Mastering Cyber Threat Intelligence for Future-Proof Security Careers
You're not just another cybersecurity professional trying to stay ahead of the curve. You're on the front lines, facing a reality no one talks about: the threat landscape is evolving faster than your training can keep up, and the pressure to detect, respond, and report with precision is nonstop. Every alert could be noise-or it could be the start of a breach that takes down critical systems. Without a structured, intelligence-driven methodology, you’re reacting in the dark, not leading with confidence. Promotions stall. Projects get deprioritised. Opportunities pass you by while others with advanced frameworks and proven frameworks move ahead. Mastering Cyber Threat Intelligence for Future-Proof Security Careers is not another theoretical overview. It's your step-by-step system for transforming raw threat data into strategic intelligence that drives faster detection, stronger defences, and measurable business impact. This course delivers a complete pipeline-from identifying indicators of compromise to building threat actor profiles, mapping TTPs, and producing board-level reporting-all within 30 days. You’ll finish with a real-world threat intelligence dossier, a portfolio-ready use case, and a globally-recognised Certificate of Completion issued by The Art of Service. Just like Michael T., a SOC analyst in London, who used this exact framework to reduce false positives by 41% within two weeks of applying the techniques, earning a cross-functional leadership role on his organisation’s cyber threat taskforce. He didn’t just improve operations-he became indispensable. This isn’t about surviving the next attack. It’s about controlling the narrative, future-proofing your career, and commanding authority across technical and executive teams. Here’s how this course is structured to help you get there.Course Format & Delivery Details Self-Paced, Immediate Online Access - Learn on Your Schedule, Anytime, Anywhere This course is designed for professionals like you-busy, mission-driven, and unwilling to compromise on quality. As a self-paced, on-demand learning experience, you can begin the moment you enrol, progress at your own speed, and revisit content as needed, with no fixed start dates or time commitments. Most learners complete the core curriculum and apply it to a real-world project in under 25 hours, with many reporting actionable results in their current roles within the first 10 days. Lifetime Access & Future Updates Included
Your investment isn’t limited to today’s knowledge. You receive lifetime access to all course materials, including every future update at no additional cost. As new threat actors, frameworks, and tools emerge, your access evolves with them-ensuring your intelligence skills stay industry-relevant for years to come. 24/7 Global, Mobile-Friendly Access
Access the full course from any device-laptop, tablet, or smartphone-anytime, anywhere in the world. The responsive format ensures a seamless experience whether you're reviewing modules during a commute or finalising your threat report between incidents. Instructor Support & Expert Guidance
You’re not learning in isolation. Gain direct access to experienced cyber threat intelligence practitioners through structured Q&A channels and curated feedback loops. Support is timely, practical, and tailored to real operational challenges-no automated replies, no generic answers. Certificate of Completion Issued by The Art of Service
Upon finishing the course and submitting your final threat intelligence project, you’ll earn a Certificate of Completion issued by The Art of Service-a globally-recognised credential trusted by professionals in over 140 countries. Add it to your LinkedIn, resume, or performance review to validate advanced capability and initiative. Transparent, One-Time Pricing - No Hidden Fees
The price you see is the price you pay. No subscription traps, no surprise charges. Full access, lifetime updates, and certification are all included upfront. We accept Visa, Mastercard, and PayPal for fast, secure transactions. Full 30-Day Satisfied-or-Refunded Guarantee
We remove the risk. If you complete the first three modules and don’t believe this course will transform your threat intelligence capability, email us within 30 days for a full refund-no questions asked, no hoops to jump through. Your success is our priority. What to Expect After Enrollment
After completing your registration, you’ll receive a confirmation email. Your course access credentials and welcome materials will be delivered separately once your learner profile is activated and the system confirms readiness-this ensures a smooth, error-free start. Will This Work for Me?
Yes-whether you’re a blue team analyst, incident responder, security consultant, or aspiring threat hunter. This course was built from real-world frameworks used in Fortune 500 SOCs, national CERTs, and government intelligence units. We focus on universal principles, not niche environments. You’ll find detailed walkthroughs tailored to roles including: - Security Operations Analysts needing structured alert triage
- Incident Responders looking to accelerate containment
- Threat Hunters seeking advanced pattern detection
- Compliance Officers required to demonstrate proactive defence
- IT Managers building internal intelligence programmes
This works even if: you’ve never written an intelligence report, have limited access to threat feeds, work in a small team, or feel overwhelmed by SIEM noise. The frameworks are modular, scalable, and built for real-world constraints. You gain clarity, not more complexity. With a proven path, actionable templates, and step-by-step workflows, the only requirement is your commitment to apply what you learn. This is risk-reversed, career-intelligent learning. You gain lifetime tools, a credential that stands out, and the ability to turn noise into strategy-all without leaving your current role.
Module 1: Foundations of Cyber Threat Intelligence - Defining Cyber Threat Intelligence: Beyond Reactive Security
- The Intelligence Lifecycle: Plan, Collect, Process, Analyse, Disseminate, Feedback
- Differentiating Strategic, Tactical, Operational, and Technical Intelligence
- Understanding the Role of CTI in Modern Security Programmes
- Leveraging Intelligence to Align Security with Business Objectives
- Common Misconceptions and Myths About Threat Intelligence
- The Evolution of Cyber Threats: From Opportunistic to Nation-State
- Threat Intelligence Maturity Model and Self-Assessment
- Mapping Intelligence Outputs to Stakeholder Needs
- Introducing the Cyber Threat Intelligence Capability Framework
Module 2: Intelligence Requirements and Planning - Identifying Key Intelligence Topics (KITs) for Your Organisation
- Developing Priority Intelligence Requirements (PIRs)
- Aligning Intelligence Goals with Business Risk Appetite
- Creating Stakeholder-Specific Intelligence Questions
- Mapping Intelligence Needs Across Departments (Legal, IT, Exec, Board)
- Designing an Intelligence Collection Plan
- Prioritising Collection Based on Impact and Likelihood
- Building an Intelligence Request Template for Internal Teams
- Using PIRs to Drive Proactive Defence Initiatives
- Integrating PIRs into Incident Response Playbooks
Module 3: Open-Source Intelligence (OSINT) Gathering - Systematic OSINT Collection for Cyber Threat Research
- Identifying Reliable Threat Intelligence Forums and Communities
- Using Search Operators to Extract Hidden Threat Data
- Monitoring Hacker Infrastructures via Public Repositories
- Extracting Indicators from Past Breach Disclosures
- Analysing Dark Web Mentions Without Direct Access
- Crawling Public Chatter for Early Attack Signals
- Automating OSINT with Advanced Search Scripts and Queries
- Validating the Credibility of OSINT Sources
- Documenting OSINT Findings with Chain-of-Custody Standards
Module 4: Closed and Commercial Threat Intelligence Sources - Evaluating Commercial Threat Feeds (CTI Providers)
- Understanding Tiered Intelligence Service Offerings
- Assessing Data Freshness, Accuracy, and Relevance
- Integrating Vendor Dissemination Formats (STIX/TAXII, CSV)
