On Demand - Collection Manager's Course

Collection Planning through Execution

   Watch Promo


All too often we see organizations receive information on threat actors only to point-and-shoot when it comes to collection. There is little to no structure in this critical task that drives all intelligence production, analysis, and analytic writing.

The collection manager works with the intelligence and priority intelligence requirements to develop the collection plan translating these into specific information requirements used to provide targeting while managing the availability and capabilities of the collection/research team. This is an 8-week online course following intelligence community standards. This course is delivered via the drip method meaning each week a new lecture and supporting documentation is released, as if you were attending a university lecture.

This course prepares the organization’s designated intelligence professional as the person in charge of managing collection planning, staffing, targeting, ensuring integrated, synchronized, and deconflicted collection actions. As information is received from internal requests for information, analysis of existing data, information, and intelligence on the subject in question, the collection manager correlates and determine gaps in preparing the collection plan. This course prepares students in the development of collection requirements, designed to maximize the effectiveness of your limited resources covering what may seem as vast areas of online targets. The course assists the collection manager in determining where to look, when to look, and what to look for. We provide students with situation and event templates, how to fill them out, how to manage the ever-changing problem iteratively, and how to establish collection priorities base on the courses of action the threat actor may likely adopt.

  • Collection Planning Screening Sources
  • Interpretation of Stakeholder Needs Data Segmentation and Prioritization
  • Intelligence Requirements Establishing a program of record
  • Essential elements of information Targeting
  • Analysis of requirements against the existing knowledge base Open Source Collection
  • What do you have? Tools, Methods, Resources
  • What do you not have? Using the TIP
  • What is the gap? Vendor Report Reviews
  • Where and how will you acquire that data? Threat Intelligence Platform Use and Data Extraction
  • How much time do you have? Tagging strategies
  • STEMPLES Plus – Strategic Analysis
  • What skills do you have to accomplish the task? Rules of Engagement
  • What skills do you not have? Escalation Guidelines and Rules
  • Mission and Requirements Management Passive Collection
  • Convert RFI’s to collection requirements Observables
  • Data Provenance
  • Collection Manager Communications and Sharing
  • Support to Leadership
  • Purpose of Stakeholder Analysis
  • Questions used to organize your products
  • Know your customer checklist
  • Getting started checklist
  • High-level process overview
    • How to Communicate Up
  • Steps to follow
    • Sample Invitation Letter
  • Strategic Questioning and Listening
    • Active and Empathic Listening
  • Stakeholder Collection and Tracking Model
    • Reporting formats for real-time interaction
    • Choices of visual support materials
    • Stakeholder Impact and Influence
  • Stakeholder Tracking
  • Priority Intelligence Requirements (PIR) – What are they?
    • Intelligence Requirements
  • Common Adversaries
  • Information Requirements Process Flow
    • Intelligence Requirements
    • Essential Elements of Information
    • Specific Information Requirements
    • Indicators
    • The Overall IR Process Flow
  • Targeting – Intelligence Collection
  • Information Required Prior to Intelligence Requirements
  • Prioritization
    • What is an Intelligence Requirement
    • What is a Priority Intelligence Requirement
    • Prioritization continued
  • Collector/Analyst Need to Understand
  • Stakeholder knowledge of their systems and data
  • Intelligence Team Priority Intelligence Requirements Examples
  • Collection – Research RACI
  • Indicators and Warnings
  • Intelligence Requirements Tracking
  • Get them to requirements
  • What is D3A?
  • D3A Targeting Requirements
    • Adversary Identification
    • Breakdown
  • Bring in Stakeholder Requirements
  • What is F3EAD?
  • The D3A/F3EAD Integrated Process
