The Certified Threat Intelligence Analyst - Cyber Intelligence Tradecraft training course follows the iterative processes of the intelligence lifecycle while covering non-inclusively. This course follows the International Association for Intelligence Education Standards for Intelligence Analyst Initial Training incorporating intelligence community member validated content and hands-on experience in the cyber environment since 2004.
- I. Introduction to Intelligence
- II. Critical Thinking
- III. Analytic Writing
- IV. Creative Thinking
- V. Analytic Briefing
- VI. Structured Analytic Techniques.
- VII. Analytic Issues
- VIII. Argument Mapping
- IX. Case Studies
This course is unique and innovative providing students with academic understanding, live case studies, and a course that drives practical over memorization for a test. The course is likened to an apprenticeship during an intensive 5-day training course covering the intelligence lifecycle.
- Anonymity and Passive Persona setup
- Collection Methods and Techniques
- Collection Planning, IRs/PIRs/EEIs/Indicators/SIRs
- Collection Process Flow
- Collection (OSINT) Tools and Targeting
- Threat Intelligence
- Most likely Threat Actors
- Use of Maltego – overview
- OPSEC – VPNs, Buscador, Authentic8 Silo
- OSINT Browser – Oryon C Portable
- Proxy Access – the DarkNet
- Demonstration – Recorded Future / Intel471
- Burn phone setup and use (US Only)
- Open Source Intelligence OSINT
- Production Methods
- Structured Analytic Techniques – Their use
- Adversary Denial and Deception
- Source Credibility and Relevance
- Source Validation
- Denial and Deception
- Confidence Levels
- Types of evidence
- Production Management
- Critical and Creative Thinking
- Cognitive Bias
- Glossary and Taxonomy
- What Intelligence Can and Cannot Do
- Use of Mitre ATT&CK in Analysis
- ATT&CK in examining patterns and trends
- ATT&CK in Adversary tendencies
- Estimation and Forecasting
- Campaign analysis
- Types and Methods of Analysis
- Synthesis and Fusion
- Analysis of Competing Hypothesis
- Inductive/Abductive/Deductive Reasoning
- Stakeholder Identification, and Analysis
- Analytic Writing, BLUF, AIMS
- Forecasting in your writing
- STEMPLES Plus
- Indicators of Change
- Argument Mapping
- Types of Reports
- Product Line Mapping
- Report Serialization, and Dissemination
- Live Case Studies – Class briefs
Lecture, Hands-on, Apprenticeship, in-class exercises, student presentations covering structured analytic techniques, analysis of competing hypotheses, analytic writing and deliver, analytic products, templates, course material—40 CPEs
ONLINE - 8 WEEKS
IN-PERSON - 5 DAYS
We also have a different module that can be included depending on the audience. This module is geared towards IR and SOC staff:
- Intro to Cyber Intelligence
- What does intelligence mean to the SOC?
- What does intelligence mean to Incident Response?
- A day in the life of an intelligence analyst
- Intelligence Lifecycle
- Define what your group does
- Define how your group uses intelligence
- Define how your group produces intelligence
- Mitre ATT&CK
- ATT&CK Navigator
- ATT&CK Examples
- Chronology and Timelines
- ATT&CK Chronology
- Comparing past and present
- Comparing and contrasting different threat groups
- Estimative ATT&CK
- Adversary Targeting – Threat Profiling - Threat Matrices
- Primary Threats
- Foreign intelligence services
- Military cyber units
- Threat groups and proxies
- Cyber criminals
- Adversary skills
- Adversary maliciousness
- Interest in your organization
- Motivation – objective – conditions
- Course(s) of action
- Level of automation
- Potential impact
- Threat Hunting
- Purpose and Scope
- Hunt level maturity
- Threat Hunting Lifecycle
- Lifecycle and Maturity Level matrix
- Searching, clustering, grouping, stack counting
- Process flow
- Entry point
- Plan the hunt
- Execute the hunt
- Malicious or not?
