic Techniques – Their use - Case Study
- Adversary Denial and Deception
- Source Credibility and Relevance - The real NATO Admiralty Scoring - CRAAP Tool for Relevance
- Source Validation
- Denial and Deception
- Confidence Levels
- Types of evidence
- Production Management
- Critical and Creative Thinking
- Cognitive Bias
- Use of Mitre ATT&CK in Analysis
- ATT&CK in examining patterns and trends
- ATT&CK in Adversary tendencies
- Estimation and Forecasting
- Campaign analysis
- Types and Methods of Analysis
- Synthesis and Fusion
- Analysis of Competing Hypothesis
- Inductive, Abductive, Deductive Reasoning
- Problems with Analysis
- Analytic Writing, BLUF, AIMS, Rules for Effective Writing
- MS Word for Effective Writing
- The Hemingway Editor
- Forecasting in your writing
- Argument Mapping
- Types of Reports
- Product Line Mapping
- Report Serialization, and Dissemination
- Threat Hunting with TaHiTI & MaGMa
- All Case Studies use all methods, techniques, and tools referenced in the course material. The Case Studies used are straight from the headlines giving students real-world experience during the class.
The course delivers pragmatic and practical examples for attendees immediate use upon return to their organizations:
- Use language that is recognized across the intelligence assessment community.
- Assist stakeholders with intelligence requirements
- Understand what Intelligence is and is not
- Create useful intelligence requirements
- Develop collection plans with precise targeting and tool selection
- Provide evaluation and feedback necessary for improving intelligence production, intelligence reporting, collection requirements, and operations
- Skill in using multiple analytic tools, databases, and techniques such as divergent/convergent thinking, ACH, SATS, etc.)
- Skill in applying various analytical methods, tools, and techniques (e.g., competing hypotheses; chain of reasoning; scenario methods; denial and deception detection; high impact-low probability; network/association or link analysis; Bayesian, Delphi, and Pattern analyses)
- Knowledge of how to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused intelligence products
- Execute safe collection in any environment
- Ensure data provenance during collection
- How to validate sources and data credibility
- Provide subject matter expertise in developing cyber operations indicators
- Consider efficiency and effectiveness of collection resources when applied against priority information requirements
- Facilitate continuously updated intelligence, surveillance, and visualization input for stakeholders
- Skill in identifying cyber threats which may jeopardize organization and supply chain interests
- Identify collection gaps and potential collection strategies against targets
- Knowledge of denial and deception techniques
- Knowledge of intelligence analytic reporting principles, methods, and templates.
- Ability to recognize and mitigate cognitive biases which may affect analysis
- Ability to clearly articulate intelligence requirements into well-formulated research questions and requests for information
- Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner
- Ability to develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists
Target audience (who should attend):
This course is intended for
-Intelligence analysts, open-source intelligence collectors, researchers, cyber risk management professionals, incident response leadership, security operations leadership, CISO, CIO, students, cybercrime investigators, analytic report writers, recipients of internal and external intelligence (critical), curious professionals wishing to learn cyber intelligence tradecraft and intelligence strategies.
Requirements (knowledge pre-requisites)
Students should
-be familiar with Internet browsers, Office 365, general intelligence concepts
Hardware/Software Requirements
Students should have
-Laptop with administrative access, 8GB RAM, 100GB free hard drive space, Windows operating system works best but Mac with a VM for Windows works as well.
Students who complete the course will be certified as Cyber Intelligence Tradecraft Professional. 46 CPEs awarded for the course. This course is highly specialized following intelligence community tradecraft. You won’t get this at SANS. You won't get this anywhere but from Treadstone 71. If you want purely technical, then this is not the course for you. If you want tradecraft that lays the foundation for a solid program, education that creates a lasting impact, then this is the course for you.
Course books and manuals will be provided to students upon accepted enrollment. This course follows traditional intelligence community tradecraft. Treadstone 71 has been teaching cyber intelligence courses in various forms for six years. From academic settings and corporate environments to government facilities. Our customers include some of the largest firms in the world many of whom are part of critical infrastructures recognizing the need to learn how to create intelligence (www.treadstone71.com). We support our training with onsite consulting services that teach you how to create a sustainable program aligned to stakeholders. Ultimately, we teach you what most vendors cannot or will not – how to fish for yourself.
Course Fee, Course Lab, and Materials Fee (includes books, templates, structured techniques application, etc.).
This course combines lecture, research, and hands-on team assignments. Students are best served using a PC but a MAC will do (a virtual machine running windows on the Mac is best if you only have a Mac).
How is this course different from the current Treadstone 71 Cyber Intelligence course?
