What is cyber intelligence training?

Cyber intelligence training teaches analysts how to collect, structure, assess, write, and brief intelligence for cyber risk, threat, influence, and operational decisions. Treadstone 71 programs cover collection planning, OSINT, structured analytic techniques, deception detection, warning analysis, reporting, and forecasting — all aligned to IAFIE standards and listed in the CISA NICCS catalog.

Who should take counterintelligence and cyber intelligence courses?

Programs fit threat intelligence analysts, security leaders, investigators, cybercrime teams, intelligence writers, peer reviewers, government agencies, defense organizations, and enterprise security groups that need stronger analytic tradecraft.

Do you offer cognitive warfare and disinformation training?

Yes. The catalog includes cognitive warfare, narrative analysis, deception, influence operations, Russian and Chinese cognitive warfare doctrine, People Intelligence (PEOPINT), and related programs that help students identify manipulation, hostile narratives, and behavior-driven threat patterns.

Are the courses self-paced or live?

Most programs offer online, on-demand access with mentor support. Select programs add live web meetings, office hours, or instructor-supported cohorts. In-person training is available through Treadstone 71's client-driven and Project Omega Prague residency formats.

Do you provide team or enterprise licensing?

Yes. Enterprise subscription options support organization-wide access through a single annual license. Teams gain shared training paths, consistent analytic language across analysts, and centralized progress reporting for security leadership.

Are the certifications recognized in the intelligence community?

Treadstone 71 training is IAFIE-aligned, follows PHIA standards language, and is listed in the CISA NICCS training catalog as a recognized cybersecurity workforce development provider. Certifications carry CPE credits and are recognized by government agencies, defense contractors, and Fortune 500 security teams worldwide.

What is the TWELVEROFF discount code?

TWELVEROFF is the current promotional code for 12 percent off featured programs at checkout. Apply at the checkout step on any featured course page. Subject to change — verify current offer on the featured programs page.

How does this site relate to Treadstone 71?

The Cyber Intel Training Center is the official online training platform of Treadstone 71 LLC, a veteran-owned, woman-led cyber intelligence firm operating since 2002. Treadstone 71 also delivers in-person training, consulting, adversary dossiers, and intelligence program builds at treadstone71.com.

NICCS LISTED · INSIDER THREATS · ELICITATION METHODS · CMM · AI-AUGMENTED CI · IAFIE ALIGNED

Insider Threats & Elicitation Methods Capability Maturity Model · Traditional and AI-Augmented Tradecraft

Name: Enterprise Cyber Intelligence Training Subscription
Brand: Treadstone 71
Price: 99990.00 USD
Availability: InStock

Insider threats are operationally distinct from external threats in ways that make standard cyber defense largely irrelevant. The insider already has access. The insider already has context. The insider's activity blends with legitimate work unless analysts know what to look for. The defensive burden is asymmetric — and the discipline that closes the gap is structured insider-threat tradecraft anchored in elicitation methods, the IC technique of drawing out information from sources without their realizing intelligence is being collected.

This $999 CI-tradecraft flagship covers insider threat detection plus traditional and AI-augmented elicitation methods — the Insider Threat Capability Maturity Model, behavioral indicators, detection workflow integration, disciplined interview tradecraft, and the AI-augmentation that has expanded elicitation capability dramatically over the past several years. Foundational reading for analysts, investigators, and program leads building counter-intelligence and insider-threat capability.

Course Price$999 USD

TierCI Flagship

LevelIntermediate-Adv.

FrameworkCMM + AI

What You'll Learn

Insider threat and elicitation tradecraft for cyber counter-intelligence

Insider Threat Capability Maturity Model — structured assessment of organizational insider-threat capability across people, process, technology, and governance dimensions. The CMM frame supports program build, gap identification, and roadmap construction for insider-threat functions at any maturity level.
Insider Threat Behavioral Indicators — the operational markers that distinguish malicious insider activity from legitimate work. Why technical telemetry alone misses the most consequential cases and what behavioral signal needs to be integrated to close the gap.
Traditional Elicitation Methods — the IC tradecraft of drawing information from sources without their realizing intelligence is being collected. Approach techniques, rapport building, indirect-question construction, and the interview tradecraft that produces information humans will not volunteer under direct questioning.
AI-Augmented Elicitation — how AI capability has expanded elicitation methodology dramatically — persona scale, multi-channel orchestration, conversational continuity across long timeframes, and the operational implications for both offensive and defensive practice. The most-evolved area of modern cyber HUMINT tradecraft.
Detection Workflow Integration — operational handoffs between insider-threat detection and the rest of security operations: HR coordination, legal review, technical investigation, and the workflow patterns that preserve evidentiary integrity while supporting timely response.
Behavioral Profiling Application — integration with the behavioral-profiling toolkit (Dark Triad, Big Five, MBTI destructive modes, Seven Radicals, Cialdini's Principles) for insider-threat target characterization.