    • Aligned to the Cyber Threat Intelligence Lifecycle
    • Integrated Lifecycle Breakdown
    • The Full Lifecycle
    • The Treadstone 71 D3A and F3EAD Diagram and Intel Lifecycle
  • Logical Adversaries to Intelligence Requirement Development
    • Building Threat Matrices
    • Simple to Complex
    • Inclusion of ATT&CK Groups aligned to Nation-States
  • Threat Matrices
    • Simple to Complex
  • Wrap-up // Q&A
  • The Six Categories – ASCOPE
    • Area
    • Structures
    • Capabilities
    • Organizations
    • People
    • Events
  • D3A Targeting F3EAD
    • Social
    • Technical
    • Economic
    • Military
    • Political
    • Legal/Legislative
    • Educational
    • Security
    • PLUS
    • Religion
    • Demographics
    • Linguistics
    • Psychological
    • Other
  • Indicators of change
    • Motive thru Capabilities
      • Levels of Concern
      • Examples
  • Hofstede Principles
    • Power and Distance
    • Individualism and Collectivism
    • Masculinity and Femininity
    • Uncertainty Avoidance
    • Long Term and Short Term
    • Indulgence and Restraint
    • Hofstede Country Comparison Exercise
  • Strategic Analysis with STEMPLES
  • Indicators – Indicators of Change Matrices
  • STEMPLES Plus Template and Example
  • Definition
  • Requirements Management
  • Mission Management
    • Mission Analysis
    • Gaps
  • Collection Planning
    • Simplified Process
  • Collection Strategy
    • Intelligence Collection Synchronization
    • Red Team Support
    • Collection Tasking
  • Collection Operations
    • Principles
  • Collection Manager Tasks
    • Bringing in Intelligence Requirements
    • A Multidisciplinary Approach
    • Prioritization of Requirements
    • Available Assets
    • Iterative re-tasking Continuous monitoring of collection results
    • Anticipate collection requirements Meeting SIR requirements
  • Operational Security Rules (OPSEC)
    • Laptops and Access
    • Like a SCIF
    • Anonymity of your passive collection
    • List of items to consider
    • Standards and words to follow
    • Browser plug-ins / extensions
    • Recommended Software
    • Standard Desktop
  • Rules of Engagement (RoE)
    • Purpose
    • Pre-conditions required for RoE
    • Team Roles and Responsibilities
    • Use of Cyber Personas
    • Rules for the Rules
    • Internal and External Threats
    • Tools and Resources – High-Level
    • Escalation Cycle
  • Cyber Persona Methods and Techniques
    • Concepts – Logline
      • Establish the Logline – Create the Plot
    • Persona Archetypes
      • Archetype Review and Understanding
      • 16 Persona Motivations
      • Persona Perception
      • Persona Link Analysis
        • Types of Links to Consider
      • Persona Characterization
      • Persona Profile Sketch
      • Persona Tracking – Standard Fields
      • Persona First Steps
        • Memorable or not?
        • Dimensions
    • Twelve Essential Questions
    • Clandestine Cyber HUMINT - Screenplay
  • Request for Information
    • RFI Template
    • Request for Support
    • Data/Information dissemination
    • Coordinate with other internal and external sources
    • Validate preplanned collection tasks
    • Awareness of production and analysis status
    • Update adaptive collection plans
    • Redirects and information reporting to
    • Collection Planning Forms and Tracking Collection plan effectiveness
    • The Collection Manager’s Matrix Feedback loop
  • Complete a Plan
    • The Collection Plan Templates
    • Breakdown of the templates
      • PDF Form
      • Spreadsheet Collection Plan
      • Collection Tasking Worksheet
      • Intelligence Synchronization Matrix
    • Collection Manager Tasks Redux
    • Example completed plan
    • Iterative feedback – Constant communication
      • The Collection Manager’s Matrix Feedback loop
      • Converting intelligence-related information requirements into collection requirements Strategic, Tactical, Technical
  • Data Provenance - Dates/Times Collection Planning Process Flow and Metrics
  • Credibility / Validity / Relevance After action reviews – at any time
    • Skimming / Speed Reading
    • Data Verification
    • Admiralty Scoring
      • Use and structure
    • Types of Evidence Collection Manager Oversight
    • Pitfalls in Evaluating Evidence
  • Intelligence Risk
  • Confidence Levels for your findings
  • Collection Plan Templates
  • Case Study Finals
  • Review
  • Q&A