- Mapping Feeds to Your Organisation’s Attack Surface
- Filtering Noise from High-Value Indicators
- Negotiating Access to Tiered Threat Intelligence Programmes
- Using ISACs and ISAOs for Peer-Based Intelligence Sharing
- Leveraging Government and CERT Bulletins
- Analysing Closed-Source Reports from Private Intel Firms
Module 5: Internal Data Collection and Telemetry - Identifying Internal Data Sources for Intelligence Enrichment
- Extracting Indicators from SIEM, EDR, and Firewall Logs
- Building Asset Inventory for Targeted Threat Analysis
- Mapping Network Flows to Detect Exfiltration Patterns
- Correlating Authentication Logs with Anomalous Behaviour
- Collecting DNS, Proxy, and Email Gateway Artifacts
- Using Sysmon and Host-Based Monitoring for IOCs
- Creating Feedback Loops from Incident Response Cases
- Developing Automated IOC Extraction Scripts
- Maintaining a Secure Internal Threat Repository
Module 6: Indicator of Compromise (IOC) Processing - Normalising Raw Indicators Across Formats and Sources
- Classifying IOCs: IP Addresses, Domains, URLs, Hashes, User Agents
- Validating Indicator Accuracy and Avoiding False Positives
- Automating IOC Parsing Using Regex and Scripting Tools
- Storing, Tagging, and Indexing IOCs for Rapid Retrieval
- Deconflicting Duplicates and Outdated Indicators
- Enriching IOCs with Geolocation and Reputation Data
- Analysing Temporal Patterns in IOC Activity
- Linking IOCs to Known Campaigns and Actors
- Creating Trusted IOC Feeds for Internal Consumption
Module 7: Threat Actor Profiling and Attribution - Classifying Threat Actors: APTs, Cybercriminals, Hacktivists, Insiders
- Researching Known Groups: Origins, Motives, and Sectors Targeted
- Mapping Actor Infrastructure Using Passive DNS
- Analysing Communication Patterns and Tool Reuse
- Using MITRE ATT&CK to Identify Actor Tradecraft
- Building Actor Profiles with Persistent Fingerprints
- Attribution Challenges and Legal Boundaries
- Differentiating Confidence Levels in Attribution
- Documenting Profiles in a Shareable Threat Library
- Updating Profiles Based on New Campaign Data
Module 8: Behavioural Analysis with MITRE ATT&CK - Introduction to the MITRE ATT&CK Framework
- Understanding Tactics, Techniques, and Procedures (TTPs)
- Mapping Observed Activities to ATT&CK Categories
- Using ATT&CK for Security Control Gap Analysis
- Developing TTP-Based Detection Rules
- Visualising Adversary Paths Using ATT&CK Navigator
- Correlating IOCs with Specific ATT&CK Techniques
- Analysing TTP Prevalence Across Campaigns
- Leveraging ATT&CK for Red Team Planning
- Conducting TTP-Based Threat Hunting Exercises
Module 9: Intelligence Analysis Techniques - Applying Structured Analytical Techniques (SATs)
- Using Analysis of Competing Hypotheses (ACH)
- Creating Link Analysis Diagrams for Incident Reconstruction
- Applying Temporal and Spatial Analysis to IOCs
- Conducting Scenario-Based Intelligence Forecasting
- Developing Hypotheses from Fragmented Data
- Triangulating Evidence from Multiple Sources
- Using Confidence Scales and Analytical Judgement
- Writing Tentative Assessments for Peer Review
- Integrating Analyst Cognitive Biases into Reporting
Module 10: Threat Intelligence Platforms (TIPs) and Tools - Overview of Leading Threat Intelligence Platforms
- Choosing a TIP Based on Organisational Size and Goals
- Configuring Data Ingestion from Multiple Sources
- Automating Enrichment with Threat Feeds
- Building Custom Workflows and Playbooks Inside a TIP
- Using API Integrations to Connect SIEM and SOAR
- Creating Automated IOC Distribution Lists
- Setting Up Alerting Rules Based on Confidence
- Generating Reports Directly from Platform Data
- Managing User Roles and Access Within a TIP
Module 11: Strategic Intelligence Reporting - Understanding the Audience: Technical vs Executive Reports
- Structuring High-Impact Intelligence Briefings
- Writing Clear, Actionable Executive Summaries
- Using Visuals to Communicate Threat Trends
- Incorporating Risk Metrics and Business Exposure
- Presenting Intelligence to Non-Technical Stakeholders
- Developing Monthly Threat Landscape Reports
- Tailoring Reports for Board-Level Consumption
- Linking Intelligence to Cyber Insurance and Compliance
- Distributing Reports with Secure Sharing Protocols
Module 12: Tactical Intelligence for Incident Response - Embedding Intelligence into IR Runbooks
- Using IOCs to Accelerate Triage and Containment
- Mapping Incidents to Known Threat Actors
- Identifying Lateral Movement Through TTP Patterns
- Anticipating Attacker Next Steps Based on TTPs
- Improving Detection Rules Using Observations
- Creating IOC Packages for Immediate Blockage
- Supporting Forensic Analysis with Contextual Data
- Updating IR Playbooks with Intelligence Insights
- Drafting Post-Incident Intelligence Summaries
Module 13: Operational Intelligence for Proactive Defence - Conducting Threat Hunting with Intelligence Guidance
- Developing Hypothesis-Driven Hunting Campaigns
- Using Threat Actor Profiles to Simulate Attack Paths
- Applying IOCs to Historical Log Retrohunting
- Identifying Dormant Compromises via Anomalous Patterns
- Integrating Threat Hunting Findings into Reporting
- Building Custom Detection Logic from Threat Insights
- Improving EDR and SIEM Coverage Using TTPs
- Deploying Decoys and Honeypots Informed by Intelligence
- Conducting Preemptive Infrastructure Hardening
Module 14: Automating Intelligence Workflows - Introduction to SOAR and Intelligence Automation
- Automating IOC Enrichment and Validation
- Building Playbooks for IOC Triage and Blockage
- Using Python Scripts to Parse and Cross-Reference Feeds
- Integrating JSON and CSV Outputs into Workflows
- Scheduling Regular Threat Report Generation
- Automating Threat Feed Subscriptions and Updates
- Developing Custom Alert Triggers Based on Intel Rules
- Creating Feedback Mechanisms for False Positives
- Versioning Intelligence Workflows for Audit and Review
Module 15: Legal, Ethical, and Operational Security - Understanding Legal Boundaries of Threat Intelligence
- Complying with Data Privacy Laws (GDPR, CCPA, etc.)
- Handling Sensitive Indicators and Attribution Data
- Securing Your Intelligence Repository
- Implementing Need-to-Know Access Controls
- Avoiding Sinkholing and Active Measures
- Maintaining OPSEC When Researching Threat Actors
- Reporting Responsibilities to Authorities
- Documenting Intelligence Activities for Audits
- Establishing an Intelligence Use Policy
Module 16: Building an In-House Threat Intelligence Programme - Developing a Programme Roadmap and Phased Rollout
- Defining Roles: Analyst, Manager, Consumer, Liaison
- Securing Budget and Executive Sponsorship
- Establishing Key Performance Indicators (KPIs)
- Measuring Programme Impact on Detection and Response
- Creating a Culture of Intelligence Sharing
- Training Teams on Leveraging Internal Intelligence
- Scaling the Programme Across Geographies
- Partnering with External Sharing Alliances
- Conducting Regular Programme Reviews
Module 17: Real-World Threat Intelligence Dossier Project - Guided Project: Build a Complete Threat Intelligence Dossier
- Selecting a Real or Simulated Threat Campaign
- Collecting and Validating IOCs from Multiple Sources
- Using MITRE ATT&CK to Map Full TTP Chain
- Developing a Threat Actor Profile with Motives and Targets
- Analysing Infrastructure and Command-and-Control Patterns
- Assessing Impact and Likelihood for Your Sector
- Drafting Tactical Recommendations for IR and Defence
- Writing a Strategic Executive Briefing
- Peer-Reviewing Dossiers Using Professional Standards
Module 18: Certification and Career Advancement - How to Submit Your Final Project for Evaluation
- Review Criteria for Certificate of Completion
- Incorporating Your Dossier into Your Professional Portfolio
- Adding the Certification to LinkedIn and Resumes
- Leveraging Certification in Performance Reviews
- Positioning Yourself for Threat Intelligence Roles
- Negotiating Higher Compensation with Demonstrated Skills
- Preparing for Interviews Using Real Project Outcomes
- Accessing Advanced Learning Pathways and Specialisations
- Lifetime Alumni Support and Resource Updates
- Defining Cyber Threat Intelligence: Beyond Reactive Security