This course provides definitive sections along the intelligence lifecycle that are in-depth. Students are required to demonstrate understanding and use of collection methods using defined targets and target case studies, understanding and applying analytic techniques, when and how to use analytic techniques and analytic types. Students are presented case studies for analysis, required to use tradecraft methods, and provide written reports in standard analytic format. Students are also required to orally present their deliverables to the class. You will leave this course with the tools, methods, and understanding necessary to enhance your intelligence program.
“The Cyber Intelligence Training delivered and created by Jeff Bardin will add rapid returns to both Cyber Intel Analysts, and your Security Operations. This very thorough class adequately prepares the student for your Cyber Intelligence function. This class starts with the history of intelligence as a tradecraft and the evolution to the digital corporate world. Along the way, each student receives quality instruction and hands-on experience with today’s OSINT tools. This is necessary for anyone new to Cyber Intelligence and complimentary to any Security Operations within your enterprise. This class provides the student with the resources and fundamentals needed to establish cyber intelligence as a force as both a proactive offensive step and a counter intelligence-contributing arm of your larger team.”
“The class was very detail orientated with a strong focus on the work of Cyber threats and how to better secure your assets against potential attacks. For most scenarios, we went through he had an open-source tool, or the link to a paid version, to monitor or prevent the attacks from occurring. He was able to answer each and every question asked with specific details, and then some. I would sign up again right away for any other classes offered by Jeff.”
"Fantastic class that gets to the foundational aspects of traditional tradecraft. We studied hard examining recent attack campaigns. The analysis training prepared me for real-world efforts. Have to say this is one of the best classes I have ever taken having taken many from SANS. SANS does not compare. They are more of a class mill today. The Treadstone 71 course material is unique, focused, and timely."
“The Cyber Intelligence training offered by Treadstone71 is definitely an outstanding course and I recommend it for any organization looking to implement an intelligence capability. Jeff Bardin is extremely knowledgeable in the intelligence tradecraft and applies it to the cyber realm in a way that is understandable, exciting to learn, and makes it easy to achieve “quick wins” in the organization after completing his class. Jeff provided the class with a multitude of tools, templates, and documents that can immediately be used by any organization focused on intelligence collection and analysis. Jeff arrived well prepared to teach the course and one of the most impressive aspects of the class was that he presented the material in a way that displayed his personal knowledge and experience in the field rather than relying solely on book material. We intend to continue leveraging Jeff’s services as we mature our cyber intelligence capability and highly recommend Treadstone71’s services to any organization.”
“This is one of the best, if not the best, Cyber Threat Intelligence training course I've attended.”
“This course was excellent. I was concerned coming into it that I would already know all the course material (I have been doing this sort of work for 15 years, specifically the type of work this course covered). As it turns out, it was a good reminder of what I should be doing to improve structure and rigor, and provided good tools, some of which I had not seen before. If I was new to this field or looking for a good insight into how Intelligence should work (i.e.: most of the rest of the class), I believe this would have provided even more value. I have already recommended it to a couple of my former colleagues in this line of business and would happily recommend it for future use by ########.”
Course material is not for resale or commercial use outside the end-user license agreement. Course material may not be used for competitive purposes.
Your Instructor
Treadstone 71 is a woman and veteran-owned small business exclusively focused on cyber and threat intelligence consulting, services, and training. We are a pure-play intelligence shop.
Training dates and locations here
Since 2002, Treadstone 71 delivers intelligence training, strategic, operational, and tactical intelligence consulting, and research. We provide a seamless extension of your organization efficiently and effectively moving your organization to cyber intelligence program maturity. Our training, established in 2008, follows intelligence community standards as applied to the ever-changing threat environment delivering forecasts and estimates as intelligence intends. From baseline research to adversary targeted advisories and dossiers, Treadstone 71 products align with your intelligence requirements. We do not follow the create once and deliver many model. We contextually tie our products to your needs. Intelligence is our only business.
- We use intuition, structured techniques, and years of experience.
- We supply intelligence based on clearly defined requirements.
- We do not assign five people to do a job only one with experience.
- We do not bid base bones only to change order you to overspending.
We are known for our ability to:
- Anticipate key target or threat activities that are likely to prompt a leadership decision.
- Aid in coordinating, validating, and managing collection requirements, plans, and activities.
- Monitor and report changes in threat dispositions, activities, tactics, capabilities, objectives as related to designated cyber operations warning problem sets.
- Produce timely, fused, all-source cyber operations intelligence and indications and warnings intelligence products (e.g., threat assessments, briefings, intelligence studies, country studies).
- Provide intelligence analysis and support to designated exercises, planning activities, and time-sensitive operations.
- Develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or no precedent exists.
- Recognize and mitigate deception in reporting and analysis.
Assess intelligence, recommend targets to support operational objectives. - Assess target vulnerabilities and capabilities to determine a course of action.
- Assist in the development of priority information requirements.
- Enable synchronization of intelligence support plans across the supply chain.
- ...and Review and understand organizational leadership objectives and planning guidance non-inclusively.