Cyber Threat Intelligence Analysis

This five-day, instructor-led cyber threat intelligence training course teaches network defenders to collect, analyze, and apply targeted cyber intelligence to defensive operations. The instruction provided enables students to proactively act on and adapt to sophisticated attacks by cyber adversaries. The limited signature and heuristic analysis capabilities of antivirus software and intrusion detection and prevention systems (IDS/IPS) causes them to become less effective as counter-detection tools as malicious software improves. Whitelisting and sandboxing technologies mitigate many host-based attacks, but that alone is not enough. To identify and prioritize threats to the network, defenders require additional methodologies of analysis and attribution of advanced persistent threat actors.

This course applies the intelligence cycle to full-spectrum exercise of proactive network defense. It is intended as the core competency of threat intelligence operations and as the precursor to additional technical intelligence collection courses. It provides students with the all-source methodology of employing cyber collection sources and disciplines in a cumulative effort to apply to network defensive postures. When properly employed, this process fosters an environment of preemptive action. Network defenders and operators are equipped with the tools, techniques, and procedures to generate timely, relevant, and actionable intelligence.

The principle objective of Cyber Threat Intelligence Analysis training is to equip students with a modern methodology for characterizing, investigating, attributing, and responding to advanced cyber threats. Network defenders, intelligence analysts, and other security operations personnel acquire the tools to work in a collaborative, real-time environment. Students should expect to leave this course with proficiency in intelligence-driven network defense operations.

Instructors teach the intelligence-driven operations cycle – data collection, exploitation, analysis, reporting, and dissemination – to develop the student’s methods of identifying threats and assessing and prioritizing risk. Students are introduced to cyber intelligence sourcing, risk management and assessment, indicators of compromise, and the application and assessment of adversarial profiles and tools, techniques, and procedures.


40 hours of course work, ideally delivered over five consecutive business days.


There are no prerequisites for course attendance, but students benefit from possessing a relative working knowledge of networking and network security.


Individuals tasked with network defense, internal risk assessment, or the analysis of cyber threats to their respective organizations network benefit from the information provided in this course.


Course includes a certificate of attendance.



Human-Led. Technology-Accelerated.

Email Call 719.368.3677 (M-F 8-5)