Digital Threat Digest Insights Careers Let's talk

Cyber Threat Intelligence Analyst (CREST CRTIA)

Our CREST-Approved Cyber Threat Intelligence Analyst training provides existing cyber security practitioners with the intermediate level skills required for a member of a threat intelligence analysis team.


Participants will acquire the necessary skills and knowledge required to operate effectively as a cyber threat analyst within a security operations centre (SOC).

Training is aligned to support individuals seeking to undertake the CREST-Registered Threat Intelligence Analyst (CRTIA) exam.

This training can be delivered virtually, at our London or Bristol facilities, or at our clients’ premises; training is typically for group bookings only.



CREST-Approved Training.


By the end of this training, an analyst will be able to competently conduct effective cyber threat intelligence data collections and analyse multi-source information to gain a deeper understanding and awareness of cyber threats and actors’ Tactics, Techniques and Procedures – to help detect, predict and protect against cyber incidents.


Intermediate level cyber security professionals who wish to safely and effectively acquire cyber threat intelligence data collections into meaningful defensive knowledge. Example roles might include:

  • Cyber Threat Intelligence Analysts
  • Threat Engineers
  • Cyber Security Specialists/Engineers
  • (Cyber) Security Consultants
  • SOC Analysts
Learning outcomes
  • Demonstrate an understanding of cyber security operations concepts, terminology, principles, limitations and effects.
  • Analyse tools and frameworks that are most readily available to hackers seeking to attack an organisation.
  • Understand what constitutes a threat to network security.
  • Assess common computer and network infections and their methods.
  • Consider the tactics an organisation can employ to anticipate and counter an attacker’s capabilities and actions.
  • Determine different types of organisation, team and people involved in cyber threat intelligence collection.
  • Use cyber threat intelligence to inform the organisation’s cybersecurity operations.
  • Manage senior stakeholders.
  • Create and present clear and concise technical documentation to technical and non-technical third parties.
  • Safely and effectively conduct research using the deep web.
  • Evaluate host-based security products and how those products reduce vulnerability to exploitation.
  • Consolidate potential sources of information for their value to a cyber investigation.
  • Identify a network’s characteristics when viewed through the eyes of an attacker.
  • Identify and analyse physical, functional, or behavioural relationships to develop understanding of attackers and their objectives.
  • Recognise relevance of information to a cybersecurity strategy or investigation.
  • Exposure of working in a SOC or Threat Intelligence team.
  • Experience of using search engines to acquire relevant information.
  • Ideally Associate Cyber Threat Intelligence Analyst training or CREST’s CPTIA qualification – or equivalent.
  • Knowledge of business practices within your organisation, your organisation’s risk management processes and any IT user security policies.
  • For virtual/remote training a good internet connection/sufficient bandwidth is required, with full audio and video capability.

This training can be tailored to an industry or for a defined audience, with various durations. Example topics typically include:

Introduction to Intelligence

  • What is Intelligence and How do we Use it?

Key Concepts within CTI

  • Key Definitions and Terminology within CTI
  • Threat Groups Classifications
  • Models, including the Intelligence Cycle, F3EAD and the Cyber Kill Chain (CKC)

Planning and Direction

  • Intelligence Requirements
  • Predictive Measures

Data Collection

  • Intelligence Collection Sources
  • Technical vs. Human Collection
  • Deception, Disinformation, Misinformation and Fake News
  • Threat Vectors
  • Web Enumeration, Social Media, Document metadata and Web scraping
  • Threat Intelligence Platforms (TIPs)
  • Operational Security (OPSEC)
  • Social Media Intelligence (SOCMINT)
  • Cyber Human Intelligence (CyHUMINT)
  • Dark Web Operations

Data Analysis

  • Pyramid of Pain
  • Contextualization
  • Analysis Methodologies
  • Maltego
  • Machine-Based Techniques
  • Analytical Critique
  • Data Pivoting
  • Mapping to MITRE ATT&CK


  • Mechanisms of CTI Sharing
  • MISP
  • CERTs ISPs, and ISACs
  • Third Parties
  • Traffic Light Protocol
  • Classified Material
  • Quality Assurance
  • Reviewing Intelligence Products
  • Measures of Performance
  • Measures of Effectiveness
  • Threat Landscapes
  • Forecasting


  • Stakeholder Management
  • Communicating CTI Internally
  • Communicating Impact
  • Knowing your Customer
  • ISO
  • Intelligence-led Security Testing

Legal and Ethics

  • Ethics in Cyber Intelligence

Technical Cyber Threat Intelligence

  • IPv4 versus IPv6
  • VPN Protocols
  • Advanced intrusion techniques
  • Command and Control Techniques
  • Attribution
  • Open Source Malware Analysis

Intelligence-led Security Testing

  • CRTIA Practice Exam Preparation
  • PGI Assessment