- The Intelligence Lifecycle: Plan, Collect, Process, Analyse, Disseminate, Feedback
- Differentiating Strategic, Tactical, Operational, and Technical Intelligence
- Understanding the Role of CTI in Modern Security Programmes
- Leveraging Intelligence to Align Security with Business Objectives
- Common Misconceptions and Myths About Threat Intelligence
- The Evolution of Cyber Threats: From Opportunistic to Nation-State
- Threat Intelligence Maturity Model and Self-Assessment
- Mapping Intelligence Outputs to Stakeholder Needs
- Introducing the Cyber Threat Intelligence Capability Framework
Module 2: Intelligence Requirements and Planning - Identifying Key Intelligence Topics (KITs) for Your Organisation
- Developing Priority Intelligence Requirements (PIRs)
- Aligning Intelligence Goals with Business Risk Appetite
- Creating Stakeholder-Specific Intelligence Questions
- Mapping Intelligence Needs Across Departments (Legal, IT, Exec, Board)
- Designing an Intelligence Collection Plan
- Prioritising Collection Based on Impact and Likelihood
- Building an Intelligence Request Template for Internal Teams
- Using PIRs to Drive Proactive Defence Initiatives
- Integrating PIRs into Incident Response Playbooks
Module 3: Open-Source Intelligence (OSINT) Gathering - Systematic OSINT Collection for Cyber Threat Research
- Identifying Reliable Threat Intelligence Forums and Communities
- Using Search Operators to Extract Hidden Threat Data
- Monitoring Hacker Infrastructures via Public Repositories
- Extracting Indicators from Past Breach Disclosures
- Analysing Dark Web Mentions Without Direct Access
- Crawling Public Chatter for Early Attack Signals
- Automating OSINT with Advanced Search Scripts and Queries
- Validating the Credibility of OSINT Sources
- Documenting OSINT Findings with Chain-of-Custody Standards
Module 4: Closed and Commercial Threat Intelligence Sources - Evaluating Commercial Threat Feeds (CTI Providers)
- Understanding Tiered Intelligence Service Offerings
- Assessing Data Freshness, Accuracy, and Relevance
- Integrating Vendor Dissemination Formats (STIX/TAXII, CSV)
- Mapping Feeds to Your Organisation’s Attack Surface
- Filtering Noise from High-Value Indicators
- Negotiating Access to Tiered Threat Intelligence Programmes
- Using ISACs and ISAOs for Peer-Based Intelligence Sharing
- Leveraging Government and CERT Bulletins
- Analysing Closed-Source Reports from Private Intel Firms
Module 5: Internal Data Collection and Telemetry - Identifying Internal Data Sources for Intelligence Enrichment
- Extracting Indicators from SIEM, EDR, and Firewall Logs
- Building Asset Inventory for Targeted Threat Analysis
- Mapping Network Flows to Detect Exfiltration Patterns
- Correlating Authentication Logs with Anomalous Behaviour
- Collecting DNS, Proxy, and Email Gateway Artifacts
- Using Sysmon and Host-Based Monitoring for IOCs
- Creating Feedback Loops from Incident Response Cases
- Developing Automated IOC Extraction Scripts
- Maintaining a Secure Internal Threat Repository
Module 6: Indicator of Compromise (IOC) Processing - Normalising Raw Indicators Across Formats and Sources
- Classifying IOCs: IP Addresses, Domains, URLs, Hashes, User Agents
- Validating Indicator Accuracy and Avoiding False Positives
- Automating IOC Parsing Using Regex and Scripting Tools
- Storing, Tagging, and Indexing IOCs for Rapid Retrieval
- Deconflicting Duplicates and Outdated Indicators
- Enriching IOCs with Geolocation and Reputation Data
- Analysing Temporal Patterns in IOC Activity
- Linking IOCs to Known Campaigns and Actors
- Creating Trusted IOC Feeds for Internal Consumption
Module 7: Threat Actor Profiling and Attribution - Classifying Threat Actors: APTs, Cybercriminals, Hacktivists, Insiders
- Researching Known Groups: Origins, Motives, and Sectors Targeted
- Mapping Actor Infrastructure Using Passive DNS
- Analysing Communication Patterns and Tool Reuse
- Using MITRE ATT&CK to Identify Actor Tradecraft
- Building Actor Profiles with Persistent Fingerprints
- Attribution Challenges and Legal Boundaries
- Differentiating Confidence Levels in Attribution
- Documenting Profiles in a Shareable Threat Library
- Updating Profiles Based on New Campaign Data
Module 8: Behavioural Analysis with MITRE ATT&CK - Introduction to the MITRE ATT&CK Framework
- Understanding Tactics, Techniques, and Procedures (TTPs)
- Mapping Observed Activities to ATT&CK Categories
- Using ATT&CK for Security Control Gap Analysis
- Developing TTP-Based Detection Rules
- Visualising Adversary Paths Using ATT&CK Navigator
- Correlating IOCs with Specific ATT&CK Techniques
- Analysing TTP Prevalence Across Campaigns
- Leveraging ATT&CK for Red Team Planning
- Conducting TTP-Based Threat Hunting Exercises
Module 9: Intelligence Analysis Techniques - Applying Structured Analytical Techniques (SATs)
- Using Analysis of Competing Hypotheses (ACH)
- Creating Link Analysis Diagrams for Incident Reconstruction
- Applying Temporal and Spatial Analysis to IOCs
- Conducting Scenario-Based Intelligence Forecasting
- Developing Hypotheses from Fragmented Data
- Triangulating Evidence from Multiple Sources
- Using Confidence Scales and Analytical Judgement
- Writing Tentative Assessments for Peer Review
- Integrating Analyst Cognitive Biases into Reporting
Module 10: Threat Intelligence Platforms (TIPs) and Tools - Overview of Leading Threat Intelligence Platforms
- Choosing a TIP Based on Organisational Size and Goals
- Configuring Data Ingestion from Multiple Sources
- Automating Enrichment with Threat Feeds
- Building Custom Workflows and Playbooks Inside a TIP
- Using API Integrations to Connect SIEM and SOAR
- Creating Automated IOC Distribution Lists
- Setting Up Alerting Rules Based on Confidence
- Generating Reports Directly from Platform Data
- Managing User Roles and Access Within a TIP
Module 11: Strategic Intelligence Reporting - Understanding the Audience: Technical vs Executive Reports
- Structuring High-Impact Intelligence Briefings
- Writing Clear, Actionable Executive Summaries
- Using Visuals to Communicate Threat Trends
- Incorporating Risk Metrics and Business Exposure
- Presenting Intelligence to Non-Technical Stakeholders
- Developing Monthly Threat Landscape Reports
- Tailoring Reports for Board-Level Consumption
- Linking Intelligence to Cyber Insurance and Compliance
- Distributing Reports with Secure Sharing Protocols
Module 12: Tactical Intelligence for Incident Response - Embedding Intelligence into IR Runbooks
- Using IOCs to Accelerate Triage and Containment
- Mapping Incidents to Known Threat Actors
- Identifying Lateral Movement Through TTP Patterns
- Anticipating Attacker Next Steps Based on TTPs
- Improving Detection Rules Using Observations
- Creating IOC Packages for Immediate Blockage
- Supporting Forensic Analysis with Contextual Data
- Updating IR Playbooks with Intelligence Insights
- Drafting Post-Incident Intelligence Summaries
Module 13: Operational Intelligence for Proactive Defence - Conducting Threat Hunting with Intelligence Guidance
- Developing Hypothesis-Driven Hunting Campaigns
- Using Threat Actor Profiles to Simulate Attack Paths
- Applying IOCs to Historical Log Retrohunting
- Identifying Dormant Compromises via Anomalous Patterns
- Integrating Threat Hunting Findings into Reporting
- Building Custom Detection Logic from Threat Insights
- Improving EDR and SIEM Coverage Using TTPs
- Deploying Decoys and Honeypots Informed by Intelligence
- Conducting Preemptive Infrastructure Hardening
Module 14: Automating Intelligence Workflows - Introduction to SOAR and Intelligence Automation
- Automating IOC Enrichment and Validation
- Building Playbooks for IOC Triage and Blockage
- Using Python Scripts to Parse and Cross-Reference Feeds
- Integrating JSON and CSV Outputs into Workflows
- Scheduling Regular Threat Report Generation
- Automating Threat Feed Subscriptions and Updates
- Developing Custom Alert Triggers Based on Intel Rules
- Creating Feedback Mechanisms for False Positives
- Versioning Intelligence Workflows for Audit and Review
Module 15: Legal, Ethical, and Operational Security - Understanding Legal Boundaries of Threat Intelligence
- Complying with Data Privacy Laws (GDPR, CCPA, etc.)
