Our CREST-Approved Cyber Threat Intelligence Manager training provides the required expert-level skills for an individual to manage teams, functions and activities related to cyber threat intelligence operations. CTI teams will collect and analyse multi-source information about cyber security threats, but a leader’s role is to represent intelligible outcomes and deliverables and to inform senior stakeholders, enabling the appropriate protection of systems and networks an organisation must take to defend assets from cyber threats.
Training is aligned to support individuals seeking to undertake the CREST Certified Threat Intelligence Manager (CCTIM) exam.
This training can be delivered virtually, at our London or Bristol facilities, or at our clients’ premises; training is typically for group bookings only.
Aim Show more Show less
By the end of this training, a participant will possess the expert skills and knowledge necessary to be able to build and lead a cyber threat intelligence team or department effectively – aligned to the organisations cyber security strategy and goals, and to provide actionable intelligence to senior stakeholders.
Audience Show more Show less
Senior practitioner-level cyber security professionals who wish to manage cyber threat intelligence operations. Example roles might include:
- Cyber Threat Intelligence Managers
- Cyber Threat Intelligence Analysts
- Cyber Threat Engineers
- Cyber Security Specialists/Engineers
- Cyber Security Consultants
- SOC Analysts with CTI experience
Learning outcomes Show more Show less
- Demonstrate expert knowledge of cybersecurity threat intelligence operations concepts, terminology, principles, limitations and effects.
- Determine different types of organisation, team and people involved in cyber threat intelligence collection.
- Analyse physical, functional, or behavioural relationships to develop understanding of attackers and their objectives.
- Evaluate gaps and limitations in cyber threat intelligence provision.
- Effectively utilise information relevant to an organisation’s cyber security strategy or investigation.
- Utilise principal methods, procedures and techniques for gathering, producing, reporting and sharing cybersecurity information.
- Locate public sources detailing common application security risks and mitigations.
- Provide expert knowledge on cyber threat intelligence sources and their respective capabilities.
- Understand organisational objectives, leadership priorities and risk management methods.
- Discuss different types of organisation, team and people involved in cyber threat intelligence collection.
- Communicate how to use cyber threat intelligence to inform the organization’s cybersecurity operations effectively.
- Inform on the tactics an organisation can employ to anticipate and counter an attacker’s capabilities and actions.
- Prioritise cyber threats which may jeopardise the organisation or its stakeholders’ interests.
- Manage senior stakeholders internal and external of the organisation.
Prerequisites Show more Show less
- Operational experience of working in a senior Cyber Threat Intelligence role.
- Experience of managing or leading security practitioners.
- Ideally Cyber Threat Intelligence Analyst training, or ideally CREST’s CRTIA qualification – or equivalent.
- Knowledge of business practices within your organisation, your organisation’s risk management processes and any IT user security policies.
- For virtual/remote training a good internet connection/sufficient bandwidth is required, with full audio and video capability.
Syllabus Show more Show less
This training can be tailored to an industry, or for a defined audience with various durations. Example topics typically include:
Cyber Threat Intelligence Management
- Profiling a CTI Manager
- Information Security Management System (Controls and Measures)
- Designing a CTI Programme
- Discussion – Intelligence-Led Security Testing
- Intelligence Producer or Consumer
- Building a CTI Programme
- Intelligence led Security Testing
- Intelligence led Incident Response
- Project review: Conducting a review after an intelligence-led engagement, assessing the successes and failures in conjunction with the customer
Legal and Ethical
- Legalities and Ethics
Planning and Direction
- Managing Relationships
- Intelligence Requirements
- Priority Intelligence Requirements
- Intelligence Preparation of the Cyber Environment (IPCE)
- Understand the end customer
- Collection Sources
- Technical vs Human Collection
- Bulk Data Collection
- Deception, Disinformation, Misinformation and Fake News
- Threat Intelligence Platforms (TIPs)
- Threat Monitoring
- Social Media Intelligence (SOCMINT)
- Operational Security (OPSEC)
- Cyber Human Intelligence (CyHUMINT)
- Dark Web Operations
- Building our Virtual Machine (VM)
- The Dark Web
- Fundamental Statistical Methods of Analysis
- Attack Trees
- Data Pivoting
- MITRE ATT&ACK
- Mechanisms of CTI Sharing
- Indicators of Compromise
- Indicators of Attack
- YARA Rules
- CERTs, ISPs and ISACs
- Third Parties
- Traffic Light Protocol
- Quality Assurance
- Reviewing Intelligence Products
- MOP and MOE
- CCTIM Practice Exam Preparation
- PGI Assessment