Cyber Threat Intelligence Analyst (CREST CRTIA)

Intermediate level cyber security professionals who wish to safely and effectively acquire cyber threat intelligence data collections into meaningful defensive knowledge. Example roles might include:

• Cyber Threat Intelligence Analysts
• Threat Engineers
• Cyber Security Specialists/Engineers
• (Cyber) Security Consultants
• SOC Analysts

• Demonstrate an understanding of cyber security operations concepts, terminology, principles, limitations and effects.
• Analyse tools and frameworks that are most readily available to hackers seeking to attack an organisation.
• Understand what constitutes a threat to network security.
• Assess common computer and network infections and their methods.
• Consider the tactics an organisation can employ to anticipate and counter an attacker’s capabilities and actions.
• Determine different types of organisation, team and people involved in cyber threat intelligence collection.
• Use cyber threat intelligence to inform the organisation’s cybersecurity operations.
• Manage senior stakeholders.
• Create and present clear and concise technical documentation to technical and non-technical third parties.
• Safely and effectively conduct research using the deep web.
• Evaluate host-based security products and how those products reduce vulnerability to exploitation.
• Consolidate potential sources of information for their value to a cyber investigation.
• Identify a network’s characteristics when viewed through the eyes of an attacker.
• Identify and analyse physical, functional, or behavioural relationships to develop understanding of attackers and their objectives.
• Recognise relevance of information to a cybersecurity strategy or investigation.

• Exposure of working in a SOC or Threat Intelligence team.
• Experience of using search engines to acquire relevant information.
• Ideally Associate Cyber Threat Intelligence Analyst training or CREST’s CPTIA qualification – or equivalent.
• Knowledge of business practices within your organisation, your organisation’s risk management processes and any IT user security policies.
• For virtual/remote training a good internet connection/sufficient bandwidth is required, with full audio and video capability.

This training can be tailored to an industry or for a defined audience, with various durations. Example topics typically include:

Introduction to Intelligence

• What is Intelligence and How do we Use it?

Key Concepts within CTI

• Key Definitions and Terminology within CTI
• Threat Groups Classifications
• Models, including the Intelligence Cycle, F3EAD and the Cyber Kill Chain (CKC)
• MITRE ATT&CK

Planning and Direction

• Intelligence Requirements
• Predictive Measures

Data Collection

• Intelligence Collection Sources
• Technical vs. Human Collection
• Deception, Disinformation, Misinformation and Fake News
• Threat Vectors
• Web Enumeration, Social Media, Document metadata and Web scraping
• Threat Intelligence Platforms (TIPs)
• Operational Security (OPSEC)
• Social Media Intelligence (SOCMINT)
• Cyber Human Intelligence (CyHUMINT)
• Dark Web Operations

Data Analysis

• Pyramid of Pain
• Contextualization
• Analysis Methodologies
• Maltego
• Machine-Based Techniques
• Analytical Critique
• Data Pivoting
• Mapping to MITRE ATT&CK

Dissemination

• Mechanisms of CTI Sharing
• MISP
• CERTs ISPs, and ISACs
• Third Parties
• Traffic Light Protocol
• Classified Material
• Quality Assurance
• Reviewing Intelligence Products
• Measures of Performance
• Measures of Effectiveness
• Threat Landscapes
• Forecasting

Management

• Stakeholder Management
• Communicating CTI Internally
• Communicating Impact
• Knowing your Customer
• ISO
• Intelligence-led Security Testing

Legal and Ethics

• Ethics in Cyber Intelligence

Technical Cyber Threat Intelligence

• IPv4 versus IPv6
• VPN Protocols
• Advanced intrusion techniques
• Command and Control Techniques
• Attribution
• Open Source Malware Analysis

Intelligence-led Security Testing

• CRTIA Practice Exam Preparation
• PGI Assessment