- Handling Sensitive Indicators and Attribution Data
- Securing Your Intelligence Repository
- Implementing Need-to-Know Access Controls
- Avoiding Sinkholing and Active Measures
- Maintaining OPSEC When Researching Threat Actors
- Reporting Responsibilities to Authorities
- Documenting Intelligence Activities for Audits
- Establishing an Intelligence Use Policy
Module 16: Building an In-House Threat Intelligence Programme - Developing a Programme Roadmap and Phased Rollout
- Defining Roles: Analyst, Manager, Consumer, Liaison
- Securing Budget and Executive Sponsorship
- Establishing Key Performance Indicators (KPIs)
- Measuring Programme Impact on Detection and Response
- Creating a Culture of Intelligence Sharing
- Training Teams on Leveraging Internal Intelligence
- Scaling the Programme Across Geographies
- Partnering with External Sharing Alliances
- Conducting Regular Programme Reviews
Module 17: Real-World Threat Intelligence Dossier Project - Guided Project: Build a Complete Threat Intelligence Dossier
- Selecting a Real or Simulated Threat Campaign
- Collecting and Validating IOCs from Multiple Sources
- Using MITRE ATT&CK to Map Full TTP Chain
- Developing a Threat Actor Profile with Motives and Targets
- Analysing Infrastructure and Command-and-Control Patterns
- Assessing Impact and Likelihood for Your Sector
- Drafting Tactical Recommendations for IR and Defence
- Writing a Strategic Executive Briefing
- Peer-Reviewing Dossiers Using Professional Standards
Module 18: Certification and Career Advancement - How to Submit Your Final Project for Evaluation
- Review Criteria for Certificate of Completion
- Incorporating Your Dossier into Your Professional Portfolio
- Adding the Certification to LinkedIn and Resumes
- Leveraging Certification in Performance Reviews
- Positioning Yourself for Threat Intelligence Roles
- Negotiating Higher Compensation with Demonstrated Skills
- Preparing for Interviews Using Real Project Outcomes
- Accessing Advanced Learning Pathways and Specialisations
- Lifetime Alumni Support and Resource Updates
- Systematic OSINT Collection for Cyber Threat Research
- Identifying Reliable Threat Intelligence Forums and Communities
- Using Search Operators to Extract Hidden Threat Data
- Monitoring Hacker Infrastructures via Public Repositories
- Extracting Indicators from Past Breach Disclosures
- Analysing Dark Web Mentions Without Direct Access
- Crawling Public Chatter for Early Attack Signals
- Automating OSINT with Advanced Search Scripts and Queries
- Validating the Credibility of OSINT Sources
- Documenting OSINT Findings with Chain-of-Custody Standards
Module 4: Closed and Commercial Threat Intelligence Sources - Evaluating Commercial Threat Feeds (CTI Providers)
- Understanding Tiered Intelligence Service Offerings
- Assessing Data Freshness, Accuracy, and Relevance
- Integrating Vendor Dissemination Formats (STIX/TAXII, CSV)
- Mapping Feeds to Your Organisation’s Attack Surface
- Filtering Noise from High-Value Indicators
- Negotiating Access to Tiered Threat Intelligence Programmes
- Using ISACs and ISAOs for Peer-Based Intelligence Sharing
- Leveraging Government and CERT Bulletins
- Analysing Closed-Source Reports from Private Intel Firms
Module 5: Internal Data Collection and Telemetry - Identifying Internal Data Sources for Intelligence Enrichment
- Extracting Indicators from SIEM, EDR, and Firewall Logs
- Building Asset Inventory for Targeted Threat Analysis
- Mapping Network Flows to Detect Exfiltration Patterns
- Correlating Authentication Logs with Anomalous Behaviour
- Collecting DNS, Proxy, and Email Gateway Artifacts
- Using Sysmon and Host-Based Monitoring for IOCs
- Creating Feedback Loops from Incident Response Cases
- Developing Automated IOC Extraction Scripts
- Maintaining a Secure Internal Threat Repository
Module 6: Indicator of Compromise (IOC) Processing - Normalising Raw Indicators Across Formats and Sources
- Classifying IOCs: IP Addresses, Domains, URLs, Hashes, User Agents
- Validating Indicator Accuracy and Avoiding False Positives
- Automating IOC Parsing Using Regex and Scripting Tools
- Storing, Tagging, and Indexing IOCs for Rapid Retrieval
- Deconflicting Duplicates and Outdated Indicators
- Enriching IOCs with Geolocation and Reputation Data
- Analysing Temporal Patterns in IOC Activity
- Linking IOCs to Known Campaigns and Actors
- Creating Trusted IOC Feeds for Internal Consumption
Module 7: Threat Actor Profiling and Attribution - Classifying Threat Actors: APTs, Cybercriminals, Hacktivists, Insiders
- Researching Known Groups: Origins, Motives, and Sectors Targeted
- Mapping Actor Infrastructure Using Passive DNS
- Analysing Communication Patterns and Tool Reuse
- Using MITRE ATT&CK to Identify Actor Tradecraft
- Building Actor Profiles with Persistent Fingerprints
- Attribution Challenges and Legal Boundaries
- Differentiating Confidence Levels in Attribution
- Documenting Profiles in a Shareable Threat Library
- Updating Profiles Based on New Campaign Data
Module 8: Behavioural Analysis with MITRE ATT&CK - Introduction to the MITRE ATT&CK Framework
- Understanding Tactics, Techniques, and Procedures (TTPs)
- Mapping Observed Activities to ATT&CK Categories
- Using ATT&CK for Security Control Gap Analysis
- Developing TTP-Based Detection Rules
- Visualising Adversary Paths Using ATT&CK Navigator
- Correlating IOCs with Specific ATT&CK Techniques
- Analysing TTP Prevalence Across Campaigns
- Leveraging ATT&CK for Red Team Planning
- Conducting TTP-Based Threat Hunting Exercises
Module 9: Intelligence Analysis Techniques - Applying Structured Analytical Techniques (SATs)
- Using Analysis of Competing Hypotheses (ACH)
- Creating Link Analysis Diagrams for Incident Reconstruction
- Applying Temporal and Spatial Analysis to IOCs
- Conducting Scenario-Based Intelligence Forecasting
- Developing Hypotheses from Fragmented Data
- Triangulating Evidence from Multiple Sources
- Using Confidence Scales and Analytical Judgement
- Writing Tentative Assessments for Peer Review
- Integrating Analyst Cognitive Biases into Reporting
Module 10: Threat Intelligence Platforms (TIPs) and Tools - Overview of Leading Threat Intelligence Platforms
- Choosing a TIP Based on Organisational Size and Goals
- Configuring Data Ingestion from Multiple Sources
- Automating Enrichment with Threat Feeds
- Building Custom Workflows and Playbooks Inside a TIP
- Using API Integrations to Connect SIEM and SOAR
- Creating Automated IOC Distribution Lists
- Setting Up Alerting Rules Based on Confidence
- Generating Reports Directly from Platform Data
- Managing User Roles and Access Within a TIP
Module 11: Strategic Intelligence Reporting - Understanding the Audience: Technical vs Executive Reports
- Structuring High-Impact Intelligence Briefings
- Writing Clear, Actionable Executive Summaries
- Using Visuals to Communicate Threat Trends
- Incorporating Risk Metrics and Business Exposure
- Presenting Intelligence to Non-Technical Stakeholders
- Developing Monthly Threat Landscape Reports
- Tailoring Reports for Board-Level Consumption
- Linking Intelligence to Cyber Insurance and Compliance
- Distributing Reports with Secure Sharing Protocols
Module 12: Tactical Intelligence for Incident Response - Embedding Intelligence into IR Runbooks
- Using IOCs to Accelerate Triage and Containment
- Mapping Incidents to Known Threat Actors
- Identifying Lateral Movement Through TTP Patterns
- Anticipating Attacker Next Steps Based on TTPs
- Improving Detection Rules Using Observations
- Creating IOC Packages for Immediate Blockage
- Supporting Forensic Analysis with Contextual Data
- Updating IR Playbooks with Intelligence Insights
- Drafting Post-Incident Intelligence Summaries
Module 13: Operational Intelligence for Proactive Defence - Conducting Threat Hunting with Intelligence Guidance
- Developing Hypothesis-Driven Hunting Campaigns
- Using Threat Actor Profiles to Simulate Attack Paths
- Applying IOCs to Historical Log Retrohunting
- Identifying Dormant Compromises via Anomalous Patterns
- Integrating Threat Hunting Findings into Reporting
- Building Custom Detection Logic from Threat Insights
- Improving EDR and SIEM Coverage Using TTPs
- Deploying Decoys and Honeypots Informed by Intelligence
- Conducting Preemptive Infrastructure Hardening
Module 14: Automating Intelligence Workflows - Introduction to SOAR and Intelligence Automation
- Automating IOC Enrichment and Validation
- Building Playbooks for IOC Triage and Blockage
- Using Python Scripts to Parse and Cross-Reference Feeds
- Integrating JSON and CSV Outputs into Workflows
- Scheduling Regular Threat Report Generation
- Automating Threat Feed Subscriptions and Updates
- Developing Custom Alert Triggers Based on Intel Rules
- Creating Feedback Mechanisms for False Positives
- Versioning Intelligence Workflows for Audit and Review
Module 15: Legal, Ethical, and Operational Security - Understanding Legal Boundaries of Threat Intelligence
- Complying with Data Privacy Laws (GDPR, CCPA, etc.)