Your Instructor

Jeff Bardin
Jeff Bardin

Former adjunct professor of Cyber Intelligence, Counterintelligence, and Cybercrime (Utica College) and Information Security Risk Management (Clark University). Experienced in cyber intelligence lifecycle services and support, cyber counterintelligence services and analysis, active defense and cyber operations. Commercially teach Cyber Intelligence (Anonymity, Sockpuppets, Cyber Collection, Clandestine Cyber HUMINT, Socio-Cultural Aspects of Intelligence, Lifecycle, Critical Thinking, Cognitive Bias, Methods and Types of Analysis and Methods, Structured Analytic Techniques, Analytic Writing, BLUF/AIMS Delivery, and Dissemination), Jihadist Online Recruitment Methods, cyber influence operations, high-value target development, deception planning, deception operations management, Middle Eastern Cyber Warfare Doctrine, adversary dossier development and social-cultural analysis, jihadist training and gaming as a method of training, information and intelligence sharing, threat intelligence platform selection, non-inclusively.

Jeff Bardin is the Chief Intelligence Officer for Treadstone 71 with clients on 4 continents. In 2007, Jeff received the RSA Conference award for Excellence in the Field of Security Practices. His team also won the 2007 SC Magazine Award – Best Security Team. Jeff sits or has sat on the Board of Boston Infragard, Content Raven, Journal of Law and Cyber Warfare, and Wisegate and was a founding member of the Cloud Security Alliance. Jeff served in the USAF as a cryptologic linguist and in the US Army / US Army National Guard as an armor officer, armored scout platoon leader.

Mr. Bardin has extensive experience in cyber intelligence lifecycle services, program builds, targeted research and support, cyber counterintelligence services and analysis, deception planning, and cyber operations. He teaches Cyber Intelligence and Counterintelligence (Anonymity, Cyber Personas, Collection management, Clandestine Cyber HUMINT, Socio-Cultural Aspects of Intelligence, Critical Thinking, Cognitive Bias, Methods and Types of Analysis, Mitre ATT&CK, Structured Analytic Techniques, Analytic Writing, Briefings, and Dissemination), open source intelligence, strategic intelligence, operational/tactical/technical intelligence, and methods in media manipulation identification.

He has BA in Special Studies - Middle East Studies & Language from Trinity College and an MS in Information Assurance from Norwich University. Jeff also attended the Middlebury College Language School for additional language training. Mr. Bardin also spent two+ years studying Russian history, literature, political systems, and language. He lived and worked in the Mediterranean area, Europe, Australia, Singapore, Malaysia, the Persian Gulf Region, and the Kingdom of Saudi Arabia. Jeff was an adjunct instructor of master’s programs in cyber intelligence, counterintelligence, cybercrime and cyberterrorism at Utica College. Mr. Bardin has also appeared on CNN, CBS News Live, FoxNews, BBCRadio, i24News, BBN, and several other news outlets and has contributed bylines to Business Insider non-inclusively.

We started teaching these courses in 2009 and have continued to update and hone them while maintaining true to the intelligence community standards. We have since built cyber threat intelligence programs for Fortune 500 firms and government organizations on four continents while providing targeted research against adversaries and nation-states.

Treadstone 71:

We founded the company in 2002 and started creating cyber personas and infiltrating al-Qaeda sites collecting information and sharing it with various US-based organizations in 2004. In 2009-10, we started teaching Cyber Intelligence, Cyber CounterIntelligence and Cyber Crime courses at the master’s level at Utica College where we established the intelligence program. After three years of teaching at the academic level, we switched to the commercial space honing the courses to CIA/DIA style tradecraft as aligned to the cyber environment using the skills acquired in 2004. Since that time, we have continued to update the courses using real-world case studies as part of the training.

We have kept the company purposely small and now offer the training courses (www.treadstone71.com/cyber-intelligence-trainingan... www.cyberinteltrainingcenter.com) as well as Cyber Threat Intelligence maturity assessments, strategic and program planning, active research, collection, and reporting. We also perform Threat Intel Platform assessments, selection, and rollout activities for clients. We have clients in the US, EU, Australia, and Asia with active proposals in the Middle East. My personal background is as an Arabic Linguist (USAF / NSA), Russian Linguist, and CISO financial services, government contracts, insurance, and cybersecurity vendors. We have also acted as a critical resource for government CISOs in the past authoring their agency strategic plans, program plans and responding to Congressional inquiries on their behalf.

Jeff has spoken at RSA, NATO CyCon (Estonia), the US Naval Academy, the Air Force Institute of Technology, the Johns Hopkins Research Labs, Hacker Halted, Malaysian Cyberjaya, Secureworld Expo, Hacktivity (Budapest), IS2 Prague, London (RSA), ISSA, Security Camp (Cairo), and several other conferences and organizations.

Mr. Bardin has authored books and contributed chapters to several other books most recently Current and Emerging Trends in Cyber Operations from George Washington University. Recently edited and provided content for Understanding Computers: Today and Tomorrow by Deborah Morley, Charles S Parker - 11th edition (March 2006 release). Reviewer for Building an Information Security Risk Management Program from the Ground Up (Evan Wheeler), Author Chapter 33 Computer Information Security Handbook 5th Edition - SAN Security. Author Chapter on Satellite Security - Computer Information Security Handbook 6th Edition. Author - The Illusion of Due Diligence - Notes from the CISO Underground (April 2010 release).

Treadstone 71 is a pure play intelligence company focusing on targeted research of adversaries building in-depth dossiers recording methods, tactics, techniques, procedures, known associates, memberships and psychological profiles. We author Current, Research/Foundational, Advisories, STEMPLES Plus, and Estimative Intelligence reports. We create profiles of high value targets including ‘know your customer’ profiles delivering assessments and gaps in protections with recommendations and opportunities.

