What is cyber intelligence training?

Cyber intelligence training teaches analysts how to collect, structure, assess, write, and brief intelligence for cyber risk, threat, influence, and operational decisions. Treadstone 71 programs cover collection planning, OSINT, structured analytic techniques, deception detection, warning analysis, reporting, and forecasting — all aligned to IAFIE standards and listed in the CISA NICCS catalog.

Who should take counterintelligence and cyber intelligence courses?

Programs fit threat intelligence analysts, security leaders, investigators, cybercrime teams, intelligence writers, peer reviewers, government agencies, defense organizations, and enterprise security groups that need stronger analytic tradecraft.

Do you offer cognitive warfare and disinformation training?

Yes. The catalog includes cognitive warfare, narrative analysis, deception, influence operations, Russian and Chinese cognitive warfare doctrine, People Intelligence (PEOPINT), and related programs that help students identify manipulation, hostile narratives, and behavior-driven threat patterns.

Are the courses self-paced or live?

Most programs offer online, on-demand access with mentor support. Select programs add live web meetings, office hours, or instructor-supported cohorts. In-person training is available through Treadstone 71's client-driven and Project Omega Prague residency formats.

Do you provide team or enterprise licensing?

Yes. Enterprise subscription options support organization-wide access through a single annual license. Teams gain shared training paths, consistent analytic language across analysts, and centralized progress reporting for security leadership.

Are the certifications recognized in the intelligence community?

Treadstone 71 training is IAFIE-aligned, follows PHIA standards language, and is listed in the CISA NICCS training catalog as a recognized cybersecurity workforce development provider. Certifications carry CPE credits and are recognized by government agencies, defense contractors, and Fortune 500 security teams worldwide.

What is the TWELVEROFF discount code?

TWELVEROFF is the current promotional code for 12 percent off featured programs at checkout. Apply at the checkout step on any featured course page. Subject to change — verify current offer on the featured programs page.

How does this site relate to Treadstone 71?

The Cyber Intel Training Center is the official online training platform of Treadstone 71 LLC, a veteran-owned, woman-led cyber intelligence firm operating since 2002. Treadstone 71 also delivers in-person training, consulting, adversary dossiers, and intelligence program builds at treadstone71.com.

NICCS LISTED · SOURCE EVALUATION · ADMIRALTY CODE · DECEPTION DETECTION · OSINT VALIDATION · IAFIE ALIGNED

Source Evaluation Disciplined Source Reliability and Credibility Assessment for Cyber Intelligence

Name: Enterprise Cyber Intelligence Training Subscription
Brand: Treadstone 71
Price: 99990.00 USD
Availability: InStock

Source evaluation is the discipline that determines how much weight an analyst should give to any specific piece of collected information. Done well, it produces source characterizations that survive ICD 203 review and let downstream consumers calibrate their own confidence in analytic judgments. Done poorly or skipped, it produces reports where adversary-injected disinformation rides alongside reliable signal with no way for the consumer to tell the difference. In cyber intelligence work — where OSINT sourcing dominates, source attribution is often opaque, and adversary deception is operationally normal — disciplined source evaluation is not optional.

This course covers source evaluation tradecraft for cyber intelligence — the Admiralty Code (A-F reliability / 1-6 credibility) calibrated for cyber sources, multi-source corroboration patterns, deception markers, OSINT-specific source evaluation, integration with the SATs Deception Detection technique, and the source-characterization conventions that Analytic Writing deployments require. The validation discipline at the downstream end of the collection-band trinity.

Course Price$399 USD

StandardAdmiralty Code

LevelIntermediate

DisciplineValidation

What You'll Learn

Source evaluation tradecraft for cyber intelligence

The Admiralty Code — the NATO STANAG 2511 source-reliability (A through F) and information-credibility (1 through 6) scales as standard source-characterization vocabulary. Calibration of the scales for cyber-domain sources where attribution and chain-of-custody differ from physical-domain HUMINT contexts.
Multi-Source Corroboration Patterns — when independent corroboration adds confidence and when it does not. The structural difference between sources that share a common upstream origin (no true corroboration) and sources that are operationally independent (genuine corroboration). Why the distinction matters and how to recognize it in cyber sources.
Deception Markers in Sources — patterns that suggest deliberate adversary injection: timing anomalies, attribution-too-clean signatures, narrative-too-convenient framings, technical-detail inconsistencies, and the recognition tradecraft that surfaces deception before it reaches analytic production. Integration with the SATs Deception Detection technique.
OSINT-Specific Source Evaluation — the special challenges of OSINT sourcing where source attribution is often opaque, chain-of-custody is rarely documented, and adversary-controlled sources are operationally common. Practical tradecraft for evaluating sources where classical HUMINT-style attribution is unavailable.
Source Characterization for Analytic Writing — translating source evaluation outputs into the source characterizations that ICD 203 compliant Analytic Writing requires. The conventions that let downstream consumers evaluate how much weight to place on which assertions.
Source-Evaluation Workflow Integration — how source evaluation integrates with Collection Management (validation feedback to collection planning) and the analytic-method band (source-weighted judgment formation). The closing-the-loop discipline.