- Handling Sensitive Indicators and Attribution Data
- Securing Your Intelligence Repository
- Implementing Need-to-Know Access Controls
- Avoiding Sinkholing and Active Measures
- Maintaining OPSEC When Researching Threat Actors
- Reporting Responsibilities to Authorities
- Documenting Intelligence Activities for Audits
- Establishing an Intelligence Use Policy
Module 16: Building an In-House Threat Intelligence Programme - Developing a Programme Roadmap and Phased Rollout
- Defining Roles: Analyst, Manager, Consumer, Liaison
- Securing Budget and Executive Sponsorship
- Establishing Key Performance Indicators (KPIs)
- Measuring Programme Impact on Detection and Response
- Creating a Culture of Intelligence Sharing
- Training Teams on Leveraging Internal Intelligence
- Scaling the Programme Across Geographies
- Partnering with External Sharing Alliances
- Conducting Regular Programme Reviews
Module 17: Real-World Threat Intelligence Dossier Project - Guided Project: Build a Complete Threat Intelligence Dossier
- Selecting a Real or Simulated Threat Campaign
- Collecting and Validating IOCs from Multiple Sources
- Using MITRE ATT&CK to Map Full TTP Chain
- Developing a Threat Actor Profile with Motives and Targets
- Analysing Infrastructure and Command-and-Control Patterns
- Assessing Impact and Likelihood for Your Sector
- Drafting Tactical Recommendations for IR and Defence
- Writing a Strategic Executive Briefing
- Peer-Reviewing Dossiers Using Professional Standards
Module 18: Certification and Career Advancement - How to Submit Your Final Project for Evaluation
- Review Criteria for Certificate of Completion
- Incorporating Your Dossier into Your Professional Portfolio
- Adding the Certification to LinkedIn and Resumes
- Leveraging Certification in Performance Reviews
- Positioning Yourself for Threat Intelligence Roles
- Negotiating Higher Compensation with Demonstrated Skills
- Preparing for Interviews Using Real Project Outcomes
- Accessing Advanced Learning Pathways and Specialisations
- Lifetime Alumni Support and Resource Updates
- Identifying Internal Data Sources for Intelligence Enrichment
- Extracting Indicators from SIEM, EDR, and Firewall Logs
- Building Asset Inventory for Targeted Threat Analysis
- Mapping Network Flows to Detect Exfiltration Patterns
- Correlating Authentication Logs with Anomalous Behaviour
- Collecting DNS, Proxy, and Email Gateway Artifacts
- Using Sysmon and Host-Based Monitoring for IOCs
- Creating Feedback Loops from Incident Response Cases
- Developing Automated IOC Extraction Scripts
- Maintaining a Secure Internal Threat Repository
Module 6: Indicator of Compromise (IOC) Processing - Normalising Raw Indicators Across Formats and Sources
- Classifying IOCs: IP Addresses, Domains, URLs, Hashes, User Agents
- Validating Indicator Accuracy and Avoiding False Positives
- Automating IOC Parsing Using Regex and Scripting Tools
- Storing, Tagging, and Indexing IOCs for Rapid Retrieval
- Deconflicting Duplicates and Outdated Indicators
- Enriching IOCs with Geolocation and Reputation Data
- Analysing Temporal Patterns in IOC Activity
- Linking IOCs to Known Campaigns and Actors
- Creating Trusted IOC Feeds for Internal Consumption
Module 7: Threat Actor Profiling and Attribution - Classifying Threat Actors: APTs, Cybercriminals, Hacktivists, Insiders
- Researching Known Groups: Origins, Motives, and Sectors Targeted
- Mapping Actor Infrastructure Using Passive DNS
- Analysing Communication Patterns and Tool Reuse
- Using MITRE ATT&CK to Identify Actor Tradecraft
- Building Actor Profiles with Persistent Fingerprints
- Attribution Challenges and Legal Boundaries
- Differentiating Confidence Levels in Attribution
- Documenting Profiles in a Shareable Threat Library
- Updating Profiles Based on New Campaign Data
Module 8: Behavioural Analysis with MITRE ATT&CK - Introduction to the MITRE ATT&CK Framework
- Understanding Tactics, Techniques, and Procedures (TTPs)
- Mapping Observed Activities to ATT&CK Categories
- Using ATT&CK for Security Control Gap Analysis
- Developing TTP-Based Detection Rules
- Visualising Adversary Paths Using ATT&CK Navigator
- Correlating IOCs with Specific ATT&CK Techniques
- Analysing TTP Prevalence Across Campaigns
- Leveraging ATT&CK for Red Team Planning
- Conducting TTP-Based Threat Hunting Exercises
Module 9: Intelligence Analysis Techniques - Applying Structured Analytical Techniques (SATs)
- Using Analysis of Competing Hypotheses (ACH)
- Creating Link Analysis Diagrams for Incident Reconstruction
- Applying Temporal and Spatial Analysis to IOCs
- Conducting Scenario-Based Intelligence Forecasting
- Developing Hypotheses from Fragmented Data
- Triangulating Evidence from Multiple Sources
- Using Confidence Scales and Analytical Judgement
- Writing Tentative Assessments for Peer Review
- Integrating Analyst Cognitive Biases into Reporting
Module 10: Threat Intelligence Platforms (TIPs) and Tools - Overview of Leading Threat Intelligence Platforms
- Choosing a TIP Based on Organisational Size and Goals
- Configuring Data Ingestion from Multiple Sources
- Automating Enrichment with Threat Feeds
- Building Custom Workflows and Playbooks Inside a TIP
- Using API Integrations to Connect SIEM and SOAR
- Creating Automated IOC Distribution Lists
- Setting Up Alerting Rules Based on Confidence
- Generating Reports Directly from Platform Data
- Managing User Roles and Access Within a TIP
Module 11: Strategic Intelligence Reporting - Understanding the Audience: Technical vs Executive Reports
- Structuring High-Impact Intelligence Briefings
- Writing Clear, Actionable Executive Summaries
- Using Visuals to Communicate Threat Trends
- Incorporating Risk Metrics and Business Exposure
- Presenting Intelligence to Non-Technical Stakeholders
- Developing Monthly Threat Landscape Reports
- Tailoring Reports for Board-Level Consumption
- Linking Intelligence to Cyber Insurance and Compliance
- Distributing Reports with Secure Sharing Protocols
Module 12: Tactical Intelligence for Incident Response - Embedding Intelligence into IR Runbooks
- Using IOCs to Accelerate Triage and Containment
- Mapping Incidents to Known Threat Actors
- Identifying Lateral Movement Through TTP Patterns
- Anticipating Attacker Next Steps Based on TTPs
- Improving Detection Rules Using Observations
- Creating IOC Packages for Immediate Blockage
- Supporting Forensic Analysis with Contextual Data
- Updating IR Playbooks with Intelligence Insights
- Drafting Post-Incident Intelligence Summaries
Module 13: Operational Intelligence for Proactive Defence - Conducting Threat Hunting with Intelligence Guidance
- Developing Hypothesis-Driven Hunting Campaigns
- Using Threat Actor Profiles to Simulate Attack Paths
- Applying IOCs to Historical Log Retrohunting
- Identifying Dormant Compromises via Anomalous Patterns
- Integrating Threat Hunting Findings into Reporting
- Building Custom Detection Logic from Threat Insights
- Improving EDR and SIEM Coverage Using TTPs
- Deploying Decoys and Honeypots Informed by Intelligence
- Conducting Preemptive Infrastructure Hardening
Module 14: Automating Intelligence Workflows - Introduction to SOAR and Intelligence Automation
- Automating IOC Enrichment and Validation
- Building Playbooks for IOC Triage and Blockage
- Using Python Scripts to Parse and Cross-Reference Feeds
- Integrating JSON and CSV Outputs into Workflows
- Scheduling Regular Threat Report Generation
- Automating Threat Feed Subscriptions and Updates
- Developing Custom Alert Triggers Based on Intel Rules
- Creating Feedback Mechanisms for False Positives
- Versioning Intelligence Workflows for Audit and Review
Module 15: Legal, Ethical, and Operational Security - Understanding Legal Boundaries of Threat Intelligence
- Complying with Data Privacy Laws (GDPR, CCPA, etc.)