- Document the performed steps
- Document the findings
- Prepare the report
- Hunt Key Metrics
- Establish priorities Iterative Approaches and Feedback Loop
- RACIs – who does what
- Tactical Intelligence Risk
- Situational Awareness
- Emerging threats
- Coordination with other groups
- Likely adversary courses of action
- Intake Forms
- Request for Information (RFI)
- Responding to RFIs
- Incident Intelligence
- Interfacing with the Cyber Threat Intelligence (CTI) teams
- What do we need from CTI?
- What can CTI do and what can they not do
- Indicators Cyber DECIDE, DETECT, DELIVER and ASSESS (D3A) framework
- Specific information requirements Cyber FIND, FIX, FINISH, EXPLOIT, ANALYZE and DISSEMINATE (F3EAD) methodology
- Crown jewel information
- Checklist questions
Possible intelligence requirements (non-prioritized)The first ONLINE - Cyber Intelligence Tradecraft Certified Threat Intelligence Analyst from Treadstone 71.
Registration starts runs periodically as defined on the main Cyber Intelligence Training Center registration page.
The online courses are instructor video and audio recorded with periodic direct interaction with the instructor via online web meetings. The instructor will have standard office time for question and answer as well as regular access via class email and other messaging options.
Validated and registered students will receive login and preparation information 1 week prior to class start. Prospective students must send an email to [email protected] from a corporate account to validate course eligibility before registration. (Corporate accounts are not Gmail, Hotmail, Yahoo, Mail, Hushmail, Protonmail, and the like). Treadstone 71 reserves the right to restrict course registration based upon certain risk factors.
Students who complete the course will be certified as Cyber Intelligence Tradecraft Professional. 40 CPEs awarded for the course. This course is highly specialized following intelligence community tradecraft. You won’t get this at SANS. You won't get this anywhere but from Treadstone 71. If you want purely technical, then this is not the course for you. If you want tradecraft that lays the foundation for a solid program, education that creates a lasting impact, then this is the course for you.
Course books and manuals will be provided to students upon accepted enrollment. This course follows traditional intelligence community tradecraft. Treadstone 71 has been teaching cyber intelligence courses in various forms for six years. From academic settings and corporate environments to government facilities. Our customers include some of the largest firms in the world many of whom are part of critical infrastructures recognizing the need to learn how to create intelligence (www.treadstone71.com). We support our training with onsite consulting services that teach you how to create a sustainable program aligned to stakeholders. Ultimately, we teach you what most vendors cannot or will not – how to fish for yourself.
Course Fee, Course Lab, and Materials Fee (includes books, templates, structured techniques application, etc.).
This course combines lecture, research, and hands-on team assignments. Students are best served using a PC but a MAC will do (a virtual machine running windows on the Mac is best if you only have a Mac).
How is this course different from the current Treadstone 71 Cyber Intelligence course?
This course provides definitive sections along the intelligence lifecycle that are in-depth. Students are required to demonstrate understanding and use of collection methods using defined targets and target case studies, understanding and applying analytic techniques, when and how to use analytic techniques and analytic types. Students are presented case studies for analysis, required to use tradecraft methods, and provide written reports in standard analytic format. Students are also required to orally present their deliverables to the class. You will leave this course with the tools, methods, and understanding necessary to enhance your intelligence program.
“The Cyber Intelligence Training delivered and created by Jeff Bardin will add rapid returns to both Cyber Intel Analysts, and your Security Operations. This very thorough class adequately prepares the student for your Cyber Intelligence function. This class starts with the history of intelligence as a tradecraft and the evolution to the digital corporate world. Along the way, each student receives quality instruction and hands-on experience with today’s OSINT tools. This is necessary for anyone new to Cyber Intelligence and complimentary to any Security Operations within your enterprise. This class provides the student with the resources and fundamentals needed to establish cyber intelligence as a force as both a proactive offensive step and a counter intelligence-contributing arm of your larger team.”
“The class was very detail orientated with a strong focus on the work of Cyber threats and how to better secure your assets against potential attacks. For most scenarios, we went through he had an open source tool, or the link to a paid version, to monitor or prevent the attacks from occurring. He was able to answer each and every question asked with specific details, and then some. I would sign up again right away for any other classes offered by Jeff.”
