Associate Cyber Threat Intelligence Analyst (CREST CPTIA)

By the end of this training, you will understand the core concepts associated with cyber threat intelligence functions and acquire the necessary skills and knowledge required to operate effectively in support of a cyber threat analyst within a security operations centre (SOC).

Entry-level cyber security professionals who wish to understand how to acquire cyber threat intelligence data collections in preparation for analysis. Example roles might include:

• Junior Cyber Security Analysts
• Cyber Threat Intelligence Analysts
• Security Analysts
• SOC Analysts

• Understand relevant cyber security aspects of legislative and regulatory requirements, relating to ethics and privacy.
• Determine cyber security related threats and vulnerabilities.
• Gain awareness of the likely operational impact on an organisation of cyber security breaches.
• Use of defense and vulnerability assessment tools and their capabilities.
• Learn best practice analysis principles and methods.
• Consider cyber security and privacy principles and organisational requirements.
• Know various system and application security threats and vulnerabilities.
• Follow processes for reporting cyber security incidents.
• Consider attackers relevant to the organisation’s tactics, techniques and procedures.
• Research threat intelligence sources, capabilities and limitations.
• Learn how threat intelligence sources collect intelligence.
• Understand different classes and stages of cyber-attacks.
• Understand different types of cyber attackers, their capabilities and objectives.
• Determine effective risk and threat assessment methods.
• Recognise relevant legislative and regulatory requirements.
• Be aware of the relevant laws, legal authorities, restrictions and regulations that govern and are applicable to cyber security activities.
• Determine the principal methods, procedures and techniques for gathering, producing, reporting and sharing cyber security information.
• Understand an organisation’s threat environment.
• Use of public sources detailing common application security risks and mitigations.
• Consider attack methods and techniques.
• Find cyber threat intelligence sources and determine their respective capabilities.
• How to use cyber threat intelligence to inform the organisation’s cyber security planning.
• Understand which cyber threat actors are relevant to your organisation.
• Determine the threat environment within which your organisation is operating.
• Learn how threat actors relevant to the organisation use the internet and the targeting information they could learn about the organisation from it.
• Effectively prepare and present briefings in a clear and concise manner.
• Utilise feedback to improve cyber security processes, products and services.
• Tailor analysis to the necessary levels based on organisational policies on data handling and classification and distribution of sensitive material.
• Conduct non-attributable research.
• Define and characterize aspects of the operational environment relevant to its cyber security strategy.
• Develop or recommend analytic approaches in situations where information is incomplete or for which no precedent exists.
• Evaluate information for reliability, validity and relevance.
• Identify alternative analytical interpretations to minimize unanticipated outcomes.
• Identify cyber threats which may jeopardize the organisation or its stakeholders’ interests.
• Construct simple and complex queries.
• Use multiple analytic tools, databases and techniques.
• Navigate use of multiple search engines and tools in conducting open-source searches.
• Conduct network analysis and use reconstruction tools and interpreting their results.
• Utilise virtual collaborative workspaces and tools in line with organisational cyber security policies.
• Skill in writing, reviewing and editing cyber security assessment products using information derived from multiple sources.

Ideally CompTIA Network+ and/or Security+ training/qualification.

Knowledge of:

• Cyber security communication methods, principles and concepts that support the network infrastructure.
• Cryptography and cryptographic key management concepts.
• IT security principles and methods.
• Operating systems.
• Cyber security threats, risks and issues posed by new technologies and malicious actors.
• Security management.
• What constitutes a threat to network security.

Skills in:

• Using virtual private network devices and its encryption.
• Effectively recognise and categorise types of vulnerabilities and associated attacks.
• Using network analysis tools to identify vulnerabilities.
• Applying security models.
• Recognise vulnerabilities in security systems.

This training can be tailored to an industry or for a defined audience, with various durations. Example topics typically include:

Introduction to Intelligence

• The history of the internet
• What is intelligence and how do we use it?

Key Concepts within CTI

• Objectives of CTI
• Key Definitions and Terminology within CTI
• Threat Groups
• Threat Vectors
• Vulnerability Management
• The Intelligence Cycle
• Cyber Kill Chain
• Diamond Model

Planning and Direction

• Terms of Reference
• Knowing the Customer
• Measures of Performance (MOP) and Measures of Effectiveness (MOE)
• Consuming CTI

Data Collection

• Sources
• Intelligence Collection Plans (ICPs)
• Boolean Searches
• Intelligence Gaps

Data Analytics

• Analytical Judgement
• Analytical Techniques
• Hypothesis Testing
• Circular Reporting
• Intelligence probability matrix
• Intelligence bias
• Intelligence analysis representation
• Mapping threats

Dissemination

• Principles of report writing
• Reporting content
• Intelligence product dissemination
• Mechanisms of dissemination and sharing
• TAXII
• STIX
• Quality assurance and the review process
• Intelligence sharing

Legalities and Ethics

• Handling of classified material
• Key legislation pertaining to intelligence collection

Writing a Threat Assessment

Exam Preparation