- Handling Sensitive Indicators and Attribution Data
- Securing Your Intelligence Repository
- Implementing Need-to-Know Access Controls
- Avoiding Sinkholing and Active Measures
- Maintaining OPSEC When Researching Threat Actors
- Reporting Responsibilities to Authorities
- Documenting Intelligence Activities for Audits
- Establishing an Intelligence Use Policy
Module 16: Building an In-House Threat Intelligence Programme - Developing a Programme Roadmap and Phased Rollout
- Defining Roles: Analyst, Manager, Consumer, Liaison
- Securing Budget and Executive Sponsorship
- Establishing Key Performance Indicators (KPIs)
- Measuring Programme Impact on Detection and Response
- Creating a Culture of Intelligence Sharing
- Training Teams on Leveraging Internal Intelligence
- Scaling the Programme Across Geographies
- Partnering with External Sharing Alliances
- Conducting Regular Programme Reviews
Module 17: Real-World Threat Intelligence Dossier Project - Guided Project: Build a Complete Threat Intelligence Dossier
- Selecting a Real or Simulated Threat Campaign
- Collecting and Validating IOCs from Multiple Sources
- Using MITRE ATT&CK to Map Full TTP Chain
- Developing a Threat Actor Profile with Motives and Targets
- Analysing Infrastructure and Command-and-Control Patterns
- Assessing Impact and Likelihood for Your Sector
- Drafting Tactical Recommendations for IR and Defence
- Writing a Strategic Executive Briefing
- Peer-Reviewing Dossiers Using Professional Standards
Module 18: Certification and Career Advancement - How to Submit Your Final Project for Evaluation
- Review Criteria for Certificate of Completion
- Incorporating Your Dossier into Your Professional Portfolio
- Adding the Certification to LinkedIn and Resumes
- Leveraging Certification in Performance Reviews
- Positioning Yourself for Threat Intelligence Roles
- Negotiating Higher Compensation with Demonstrated Skills
- Preparing for Interviews Using Real Project Outcomes
- Accessing Advanced Learning Pathways and Specialisations
- Lifetime Alumni Support and Resource Updates
- Classifying Threat Actors: APTs, Cybercriminals, Hacktivists, Insiders
- Researching Known Groups: Origins, Motives, and Sectors Targeted
- Mapping Actor Infrastructure Using Passive DNS
- Analysing Communication Patterns and Tool Reuse
- Using MITRE ATT&CK to Identify Actor Tradecraft
- Building Actor Profiles with Persistent Fingerprints
- Attribution Challenges and Legal Boundaries
- Differentiating Confidence Levels in Attribution
- Documenting Profiles in a Shareable Threat Library
- Updating Profiles Based on New Campaign Data
Module 8: Behavioural Analysis with MITRE ATT&CK - Introduction to the MITRE ATT&CK Framework
- Understanding Tactics, Techniques, and Procedures (TTPs)
- Mapping Observed Activities to ATT&CK Categories
- Using ATT&CK for Security Control Gap Analysis
- Developing TTP-Based Detection Rules
- Visualising Adversary Paths Using ATT&CK Navigator
- Correlating IOCs with Specific ATT&CK Techniques
- Analysing TTP Prevalence Across Campaigns
- Leveraging ATT&CK for Red Team Planning
- Conducting TTP-Based Threat Hunting Exercises
Module 9: Intelligence Analysis Techniques - Applying Structured Analytical Techniques (SATs)
- Using Analysis of Competing Hypotheses (ACH)
- Creating Link Analysis Diagrams for Incident Reconstruction
- Applying Temporal and Spatial Analysis to IOCs
- Conducting Scenario-Based Intelligence Forecasting
- Developing Hypotheses from Fragmented Data
- Triangulating Evidence from Multiple Sources
- Using Confidence Scales and Analytical Judgement
- Writing Tentative Assessments for Peer Review
- Integrating Analyst Cognitive Biases into Reporting
Module 10: Threat Intelligence Platforms (TIPs) and Tools - Overview of Leading Threat Intelligence Platforms
- Choosing a TIP Based on Organisational Size and Goals
- Configuring Data Ingestion from Multiple Sources
- Automating Enrichment with Threat Feeds
- Building Custom Workflows and Playbooks Inside a TIP
- Using API Integrations to Connect SIEM and SOAR
- Creating Automated IOC Distribution Lists
- Setting Up Alerting Rules Based on Confidence
- Generating Reports Directly from Platform Data
- Managing User Roles and Access Within a TIP
Module 11: Strategic Intelligence Reporting - Understanding the Audience: Technical vs Executive Reports
- Structuring High-Impact Intelligence Briefings
- Writing Clear, Actionable Executive Summaries
- Using Visuals to Communicate Threat Trends
- Incorporating Risk Metrics and Business Exposure
- Presenting Intelligence to Non-Technical Stakeholders
- Developing Monthly Threat Landscape Reports
- Tailoring Reports for Board-Level Consumption
- Linking Intelligence to Cyber Insurance and Compliance
- Distributing Reports with Secure Sharing Protocols
Module 12: Tactical Intelligence for Incident Response - Embedding Intelligence into IR Runbooks
- Using IOCs to Accelerate Triage and Containment
- Mapping Incidents to Known Threat Actors
- Identifying Lateral Movement Through TTP Patterns
- Anticipating Attacker Next Steps Based on TTPs
- Improving Detection Rules Using Observations
- Creating IOC Packages for Immediate Blockage
- Supporting Forensic Analysis with Contextual Data
- Updating IR Playbooks with Intelligence Insights
- Drafting Post-Incident Intelligence Summaries
Module 13: Operational Intelligence for Proactive Defence - Conducting Threat Hunting with Intelligence Guidance
- Developing Hypothesis-Driven Hunting Campaigns
- Using Threat Actor Profiles to Simulate Attack Paths
- Applying IOCs to Historical Log Retrohunting
- Identifying Dormant Compromises via Anomalous Patterns
- Integrating Threat Hunting Findings into Reporting
- Building Custom Detection Logic from Threat Insights
- Improving EDR and SIEM Coverage Using TTPs
- Deploying Decoys and Honeypots Informed by Intelligence
- Conducting Preemptive Infrastructure Hardening
Module 14: Automating Intelligence Workflows - Introduction to SOAR and Intelligence Automation
- Automating IOC Enrichment and Validation
- Building Playbooks for IOC Triage and Blockage
- Using Python Scripts to Parse and Cross-Reference Feeds
- Integrating JSON and CSV Outputs into Workflows
- Scheduling Regular Threat Report Generation
- Automating Threat Feed Subscriptions and Updates
- Developing Custom Alert Triggers Based on Intel Rules
- Creating Feedback Mechanisms for False Positives
- Versioning Intelligence Workflows for Audit and Review
Module 15: Legal, Ethical, and Operational Security - Understanding Legal Boundaries of Threat Intelligence
- Complying with Data Privacy Laws (GDPR, CCPA, etc.)
