Digital Threat Digest Insights Careers Let's talk

Cyber Threat Intelligence Manager (CREST CTIM)

Our CREST-approved training provides the required skills for an individual to manage functions and activities related to cyber threat intelligence—such as collecting and analysing multi-source information about cyber security threats—to derive and report indicators that help organisations detect and predict cyber incidents and protect systems and networks from cyber threats.


Training is aligned to support individuals seeking to undertake the CREST Certified Threat Intelligence Manager exam.

This training can be delivered virtually, at our London or Bristol facilities, or at our clients’ premises; training is typically for group bookings only.


CREST-Approved Training

CREST-Approved Training.


By the end of this training, a participant will possess the expert skills and knowledge necessary to be able to build and lead a cyber threat intelligence team or department effectively – aligned to the organisations cyber security strategy and goals, and to provide actionable intelligence to senior stakeholders.


Senior practitioner-level cyber security professionals who wish to manage cyber threat intelligence operations. Example roles might include:

  • Cyber Threat Intelligence Managers
  • Cyber Threat Intelligence Analysts
  • Cyber Threat Engineers
  • Cyber Security Specialists/Engineers
  • Cyber Security Consultants
  • SOC Analysts with CTI experience
Learning outcomes
  • Demonstrate expert knowledge of cybersecurity threat intelligence operations concepts, terminology, principles, limitations and effects.
  • Determine different types of organisation, team and people involved in cyber threat intelligence collection.
  • Analyse physical, functional, or behavioural relationships to develop understanding of attackers and their objectives.
  • Evaluate gaps and limitations in cyber threat intelligence provision.
  • Effectively utilise information relevant to an organisation’s cyber security strategy or investigation.
  • Utilise principal methods, procedures and techniques for gathering, producing, reporting and sharing cybersecurity information.
  • Locate public sources detailing common application security risks and mitigations.
  • Provide expert knowledge on cyber threat intelligence sources and their respective capabilities.
  • Understand organisational objectives, leadership priorities and risk management methods.
  • Discuss different types of organisation, team and people involved in cyber threat intelligence collection.
  • Communicate how to use cyber threat intelligence to inform the organization’s cybersecurity operations effectively.
  • Inform on the tactics an organisation can employ to anticipate and counter an attacker’s capabilities and actions.
  • Prioritise cyber threats which may jeopardise the organisation or its stakeholders’ interests.
  • Manage senior stakeholders internal and external of the organisation.
  • Operational experience of working in a senior Cyber Threat Intelligence role.
  • Experience of managing or leading security practitioners.
  • Ideally Cyber Threat Intelligence Analyst training, or ideally CREST’s CRTIA qualification – or equivalent.
  • Knowledge of business practices within your organisation, your organisation’s risk management processes and any IT user security policies.
  • For virtual/remote training a good internet connection/sufficient bandwidth is required, with full audio and video capability.

This training can be tailored to an industry, or for a defined audience with various durations. Example topics typically include:

Cyber Threat Intelligence Management

  • Profiling a CTI Manager
  • Information Security Management System (Controls and Measures)
  • Designing a CTI Programme
  • Discussion – Intelligence-Led Security Testing
  • Intelligence Producer or Consumer
  • Building a CTI Programme
  • Intelligence led Security Testing
  • Intelligence led Incident Response
  • Project review: Conducting a review after an intelligence-led engagement, assessing the successes and failures in conjunction with the customer

Legal and Ethical

  • Legalities and Ethics

Planning and Direction

  • Managing Relationships
  • Intelligence Requirements
  • Priority Intelligence Requirements
  • Intelligence Preparation of the Cyber Environment (IPCE)
  • Understand the end customer

Data Collection

  • Collection Sources
  • Technical vs Human Collection
  • Bulk Data Collection
  • Deception, Disinformation, Misinformation and Fake News
  • Threat Intelligence Platforms (TIPs)
  • Threat Monitoring
  • Social Media Intelligence (SOCMINT)
  • Operational Security (OPSEC)
  • Cyber Human Intelligence (CyHUMINT)
  • Dark Web Operations
  • Building our Virtual Machine (VM)
  • TOR
  • The Dark Web

Data Analysis

  • Fundamental Statistical Methods of Analysis
  • Maltego
  • Attack Trees
  • Data Pivoting
  • Vulnerabilities
  • Wireshark

Product Dissemination

  • Mechanisms of CTI Sharing
  • MISP
  • Indicators of Compromise
  • Indicators of Attack
  • YARA Rules
  • CERTs, ISPs and ISACs
  • Third Parties
  • Traffic Light Protocol
  • Quality Assurance
  • Reviewing Intelligence Products
  • MOP and MOE

  • CCTIM Practice Exam Preparation
  • PGI Assessment