Course Code: 5763

CTIA Certified Threat Intelligence Analyst

Class Dates:
3 Days
Class Time:
Virtual Instructor-Led Training, Instructor-Led Training


  • Course Overview
  • This 3 Day Course, Certified Threat Intelligence Analyst (C|TIA) is designed and developed in collaboration with cybersecurity and threat intelligence experts across the globe to help organizations identify and mitigate business risks by converting unknown internal and external threats into known threats. It is a comprehensive, specialist-level program that teaches a structured approach for building effective threat intelligence.

    C|TIA is a method-driven program that uses a holistic approach, covering concepts from planning the threat intelligence project to building a report to disseminating threat intelligence. These concepts are highly essential while building effective threat intelligence and, when used properly, can secure organizations from future threats or attacks.
    his program addresses all the stages involved in the Threat Intelligence Life Cycle.

  • Audience
  • Who Is It For? Ethical Hackers Security Practitioners, Engineers, Analysts, Specialist, Architects, and Managers Threat Intelligence Analysts, Associates, Researchers, Consultants Threat Hunters SOC Professionals Digital Forensic and Malware Analysts Incident Response Team Members Any mid-level to high-level cybersecurity professionals with a minimum of 2 years of experience. Individuals from the information security profession and who want to enrich their skills and knowledge in the field of cyber threat intelligence. Individuals interested in preventing cyber threats.