- Handling Sensitive Indicators and Attribution Data
- Securing Your Intelligence Repository
- Implementing Need-to-Know Access Controls
- Avoiding Sinkholing and Active Measures
- Maintaining OPSEC When Researching Threat Actors
- Reporting Responsibilities to Authorities
- Documenting Intelligence Activities for Audits
- Establishing an Intelligence Use Policy
Module 16: Building an In-House Threat Intelligence Programme - Developing a Programme Roadmap and Phased Rollout
- Defining Roles: Analyst, Manager, Consumer, Liaison
- Securing Budget and Executive Sponsorship
- Establishing Key Performance Indicators (KPIs)
- Measuring Programme Impact on Detection and Response
- Creating a Culture of Intelligence Sharing
- Training Teams on Leveraging Internal Intelligence
- Scaling the Programme Across Geographies
- Partnering with External Sharing Alliances
- Conducting Regular Programme Reviews
Module 17: Real-World Threat Intelligence Dossier Project - Guided Project: Build a Complete Threat Intelligence Dossier
- Selecting a Real or Simulated Threat Campaign
- Collecting and Validating IOCs from Multiple Sources
- Using MITRE ATT&CK to Map Full TTP Chain
- Developing a Threat Actor Profile with Motives and Targets
- Analysing Infrastructure and Command-and-Control Patterns
- Assessing Impact and Likelihood for Your Sector
- Drafting Tactical Recommendations for IR and Defence
- Writing a Strategic Executive Briefing
- Peer-Reviewing Dossiers Using Professional Standards
Module 18: Certification and Career Advancement - How to Submit Your Final Project for Evaluation
- Review Criteria for Certificate of Completion
- Incorporating Your Dossier into Your Professional Portfolio
- Adding the Certification to LinkedIn and Resumes
- Leveraging Certification in Performance Reviews
- Positioning Yourself for Threat Intelligence Roles
- Negotiating Higher Compensation with Demonstrated Skills
- Preparing for Interviews Using Real Project Outcomes
- Accessing Advanced Learning Pathways and Specialisations
- Lifetime Alumni Support and Resource Updates
- Applying Structured Analytical Techniques (SATs)
- Using Analysis of Competing Hypotheses (ACH)
- Creating Link Analysis Diagrams for Incident Reconstruction
- Applying Temporal and Spatial Analysis to IOCs
- Conducting Scenario-Based Intelligence Forecasting
- Developing Hypotheses from Fragmented Data
- Triangulating Evidence from Multiple Sources
- Using Confidence Scales and Analytical Judgement
- Writing Tentative Assessments for Peer Review
- Integrating Analyst Cognitive Biases into Reporting
Module 10: Threat Intelligence Platforms (TIPs) and Tools - Overview of Leading Threat Intelligence Platforms
- Choosing a TIP Based on Organisational Size and Goals
- Configuring Data Ingestion from Multiple Sources
- Automating Enrichment with Threat Feeds
- Building Custom Workflows and Playbooks Inside a TIP
- Using API Integrations to Connect SIEM and SOAR
- Creating Automated IOC Distribution Lists
- Setting Up Alerting Rules Based on Confidence
- Generating Reports Directly from Platform Data
- Managing User Roles and Access Within a TIP
Module 11: Strategic Intelligence Reporting - Understanding the Audience: Technical vs Executive Reports
- Structuring High-Impact Intelligence Briefings
- Writing Clear, Actionable Executive Summaries
- Using Visuals to Communicate Threat Trends
- Incorporating Risk Metrics and Business Exposure
- Presenting Intelligence to Non-Technical Stakeholders
- Developing Monthly Threat Landscape Reports
- Tailoring Reports for Board-Level Consumption
- Linking Intelligence to Cyber Insurance and Compliance
- Distributing Reports with Secure Sharing Protocols
Module 12: Tactical Intelligence for Incident Response - Embedding Intelligence into IR Runbooks
- Using IOCs to Accelerate Triage and Containment
- Mapping Incidents to Known Threat Actors
- Identifying Lateral Movement Through TTP Patterns
- Anticipating Attacker Next Steps Based on TTPs
- Improving Detection Rules Using Observations
- Creating IOC Packages for Immediate Blockage
- Supporting Forensic Analysis with Contextual Data
- Updating IR Playbooks with Intelligence Insights
- Drafting Post-Incident Intelligence Summaries
Module 13: Operational Intelligence for Proactive Defence - Conducting Threat Hunting with Intelligence Guidance
- Developing Hypothesis-Driven Hunting Campaigns
- Using Threat Actor Profiles to Simulate Attack Paths
- Applying IOCs to Historical Log Retrohunting
- Identifying Dormant Compromises via Anomalous Patterns
- Integrating Threat Hunting Findings into Reporting
- Building Custom Detection Logic from Threat Insights
- Improving EDR and SIEM Coverage Using TTPs
- Deploying Decoys and Honeypots Informed by Intelligence
- Conducting Preemptive Infrastructure Hardening
Module 14: Automating Intelligence Workflows - Introduction to SOAR and Intelligence Automation
- Automating IOC Enrichment and Validation
- Building Playbooks for IOC Triage and Blockage
- Using Python Scripts to Parse and Cross-Reference Feeds
- Integrating JSON and CSV Outputs into Workflows
- Scheduling Regular Threat Report Generation
- Automating Threat Feed Subscriptions and Updates
- Developing Custom Alert Triggers Based on Intel Rules
- Creating Feedback Mechanisms for False Positives
- Versioning Intelligence Workflows for Audit and Review
Module 15: Legal, Ethical, and Operational Security - Understanding Legal Boundaries of Threat Intelligence
- Complying with Data Privacy Laws (GDPR, CCPA, etc.)
- Handling Sensitive Indicators and Attribution Data
- Securing Your Intelligence Repository
- Implementing Need-to-Know Access Controls
- Avoiding Sinkholing and Active Measures
- Maintaining OPSEC When Researching Threat Actors
- Reporting Responsibilities to Authorities
- Documenting Intelligence Activities for Audits
- Establishing an Intelligence Use Policy
Module 16: Building an In-House Threat Intelligence Programme - Developing a Programme Roadmap and Phased Rollout
- Defining Roles: Analyst, Manager, Consumer, Liaison
- Securing Budget and Executive Sponsorship
- Establishing Key Performance Indicators (KPIs)
- Measuring Programme Impact on Detection and Response
- Creating a Culture of Intelligence Sharing
- Training Teams on Leveraging Internal Intelligence
- Scaling the Programme Across Geographies
- Partnering with External Sharing Alliances
- Conducting Regular Programme Reviews
Module 17: Real-World Threat Intelligence Dossier Project - Guided Project: Build a Complete Threat Intelligence Dossier
- Selecting a Real or Simulated Threat Campaign
- Collecting and Validating IOCs from Multiple Sources
- Using MITRE ATT&CK to Map Full TTP Chain
- Developing a Threat Actor Profile with Motives and Targets
- Analysing Infrastructure and Command-and-Control Patterns
- Assessing Impact and Likelihood for Your Sector
- Drafting Tactical Recommendations for IR and Defence
- Writing a Strategic Executive Briefing
- Peer-Reviewing Dossiers Using Professional Standards
Module 18: Certification and Career Advancement - How to Submit Your Final Project for Evaluation
- Review Criteria for Certificate of Completion
- Incorporating Your Dossier into Your Professional Portfolio
- Adding the Certification to LinkedIn and Resumes
- Leveraging Certification in Performance Reviews
- Positioning Yourself for Threat Intelligence Roles
- Negotiating Higher Compensation with Demonstrated Skills
- Preparing for Interviews Using Real Project Outcomes
- Accessing Advanced Learning Pathways and Specialisations
- Lifetime Alumni Support and Resource Updates
- Understanding the Audience: Technical vs Executive Reports
- Structuring High-Impact Intelligence Briefings
- Writing Clear, Actionable Executive Summaries
- Using Visuals to Communicate Threat Trends
- Incorporating Risk Metrics and Business Exposure
- Presenting Intelligence to Non-Technical Stakeholders
- Developing Monthly Threat Landscape Reports
- Tailoring Reports for Board-Level Consumption
- Linking Intelligence to Cyber Insurance and Compliance
- Distributing Reports with Secure Sharing Protocols
Module 12: Tactical Intelligence for Incident Response - Embedding Intelligence into IR Runbooks
- Using IOCs to Accelerate Triage and Containment
- Mapping Incidents to Known Threat Actors
- Identifying Lateral Movement Through TTP Patterns
- Anticipating Attacker Next Steps Based on TTPs
- Improving Detection Rules Using Observations
- Creating IOC Packages for Immediate Blockage
- Supporting Forensic Analysis with Contextual Data
- Updating IR Playbooks with Intelligence Insights
- Drafting Post-Incident Intelligence Summaries
Module 13: Operational Intelligence for Proactive Defence - Conducting Threat Hunting with Intelligence Guidance
- Developing Hypothesis-Driven Hunting Campaigns
- Using Threat Actor Profiles to Simulate Attack Paths
- Applying IOCs to Historical Log Retrohunting
- Identifying Dormant Compromises via Anomalous Patterns
- Integrating Threat Hunting Findings into Reporting
- Building Custom Detection Logic from Threat Insights
- Improving EDR and SIEM Coverage Using TTPs
- Deploying Decoys and Honeypots Informed by Intelligence
- Conducting Preemptive Infrastructure Hardening
Module 14: Automating Intelligence Workflows - Introduction to SOAR and Intelligence Automation
- Automating IOC Enrichment and Validation
- Building Playbooks for IOC Triage and Blockage
- Using Python Scripts to Parse and Cross-Reference Feeds
- Integrating JSON and CSV Outputs into Workflows
- Scheduling Regular Threat Report Generation
- Automating Threat Feed Subscriptions and Updates
- Developing Custom Alert Triggers Based on Intel Rules
- Creating Feedback Mechanisms for False Positives
- Versioning Intelligence Workflows for Audit and Review
Module 15: Legal, Ethical, and Operational Security - Understanding Legal Boundaries of Threat Intelligence
- Complying with Data Privacy Laws (GDPR, CCPA, etc.)