Course Content

The Operational Distinction Between Insider and External Threat Tradecraft

Insider threats produce a defensive problem structure unlike external threats. External threat actors must first cross the perimeter, navigate access controls, escalate privilege, and establish persistence — leaving telemetry at each step that defensive tooling is calibrated to detect. Insiders start past all of that. Their activity blends with legitimate work, their motivations are often non-financial (ideology, grievance, recruitment by external adversary, life-event triggers), and the most consequential cases tend to involve sophisticated insiders who understand the detection systems they need to evade. Standard security tooling addresses external threats well and insider threats poorly. The discipline that closes the gap is structured insider-threat tradecraft, and the operational anchor of that tradecraft is elicitation — the technique of drawing information from sources without their realizing intelligence is being collected.

This course covers both halves of the insider-threat problem: structured detection (the Capability Maturity Model, behavioral indicators, detection workflow integration) and elicitation tradecraft (traditional and AI-augmented). The AI-augmentation angle is particularly consequential — over the past several years, AI capability has expanded the elicitation tradecraft dramatically, allowing persona-driven engagement at scale, multi-channel orchestration, and conversational continuity across long timeframes that classical elicitation could not achieve. Adversaries are deploying these capabilities operationally; defenders need to understand them both for offensive authorized use and for defensive recognition.

Part Of A Larger Curriculum

CI Tradecraft Flagship of The CounterIntelligence Stack

This Insider Threats & Elicitation Methods course is the CI-tradecraft flagship of The CounterIntelligence Stack ($3,999) at $999 — the highest-priced single component, anchoring the CI-tradecraft band alongside Personas / OPSEC ($499) and Adversary Targeting ($299). The Stack also includes the CCIAI flagship certification course plus the behavioral-profiling toolkit (Dark Triad, Big Five, MBTI, Seven Radicals, Cialdini) and additional CI tradecraft components (Deception Planning, Dirty Tricks, Cyber CoIntelPro). Comprehensive counter-intelligence capability at substantial bundle savings.

Common Questions

Insider Threats & Elicitation Methods — FAQ

Who is this course designed for?

Insider-threat analysts and investigators, counter-intelligence practitioners, CI program leads building or refining insider-threat functions, security operations leaders integrating insider-threat detection with broader security workflow, HR and legal counsel coordinating on insider-threat cases, IC counter-intelligence analysts, and authorized red-team operators planning insider-threat scenarios.

Why is this course more expensive than other CI Stack components?

At $999 this is the CI-tradecraft flagship — the highest-priced single component of The CounterIntelligence Stack. The cost reflects analytic depth: structured Capability Maturity Model, behavioral indicator catalog, traditional elicitation tradecraft, and the AI-augmentation angle that represents the most-evolved area of modern cyber HUMINT. Comparable in scope and depth to SATs in the Analyst Stack and PEOPINT / Cyber Warfare in the AI-Infused Cognitive Stack.

What is AI-augmented elicitation?

AI capability has expanded elicitation tradecraft dramatically over the past several years. Persona-driven engagement at scale, multi-channel orchestration, and conversational continuity across long timeframes that classical elicitation could not achieve. The course covers both offensive authorized use (in red-team and authorized CI contexts) and defensive recognition (identifying adversary AI-augmented operations targeting friendly personnel).

Is there a prerequisite?

None formal. Most learners benefit from also taking the behavioral-profiling components (Dark Triad, Big Five, MBTI destructive modes, Seven Radicals, Cialdini) for target characterization complementarity, and Personas / OPSEC for the persona-construction angle.

Is this part of a bundle or certification?

Yes. This course is one of 11 components of The CounterIntelligence Stack ($3,999) — the CI-tradecraft flagship component. Contributes substantially to the CCIAI (Certified Cyber CounterIntelligence Analyst) certification track.

About The Provider

Treadstone 71

We See What Others Cannot

Treadstone 71 has worked insider-threat and elicitation tradecraft continuously since 2002 — operational detection programs, structured Capability Maturity Model assessments, traditional and AI-augmented elicitation, and the integration with broader counter-intelligence work. The AI-augmentation curriculum reflects current operational practice and the rapid evolution of cyber HUMINT capability that AI has enabled. Veteran-owned, woman-led, NICCS-listed, IAFIE-aligned. Foundational capability spans USAF cryptologic linguistics, US Army armored reconnaissance, Norwich University M.S. Information Assurance, and two decades of operational counter-intelligence work.

Two Decades Insider-Threat Operations

AI-Augmented Elicitation Practice

NATO CCDCOE Briefings

NICCS Listed Provider

Close the Asymmetric Defender's Gap

Self-paced. Intermediate-to-advanced. Insider Threat CMM, behavioral indicators, traditional plus AI-augmented elicitation tradecraft. Scroll up to enroll, or consider The CounterIntelligence Stack to combine this with behavioral profiling and the full CI curriculum.

$999 USD Self-paced · CI Flagship · Lifetime access · CPE credits

Get started now!

Course Curriculum

Elicitation - Interviews and Online

Available in days

days after you enroll