The Certified Threat Intelligence Analyst (C|TIA) is a training and credentialing program designed and developed in collaboration with cybersecurity and threat intelligence experts from around the globe to help organizations identify and mitigate business risks by converting unknown internal and external threats into known threats. It is a comprehensive, specialist-level program that teaches a structured approach to building effective threat intelligence.
The program is based on a rigorous Job Task Analysis (JTA) of the roles involved in the field of threat intelligence. It differentiates threat intelligence professionals from other information security professionals. It is a highly interactive, comprehensive, and standards-based intensive 3-day training program that teaches information security professionals how to build professional threat intelligence. C|TIA is a method-driven program that uses a holistic approach, covering concepts from planning the threat intelligence project to building a report and disseminating threat intelligence. These concepts are essential for building effective threat intelligence and, when used properly, can secure organizations from future threats or attacks.
Key Learning Points for C|TIA Professionals:
- Different data analysis types and techniques (Statistical Data Analysis, Analysis of Competing Hypotheses (ACH), Structured Analysis of Competing Hypotheses (SACH), etc.)
- Complete threat analysis process which includes threat modeling, fine-tuning, evaluation, runbook, and knowledge base creation.
- Different data analysis, threat modeling, and threat intelligence tools.
- Creating effective threat intelligence reports.
- Threat intelligence dissemination and sharing (Dissemination preferences, intelligence collaboration, sharing rules and models, TI exchange types and architecture, participating in sharing relationships, standards and formats for sharing threat intelligence, etc.)
- Different threat intelligence sharing platforms acts, and regulations for sharing strategic, tactical, operational, and technical intelligence.
Course Outline
Lesson 1: Introduction to Threat Intelligence
- Understanding Intelligence
- Understanding Cyber Threat Intelligence
- Overview of the Threat Intelligence Lifecycle and Frameworks
Lesson 2: Cyber Threats and Kill Chain Methodology
- Understanding Cyber Threats
- Understanding Advanced Persistent Threats (APTs)
- Understanding the Cyber Kill Chain
- Understanding Indicators of Compromise (IoCs)
Lesson 3: Requirements, Planning, Direction, and Review
- Understanding the Organization’s Current Threat Landscape
- Understanding Requirements Analysis
- Planning the Threat Intelligence Program
- Establishing Management Support
- Building a Threat Intelligence Team
- Overview of Threat Intelligence Sharing
- Reviewing the Threat Intelligence Program
Lesson 4: Data Collection and Processing
- Overview of Threat Intelligence Data Collection
- Overview of Threat Intelligence Collection Management
- Overview of Threat Intelligence Feeds and Sources
- Understanding Threat Intelligence Data Collection and Acquisition
- Understanding Bulk Data Collection
- Understanding Data Processing and Exploitation
Lesson 5: Data Analysis
- Overview of Data Analysis
- Understanding Data Analysis Techniques
- Overview of Threat Analysis
- Understanding the Threat Analysis Process
- Overview of Fine-Tuning Threat Analysis
- Understanding Threat Intelligence Evaluation
- Creating Runbooks and a Knowledge Base
- Overview of Threat Intelligence Tools
Lesson 6: Intelligence Reporting and Dissemination
- Overview of Threat Intelligence Reports
- Introduction to Dissemination
- Participating in Sharing Relationships
- Overview of Sharing Threat Intelligence
- Overview of Delivery Mechanisms
- Understanding Threat Intelligence Sharing Platforms
- Overview of Intelligence Sharing Acts and Regulations
- Overview of Threat Intelligence Integration