- Handling Sensitive Indicators and Attribution Data
- Securing Your Intelligence Repository
- Implementing Need-to-Know Access Controls
- Avoiding Sinkholing and Active Measures
- Maintaining OPSEC When Researching Threat Actors
- Reporting Responsibilities to Authorities
- Documenting Intelligence Activities for Audits
- Establishing an Intelligence Use Policy
Module 16: Building an In-House Threat Intelligence Programme - Developing a Programme Roadmap and Phased Rollout
- Defining Roles: Analyst, Manager, Consumer, Liaison
- Securing Budget and Executive Sponsorship
- Establishing Key Performance Indicators (KPIs)
- Measuring Programme Impact on Detection and Response
- Creating a Culture of Intelligence Sharing
- Training Teams on Leveraging Internal Intelligence
- Scaling the Programme Across Geographies
- Partnering with External Sharing Alliances
- Conducting Regular Programme Reviews
Module 17: Real-World Threat Intelligence Dossier Project - Guided Project: Build a Complete Threat Intelligence Dossier
- Selecting a Real or Simulated Threat Campaign
- Collecting and Validating IOCs from Multiple Sources
- Using MITRE ATT&CK to Map Full TTP Chain
- Developing a Threat Actor Profile with Motives and Targets
- Analysing Infrastructure and Command-and-Control Patterns
- Assessing Impact and Likelihood for Your Sector
- Drafting Tactical Recommendations for IR and Defence
- Writing a Strategic Executive Briefing
- Peer-Reviewing Dossiers Using Professional Standards
Module 18: Certification and Career Advancement - How to Submit Your Final Project for Evaluation
- Review Criteria for Certificate of Completion
- Incorporating Your Dossier into Your Professional Portfolio
- Adding the Certification to LinkedIn and Resumes
- Leveraging Certification in Performance Reviews
- Positioning Yourself for Threat Intelligence Roles
- Negotiating Higher Compensation with Demonstrated Skills
- Preparing for Interviews Using Real Project Outcomes
- Accessing Advanced Learning Pathways and Specialisations
- Lifetime Alumni Support and Resource Updates
- Conducting Threat Hunting with Intelligence Guidance
- Developing Hypothesis-Driven Hunting Campaigns
- Using Threat Actor Profiles to Simulate Attack Paths
- Applying IOCs to Historical Log Retrohunting
- Identifying Dormant Compromises via Anomalous Patterns
- Integrating Threat Hunting Findings into Reporting
- Building Custom Detection Logic from Threat Insights
- Improving EDR and SIEM Coverage Using TTPs
- Deploying Decoys and Honeypots Informed by Intelligence
- Conducting Preemptive Infrastructure Hardening
Module 14: Automating Intelligence Workflows - Introduction to SOAR and Intelligence Automation
- Automating IOC Enrichment and Validation
- Building Playbooks for IOC Triage and Blockage
- Using Python Scripts to Parse and Cross-Reference Feeds
- Integrating JSON and CSV Outputs into Workflows
- Scheduling Regular Threat Report Generation
- Automating Threat Feed Subscriptions and Updates
- Developing Custom Alert Triggers Based on Intel Rules
- Creating Feedback Mechanisms for False Positives
- Versioning Intelligence Workflows for Audit and Review
Module 15: Legal, Ethical, and Operational Security - Understanding Legal Boundaries of Threat Intelligence
- Complying with Data Privacy Laws (GDPR, CCPA, etc.)
- Handling Sensitive Indicators and Attribution Data
- Securing Your Intelligence Repository
- Implementing Need-to-Know Access Controls
- Avoiding Sinkholing and Active Measures
- Maintaining OPSEC When Researching Threat Actors
- Reporting Responsibilities to Authorities
- Documenting Intelligence Activities for Audits
- Establishing an Intelligence Use Policy
Module 16: Building an In-House Threat Intelligence Programme - Developing a Programme Roadmap and Phased Rollout
- Defining Roles: Analyst, Manager, Consumer, Liaison
- Securing Budget and Executive Sponsorship
- Establishing Key Performance Indicators (KPIs)
- Measuring Programme Impact on Detection and Response
- Creating a Culture of Intelligence Sharing
- Training Teams on Leveraging Internal Intelligence
- Scaling the Programme Across Geographies
- Partnering with External Sharing Alliances
- Conducting Regular Programme Reviews
Module 17: Real-World Threat Intelligence Dossier Project - Guided Project: Build a Complete Threat Intelligence Dossier
- Selecting a Real or Simulated Threat Campaign
- Collecting and Validating IOCs from Multiple Sources
- Using MITRE ATT&CK to Map Full TTP Chain
- Developing a Threat Actor Profile with Motives and Targets
- Analysing Infrastructure and Command-and-Control Patterns
- Assessing Impact and Likelihood for Your Sector
- Drafting Tactical Recommendations for IR and Defence
- Writing a Strategic Executive Briefing
- Peer-Reviewing Dossiers Using Professional Standards
Module 18: Certification and Career Advancement - How to Submit Your Final Project for Evaluation
- Review Criteria for Certificate of Completion
- Incorporating Your Dossier into Your Professional Portfolio
- Adding the Certification to LinkedIn and Resumes
- Leveraging Certification in Performance Reviews
- Positioning Yourself for Threat Intelligence Roles
- Negotiating Higher Compensation with Demonstrated Skills
- Preparing for Interviews Using Real Project Outcomes
- Accessing Advanced Learning Pathways and Specialisations
- Lifetime Alumni Support and Resource Updates
- Understanding Legal Boundaries of Threat Intelligence
- Complying with Data Privacy Laws (GDPR, CCPA, etc.)
- Handling Sensitive Indicators and Attribution Data
- Securing Your Intelligence Repository
- Implementing Need-to-Know Access Controls
- Avoiding Sinkholing and Active Measures
- Maintaining OPSEC When Researching Threat Actors
- Reporting Responsibilities to Authorities
- Documenting Intelligence Activities for Audits
- Establishing an Intelligence Use Policy
Module 16: Building an In-House Threat Intelligence Programme - Developing a Programme Roadmap and Phased Rollout
- Defining Roles: Analyst, Manager, Consumer, Liaison
- Securing Budget and Executive Sponsorship
- Establishing Key Performance Indicators (KPIs)
- Measuring Programme Impact on Detection and Response
- Creating a Culture of Intelligence Sharing
- Training Teams on Leveraging Internal Intelligence
- Scaling the Programme Across Geographies
- Partnering with External Sharing Alliances
- Conducting Regular Programme Reviews
Module 17: Real-World Threat Intelligence Dossier Project - Guided Project: Build a Complete Threat Intelligence Dossier
- Selecting a Real or Simulated Threat Campaign
- Collecting and Validating IOCs from Multiple Sources
- Using MITRE ATT&CK to Map Full TTP Chain
- Developing a Threat Actor Profile with Motives and Targets
- Analysing Infrastructure and Command-and-Control Patterns
- Assessing Impact and Likelihood for Your Sector
- Drafting Tactical Recommendations for IR and Defence
- Writing a Strategic Executive Briefing
- Peer-Reviewing Dossiers Using Professional Standards
Module 18: Certification and Career Advancement - How to Submit Your Final Project for Evaluation
- Review Criteria for Certificate of Completion
- Incorporating Your Dossier into Your Professional Portfolio
- Adding the Certification to LinkedIn and Resumes
- Leveraging Certification in Performance Reviews
- Positioning Yourself for Threat Intelligence Roles
- Negotiating Higher Compensation with Demonstrated Skills
- Preparing for Interviews Using Real Project Outcomes
- Accessing Advanced Learning Pathways and Specialisations
- Lifetime Alumni Support and Resource Updates
- Guided Project: Build a Complete Threat Intelligence Dossier
- Selecting a Real or Simulated Threat Campaign
- Collecting and Validating IOCs from Multiple Sources
- Using MITRE ATT&CK to Map Full TTP Chain
- Developing a Threat Actor Profile with Motives and Targets
- Analysing Infrastructure and Command-and-Control Patterns
- Assessing Impact and Likelihood for Your Sector
- Drafting Tactical Recommendations for IR and Defence
- Writing a Strategic Executive Briefing
- Peer-Reviewing Dossiers Using Professional Standards