Course Content

The Validation Discipline at the Downstream End of Collection

Source evaluation closes the loop on the collection-band trinity. Upstream, Stakeholder Analysis identifies what is needed and Intelligence Requirements structures it formally. Operationally, Collection Management plans and tasks collection against the requirements. Source evaluation validates the collected information — characterizing source reliability and information credibility so downstream analytic production can weight assertions appropriately and downstream consumers can calibrate their own confidence. Without disciplined source evaluation, the analytic chain processes adversary-injected disinformation alongside reliable signal with no operational way to distinguish them in production. The result is analytic products that systematically mislead the consumers depending on them.

This course operationalizes source evaluation for cyber intelligence work specifically. The Admiralty Code provides the standard vocabulary, calibrated for cyber-domain sources where attribution is often opaque and chain-of-custody is rarely documented. Multi-source corroboration patterns address the analytic trap of treating common-origin sources as independent confirmation. Deception markers and OSINT-specific source-evaluation tradecraft address the operational realities of working cyber intelligence environments. Integration with the SATs Deception Detection technique and Analytic Writing source-characterization conventions closes the workflow loop with the rest of the Analyst Stack methodology curriculum.

Part Of A Larger Curriculum

Validation Component of the Collection Band in The Analyst Stack

This Source Evaluation course is one of the collection-discipline components of The Analyst Stack ($6,999), alongside Stakeholder Analysis ($399), Intelligence Requirements ($299), and Collection Management ($399). The four components form the upstream and validation collection-discipline band; together with the analytic-method band (SATs, Critical Thinking, Analytic Writing), the strategic-assessment band (STEMPLES Plus), and the CCIA flagship, the Stack delivers comprehensive day-one analyst capability at substantial bundle savings versus individual enrollment.

Common Questions

Source Evaluation — FAQ

Who is this course designed for?

Cyber threat intelligence analysts working OSINT-heavy sourcing where attribution is opaque, CTI analysts producing source-characterized reports for downstream consumers, IC analysts working source-reliability discipline, ALL-SOURCE analysts integrating multiple source disciplines, MSSP / consulting analysts handling client-facing source characterization, and analytic methodology trainees building the validation discipline.

What is the Admiralty Code?

The Admiralty Code (NATO STANAG 2511) is a standard source-characterization system with two dimensions: source reliability (A — completely reliable through F — cannot be judged) and information credibility (1 — confirmed by other sources through 6 — cannot be judged). The two-dimension system separates the analyst's assessment of the source from the assessment of the specific information — different sources of varying reliability can deliver information of varying credibility, and the distinction matters operationally.

How does this differ from technical CTI source validation?

Technical CTI source validation covers integrity, freshness, and technical correctness of specific data feeds (threat intelligence platforms, vendor feeds, ISAC reporting). This course covers source evaluation as analytic tradecraft — the disciplined assessment of source reliability and information credibility regardless of source format. The two approaches are complementary; technical validation handles the data-feed layer, analytic source evaluation handles the intelligence-tradecraft layer.

Is there a prerequisite?

None formal. Most learners benefit from the full collection-discipline band: Stakeholder Analysis, Intelligence Requirements, Collection Management. Strong integration also with SATs Deception Detection technique and Analytic Writing source-characterization conventions.

Is this part of a bundle or certification?

Yes. This course is one of 10 components of The Analyst Stack ($6,999) — the validation component of the collection-discipline band. Contributes to the CCIA (Certified Cyber Intelligence Analyst) certification track, which references source-evaluation tradecraft throughout its curriculum.

About The Provider

Treadstone 71

We See What Others Cannot

Treadstone 71 has taught source evaluation applied to cyber intelligence continuously since the firm's founding in 2002 — disciplined source-reliability assessment, multi-source corroboration patterns, deception detection, and the OSINT-specific tradecraft that operational cyber intelligence work demands. Foundational source-evaluation capability includes USAF cryptologic linguistics, NATO STANAG familiarity, and two decades of operational application across financial services, defense industrial base, federal civilian agencies, MSSP and consulting practices, and critical infrastructure operators. Veteran-owned, woman-led, NICCS-listed, IAFIE-aligned.

NATO Admiralty Code Tradecraft

Two Decades OSINT Source Evaluation

NATO CCDCOE Briefings

NICCS Listed Provider

Validate Sources Before They Reach Analytic Production

Self-paced. Intermediate-level. Source evaluation tradecraft for cyber intelligence. Admiralty Code calibrated for cyber sources, deception detection, OSINT-specific source evaluation. Scroll up to enroll, or consider The Analyst Stack to combine this with the full collection-discipline band and the broader analyst methodology curriculum.

$399 USD Self-paced · Intermediate · Lifetime access · CPE credits

Get started now!

Course Curriculum

Strategic Source Evaluation - Credibility - Validity - Relevance

Available in days

days after you enroll

Source Evaluation in Collection Management