Course Details

  • Module 01: Introduction to Threat Intelligence
  • Understanding Intelligence
  • Intelligence Definition and Essential Terminology
  • Intelligence vs. Information vs. Data
  • Intelligence-Led Security Testing (Background and Reasons)
  • Understanding Cyber Threat Intelligence
  • Cyber Threat Intelligence (CTI)
  • Cyber Threat Intelligence Stages, Characteristics of Threat Intelligence
  • Benefits of CTI, Enterprise Objectives for Threat Intelligence Programs
  • Types of Threat Intelligence, Strategic, Tactical ,Operational,,Technical
  • ? Threat Intelligence Generation, Informed Risk Management
  • Integration of Threat Intelligence into SIEM
  • Leverage Threat Intelligence for Enhanced Incident Response
  • .
  • Overview of Threat Intelligence Lifecycle and Frameworks
  • Threat Intelligence Lifecycle, ? Threat Analyst Roles in Threat Intelligence Lifecycle
  • Threat Intelligence Strategy , Capabilities
  • Capabilities to Look for in Threat Intelligence Solution
  • Threat Intelligence Maturity Mode, Frameworks
  • Collective Intelligence Framework (CIF)
  • CrowdStrike Cyber Threat Intelligence Solution
  • NormShield Threat and Vulnerability Orchestration
  • MISP - Open Source Threat Intelligence Platform
  • TC Complete, Yeti, ThreatStream
  • Additional Threat Intelligence Frameworks
  • Module 02: Cyber Threats and Kill Chain Methodology
  • Understanding Cyber Threats, Overview of Cyber Threats
  • Cyber Security Threat Categories, Threat Actors/Profiling the AttackerThreat: Intent, Capability, Opportunity Triad
  • Motives, Goals, and Objectives of Cyber Security Attacks
  • Hacking Forums
  • Understanding Advanced Persistent Threats (APTs)
  • Advanced Persistent Threats (APTs
  • Characteristics of Advanced Persistent Threats (APTs), Advanced Persistent Threat Lifecycle
  • Understanding Cyber Kill Chain, Cyber Kill Chain Methodology
  • Tactics, Techniques, and Procedures (TTPs), Adversary Behavioral Identification, Kill Chain Deep Dive Scenario - Spear Phishing
  • Understanding Indicators of Compromise (IoCs), Indicators of Compromise (IoCs)
  • Why Indicators of Compromise Important?, ? Categories of IoCs
  • Key Indicators of Compromise, Pyramid of Pain
  • Module 03: Requirements, Planning, Direction, and Review
  • Understanding Organization’s Current Threat Landscape
  • Identify Critical Threats to the Organization,
  • Assess Current Security Team’s Structure and Competencies
  • Understand Organization’s Current Security Infrastructure and Operations, Assess Risks for Identified Threats
  • Map out Organization’s Ideal Target State
  • Identify Intelligence Needs and Requirements
  • Define Threat Intelligence Requirements, Threat Intelligence Requirement Categories
  • Business Needs and Requirements, Business Units, Internal Stakeholders, and Third-Parties
  • Intelligence Consumers Needs and Requirements
  • Priority Intelligence Requirements (PIRs)
  • Factors for Prioritizing Requirements, MoSCoW Method for Prioritizing Requirements, Prioritize Organizational Assets
  • Scope Threat Intelligence Program, Rules of Engagement, Non-Disclosure Agreements, Avoid Common Threat Intelligence Pitfalls
  • .
  • Planning Threat Intelligence Program
  • Prepare People, Processes, and Technology, Develop a Collection Plan
  • Schedule Threat Intelligence Program, Plan a Budget
  • Develop Communication Plan to Update Progress to Stakeholders
  • Aggregate Threat Intelligence, Select a Threat Intelligence Platform , Track Metrics to Keep Stakeholders Informed
  • Establishing Management Support, Prepare Project Charter and Policy to Formalize the Initiative
  • Establish Your Case to Management for a Threat Intelligence Program and Apply a Strategic Lens
  • Building a Threat Intelligence Team, Satisfy Organizational Gaps with the Appropriate Threat Intelligence Team
  • Understand different Threat Intelligence Roles and Responsibilities, Identify Core Competencies and Skills, Define Talent Acquisition Strategy
  • Building and Positioning an Intelligence Team, How to Prepare an Effective Threat Intelligence Team
  • Overview of Threat Intelligence Sharing, Establishing Threat Intelligence Sharing Capabilities
  • Reviewing Threat Intelligence Program
  • Module 04: Data Collection and Processing
  • Overview of Threat Intelligence Data Collection
  • Overview of Threat Intelligence Collection Management
  • Overview of Threat Intelligence Feeds and Sources
  • Understanding Threat Intelligence Data Collection and Acquisition
  • Data Collection through Web Services
  • Data Collection through Website FootprintingData Collection through Emails
  • Data Collection through Emails
  • Data Collection through Whois Lookup
  • Data Collection through DNS Interrogation
  • Automating OSINT effort using Tools/Frameworks/Scripts
  • Data Collection through Cyber Counterintelligence (CCI)
  • Data Collection through Indicators of Compromise (IoCs)
  • .
  • IoC Data Collection through Internal Sources
  • Tools for IoC Data Collection through Internal Sources
  • Data Collection through Building Custom IoCs
  • Tools for Building Custom IoCs
  • Data Collection through Malware Analysis
  • Understanding Bulk Data Collection
  • Understanding Data Processing and Exploitation
  • Module 05: Data Analysis
  • Overview of Data Analysis
  • Understanding Data Analysis Techniques
  • Analysis of Competing Hypotheses (ACH)
  • ACH Tool
  • Structured Analysis of Competing Hypotheses (SACH)
  • Other Data Analysis Methodologies
  • Overview of Threat Analysis
  • Understanding Threat Analysis Process
  • Threat Modeling Methodologies
  • Threat Modeling Tools, Enrich the Indicators with Context
  • Enhance Threat Analysis Process with the Diamond Model Framework
  • Validating and Prioritizing Threat Indicators
  • .
  • Overview of Fine-Tuning Threat Analysis
  • Understanding Threat Intelligence Evaluation
  • Creating Runbooks and Knowledge Base
  • Overview of Threat Intelligence Tools
  • Threat Intelligence Tools
  • Module 06: Intelligence Reporting and Dissemination
  • Overview of Threat Intelligence Reports
  • Introduction to Dissemination
  • Participating in Sharing Relationships
  • Overview of Sharing Threat Intelligence
  • Overview of Delivery Mechanisms
  • Understanding Threat Intelligence Sharing Platforms
  • Overview of Intelligence Sharing Acts and Regulations
  • Overview of Threat Intelligence Integration