"Fantastic class that gets to the foundational aspects of traditional tradecraft. We studied hard examining recent attack campaigns. The analysis training prepared me for real world efforts. Have to say this is one of the best classes I have ever taken having taken many from SANS. SANS does not compare. They are more of a class mill today. The Treadstone 71 course material is unique, focused, and timely."
“The Cyber Intelligence training offered by Treadstone 71 is definitely an outstanding course and I recommend it for any organization looking to implement an intelligence capability. Jeff Bardin is extremely knowledgeable in the intelligence tradecraft and applies it to the cyber realm in a way that is understandable, exciting to learn and makes it easy to achieve “quick wins” in the organization after completing his class. Jeff provided the class with a multitude of tools, templates, and documents that can immediately be used by any organization focused on intelligence collection and analysis. Jeff arrived well prepared to teach the course and one of the most impressive aspects of the class was that he presented the material in a way that displayed his personal knowledge and experience in the field rather than relying solely on book material. We intend to continue leveraging Jeff’s services as we mature our cyber intelligence capability and highly recommend Treadstone71’s services to any organization.”
“This is one of the best, if not the best, Cyber Threat Intelligence training course I've attended.”
“This course was excellent. I was concerned coming into it that I would already know all the course material (I have been doing this sort of work for 15 years, specifically the type of work this course covered). As it turns out, it was a good reminder of what I should be doing to improve structure and rigor, and provided good tools, some of which I had not seen before. If I was new to this field or looking for a good insight into how Intelligence should work (i.e.: most of the rest of the class), I believe this would have provided even more value. I have already recommended it to a couple of my former colleagues in this line of business and would happily recommend it for future use by ########.”
Course material is not for resale or commercial use outside the end user license agreement. Course material may not be used for competitive purposes.
Former adjunct professor of Cyber Intelligence, Counterintelligence, and Cybercrime (Utica College) and Information Security Risk Management (Clark University). Experienced in cyber intelligence lifecycle services and support, cyber counterintelligence services and analysis, active defense and cyber operations. Commercially teach Cyber Intelligence (Anonymity, Sockpuppets, Cyber Collection, Clandestine Cyber HUMINT, Socio-Cultural Aspects of Intelligence, Lifecycle, Critical Thinking, Cognitive Bias, Methods and Types of Analysis and Methods, Structured Analytic Techniques, Analytic Writing, BLUF/AIMS Delivery, and Dissemination), Jihadist Online Recruitment Methods, cyber influence operations, high-value target development, deception planning, deception operations management, Middle Eastern Cyber Warfare Doctrine, adversary dossier development and social-cultural analysis, jihadist training and gaming as a method of training, information and intelligence sharing, threat intelligence platform selection, non-inclusively.
Jeff is the Chief Intelligence Officer for Treadstone 71 with clients on 4 continents. In 2007, he was awarded the RSA Conference award for Excellence in the Field of Security Practices. His team also won the 2007 SC Magazine Award – Best Security Team. Jeff sits or has sat on the Board of Boston Infragard, Content Raven, Journal of Law and Cyber Warfare, and Wisegate and was a founding member of the Cloud Security Alliance. Jeff served in the USAF as a cryptologic linguist and in the US Army / US Army National Guard as an armor officer, armored scout platoon leader.
Founded the company in 2002 with the specific focus at the time of information security. In 2004, we started creating cyber personas and infiltrating al-Qaeda sites collecting information and sharing it with various US-based organizations. In 2009-10, we started teaching Cyber Intelligence, Cyber CounterIntelligence and Cyber Crime courses at the Master's level at Utica College where we established the intelligence program. After three years of teaching at the academic level, we switched to the commercial space honing the courses to CIA/DIA style tradecraft as aligned to the cyber environment using the skills acquired in 2004. Since that time, we have continued to update the courses using real-world case studies as part of the training.
Treadstone 71 kept the company purposely small and now offer the training courses as well as Cyber Threat Intelligence maturity assessments, strategic and program planning, as well as active research, collection, and reporting. We also perform Threat Intel Platform assessments, selection, and rollout activities for clients. We have clients in the US, EU, Australia, and Asia with active proposals in the Middle East. My personal background is as an Arabic Linguist (USAF / NSA), Russian Linguist, and CISO financial services, government contracts, insurance, and cybersecurity vendors. We have also acted as a critical resource for government CISOs in the past authoring their agency strategic plans, program plans and responding to Congressional inquiries on their behalf.
