Our CREST-Approved Cyber Threat Intelligence Analyst training provides existing cyber security practitioners with the intermediate level skills required for a member of a threat intelligence analysis team.

Participants will acquire the necessary skills and knowledge required to operate effectively as a cyber threat analyst within a security operations centre (SOC).

Training is aligned to support individuals seeking to undertake the CREST-Registered Threat Intelligence Analyst (CRTIA) exam.

This training can be delivered virtually, at our London or Bristol facilities, or at our clients’ premises; training is typically for group bookings only.


  • Aim Show more Show less

    By the end of this training, an analyst will be able to competently conduct effective cyber threat intelligence data collections and analyse multi-source information to gain a deeper understanding and awareness of cyber threats and actors’ Tactics, Techniques and Procedures – to help detect, predict and protect against cyber incidents.

  • Audience Show more Show less

    Intermediate level cyber security professionals who wish to safely and effectively acquire cyber threat intelligence data collections into meaningful defensive knowledge. Example roles might include:

    • Cyber Threat Intelligence Analysts
    • Threat Engineers
    • Cyber Security Specialists/Engineers
    • (Cyber) Security Consultants
    • SOC Analysts
  • Learning outcomes Show more Show less

    • Demonstrate an understanding of cyber security operations concepts, terminology, principles, limitations and effects.
    • Analyse tools and frameworks that are most readily available to hackers seeking to attack an organisation.
    • Understand what constitutes a threat to network security.
    • Assess common computer and network infections and their methods.
    • Consider the tactics an organisation can employ to anticipate and counter an attacker’s capabilities and actions.
    • Determine different types of organisation, team and people involved in cyber threat intelligence collection.
    • Use cyber threat intelligence to inform the organisation’s cybersecurity operations.
    • Manage senior stakeholders.
    • Create and present clear and concise technical documentation to technical and non-technical third parties.
    • Safely and effectively conduct research using the deep web.
    • Evaluate host-based security products and how those products reduce vulnerability to exploitation.
    • Consolidate potential sources of information for their value to a cyber investigation.
    • Identify a network’s characteristics when viewed through the eyes of an attacker.
    • Identify and analyse physical, functional, or behavioural relationships to develop understanding of attackers and their objectives.
    • Recognise relevance of information to a cybersecurity strategy or investigation.
  • Prerequisites Show more Show less

    • Exposure of working in a SOC or Threat Intelligence team.
    • Experience of using search engines to acquire relevant information.
    • Ideally Associate Cyber Threat Intelligence Analyst training or CREST’s CPTIA qualification – or equivalent.
    • Knowledge of business practices within your organisation, your organisation’s risk management processes and any IT user security policies.
    • For virtual/remote training a good internet connection/sufficient bandwidth is required, with full audio and video capability.
  • Syllabus Show more Show less

    This training can be tailored to an industry or for a defined audience, with various durations. Example topics typically include:

    Introduction to Intelligence

    • What is Intelligence and How do we Use it?


    Key Concepts within CTI

    • Key Definitions and Terminology within CTI
    • Threat Groups Classifications
    • Models, including the Intelligence Cycle, F3EAD and the Cyber Kill Chain (CKC)


    Planning and Direction

    • Intelligence Requirements
    • Predictive Measures


    Data Collection

    • Intelligence Collection Sources
    • Technical vs. Human Collection
    • Deception, Disinformation, Misinformation and Fake News
    • Threat Vectors
    • Web Enumeration, Social Media, Document metadata and Web scraping
    • Threat Intelligence Platforms (TIPs)
    • Operational Security (OPSEC)
    • Social Media Intelligence (SOCMINT)
    • Cyber Human Intelligence (CyHUMINT)
    • Dark Web Operations


    Data Analysis

    • Pyramid of Pain
    • Contextualization
    • Analysis Methodologies
    • Maltego
    • Machine-Based Techniques
    • Analytical Critique
    • Data Pivoting
    • Mapping to MITRE ATT&CK



    • Mechanisms of CTI Sharing
    • MISP
    • CERTs ISPs, and ISACs
    • Third Parties
    • Traffic Light Protocol
    • Classified Material
    • Quality Assurance
    • Reviewing Intelligence Products
    • Measures of Performance
    • Measures of Effectiveness
    • Threat Landscapes
    • Forecasting



    • Stakeholder Management
    • Communicating CTI Internally
    • Communicating Impact
    • Knowing your Customer
    • ISO
    • Intelligence-led Security Testing


    Legal and Ethics

    • Ethics in Cyber Intelligence


    Technical Cyber Threat Intelligence

    • IPv4 versus IPv6
    • VPN Protocols
    • Advanced intrusion techniques
    • Command and Control Techniques
    • Attribution
    • Open Source Malware Analysis


    Intelligence-led Security Testing


    • CRTIA Practice Exam Preparation
    • PGI Assessment

Want to find out more?

Contact Us:

t: +44 20 4566 6600

e: info@pgitl.com