We are known for building Strategic Intelligence Programs from vision, mission, guiding principles, goals, objectives, 36-month plans, policies, procedures, process flows, SOPs, KPIs, CSFs, training and awareness programs for intelligence. We also help establish internal intelligence community programs from technical and tactical to operational and strategic including physical, competitive, business, and cyber.

We have taught classes to and/or worked with/for:

AIB, American Express, Capital One, NATO, Belgian Military Intelligence, Commonwealth Bank, Bank of America, ING, NCSC NL, American Electric Power, Nationwide, Battelle, Standard Chartered, Columbus Collaboratory, Anomali, Defense Security Services, PNY, Dell Secureworks, HPE Security, EclecticIQ, Darkmatter (AE), General Electric, General Motors, PNC, Sony, Goldman Sachs, NASA, DoD, East West Bank, Naval Air Warfare Center, VISA, USBank, Wyndham Capital, Egyptian Government, DNB Norway, Euroclear, Malaysian Cyberjaya, People's United Bank, Baupost Group, Bank of North Carolina, Cardinal Health, Huntington, L Brands, OhioHealth, Fidelity Investments, Citi, Citigroup, T. Rowe Price, Wells Fargo, Davis Polk, Thrift Savings Plan, Discover, Equifax, Blackknight Financial Services, Schwab, GM, FRB, Intercontinental Exchange (ICE), Citizens Financial Group, Cleveland Clinic, Scottrade, MetLife, NY Life, Essent, Harvard University, Charles River Associates, Synchrony Financial, In-Q-Tel, TD Ameritrade, First Citizens Bank, M&T Bank, Western & Southern, American National Bank of TX, National Reconnaissance Office, OCBC Bank Singapore, Spentera, FBI, W.R. Berkley, F-Secure, People’s United Bank, Stellar Solutions, Lockheed Martin, Harvard Pilgrim, Symantec, State of Florida, Deloitte, Ernst and Young, Mitsubishi UFG Trust and Banking Corporation, Target, Tri Counties Bank, Mass Mutual, Tower Research, Latham and Watkins LLP, Geller & Company, KeyBank, Northern Trust, Fannie Mae, BB&T, Blue Cross Blue Shield Michigan, Farm Credit Services of America, Aviation ISAC, Regions Financial Corporation, Intercontinental Exchange (The ICE), Vista Equity Partners, JP Morgan Chase, Archer Daniels Midland, Nacha, Barclays, Options Clearing Corporation (OCC), Expo2020, Abu Dhabi Smart Solution's and Services Authority, Merck & Co., Inc Nomura International, ING, Finance CERT Norway, iPipeline, BBVA, PenFED, Santander, Bank of America, Equifax, BNY Mellon, UBS Group, OCC, Verizon, Vantiv, Raymond James, Bridgewater Associates, Bank of America Merrill Lynch, BBVA, Promontory Interfinancial Network, Bank of Canada, Credit Suisse, HSBC, Church of Jesus Christ of Latter Day Saints, Ocean First Bank, International Exchange, Splunk, Vero Skatt, Ernst & Young, Relativity, Ultimate Software, Vista Equity Partners, Aetna, QBE Insurance Group, ACI Universal Payments, Betaalvereniging Nederland, Dutch Police, Motorola Solutions, Intel Corporation, Salesforce, Singapore Ministry of Defence, Australia and New Zealand Banking Group Limited (ANZ), National Australia Bank Limited, non-inclusively (as well as several other firms by proxy as they hire qualified intelligence professionals trained by Treadstone 71).

Focus on targeted research of adversaries building in-depth dossiers recording methods, tactics, techniques, procedures, known associates, memberships and psychological profiles. Author Current, Research/Foundational, PESTELI, deception planning and operations, psychological operations, and Estimative Intelligence reports. Create profiles of high value targets including ‘know your customer’ profiles delivering assessments and gaps in protections with recommendations and opportunities.

Strategic Intelligence Program builds from vision, mission, guiding principles, goals, objectives, 36-month plans, policies, procedures, process flows, SOPs, KPIs, CSFs, training and awareness programs for intelligence. Building internal intelligence community programs from technical and tactical to operational and strategic including physical, competitive, business, and cyber.

Course Curriculum

  Introduction - Week 1 - Stakeholder Analysis
Available in days
days after you enroll
  STEMPLES Plus - Indicators of Change - Hofstede Principles
Available in days
days after you enroll
  Data Provenance - Hunchly // OPSEC Rules // Rules of Engagement // Cyber Personas
Available in days
days after you enroll
  Collection Management
Available in days
days after you enroll

Frequently Asked Questions

When does the course start and finish?
On-demand course scheduled for eight weeks, expandable to ten.
How long do I have access to the course?
Ten weeks (or possibly longer should you need it)

Get started now!