He has BA in Special Studies - Middle East Studies & Language from Trinity College and an MS in Information Assurance from Norwich University (Cum Laude). Jeff also attended the Middlebury College Language School for additional language training. Mr. Bardin also spent two+ years studying Russian history, literature, political systems, and language. Mr. Bardin has lived and worked in the Mediterranean area and the Kingdom of Saudi Arabia. Mr. Bardin has also appeared on CNN, CBS News Live, FoxNews, BBCRadio, i24News, and several other news outlets and has contributed bylines to Business Insider non-inclusively.
Jeff has spoken at RSA (highly rated speaker), NATO CyCon (Estonia), the US Naval Academy, the Air Force Institute of Technology, the Johns Hopkins Research Labs, Hacker Halted, Malaysian Cyberjaya, Secureworld Expo, Hacktivity (Budapest), Prague, London (RSA), ISSA, Security Camp (Cairo), and several other conferences and organizations. Mr. Bardin has authored books and contributed chapters to several other books most recently Current and Emerging Trends in Cyber Operations from George Washington University. Edited and provided content for Understanding Computers: Today and Tomorrow by Deborah Morley, Charles S Parker - 11th edition (March 2006 release). Reviewer for Building an Information Security Risk Management Program from the Ground Up (Evan Wheeler), Author Chapter 33 Computer Information Security Handbook 5th Edition - SAN Security. Author Chapter on Satellite Security - Computer Information Security Handbook 6th Edition. Author - The Illusion of Due Diligence - Notes from the CISO Underground (April 2010 release).
We have taught classes to and/or worked with/for:
AIB, American Express, Capital One, Commonwealth Bank, Bank of America, ING, NCSC NL, Defense Security Services, PNY, Dell SecureWorks, HPE Security, EclecticIQ, Darkmatter (AE), General Electric, General Motors, PNC, Sony, Goldman Sachs, NASA, DoD, East West Bank, Naval Air Warfare Center, VISA, Federal Reserve Bank, USBank, Wyndham Capital, Egyptian Government, DNB Norway, Euroclear, Malaysian Cyberjaya, People's United Bank, Baupost Group, Bank of North Carolina, Fidelity Investments, Citi, Swift, Citigroup, T. Rowe Price, Wells Fargo, Discover, Blackknight Financial Services, Intercontinental Exchange (ICE), Citizens Financial Group, Scottrade, MetLife, NY Life, Synchrony Financial, TD Ameritrade, National Reconnaissance Office, FBI, OSI, Stellar Solutions, Lockheed Martin, Harvard Pilgrim, State of Florida, Deloitte, Ernst and Young, Mitsubishi, Tower Research, Geller & Company, KeyBank, Fannie Mae, BB&T, Aviation ISAC, JP Morgan Chase, Barclays, Nomura International, ING, Finance CERT Norway, BBVA, Santander, Bank of America, Equifax, BNY Mellon, OCC, Verizon, Vantiv, Bridgewater Associates, Bank of Canada, Credit Suisse, HSBC, International Exchange, Vista Equity Partners, Aetna, Betaalvereniging Nederland, BNP Paribas, Ministerie van Veiligheid en Justitie, Nationaal Coördinator Terrorismebestrijding en Veiligheid, Directie Cyber Security – Nationaal Cyber Security Centrumm, Symantec, Intel471, RecordedFuture, and several members of Flashpoint, etc. non-inclusively).
Focus on targeted research of adversaries building in-depth dossiers recording methods, tactics, techniques, procedures, known associates, memberships and psychological profiles. Author Current, Research/Foundational, PESTELI, deception planning and operations, psychological operations, and Estimative Intelligence reports. Create profiles of high value targets including ‘know your customer’ profiles delivering assessments and gaps in protections with recommendations and opportunities.
Strategic Intelligence Program builds from vision, mission, guiding principles, goals, objectives, 36-month plans, policies, procedures, process flows, SOPs, KPIs, CSFs, training and awareness programs for intelligence. Building internal intelligence community programs from technical and tactical to operational and strategic including physical, competitive, business, and cyber.