Inside the Mind of an APT
(On-Demand Module Overview)

This course provides the cornerstone to quickly upskill employees with knowledge and insights necessary to advise organizations on nation-state cyber threats.

View the Datasheet

Advanced Persistent Threat (APT Icon)

Course Description

The Inside the Mind of an APT on-demand course is designed to explore how countries use cyber operations as a tool of statecraft to advance national-level priorities and in response to geopolitical drivers. Primarily focused on the “Big 4” cyber countries—China, Iran, North Korea, and Russia—the course will examine how, why, and against whom nation-states attack. These capabilities include:

  • Conducting cyber espionage
  • Destructive or disruptive cyber attacks
  • Cyber-enabled information operations

Insights gleaned from this course will allow students to improve their critical and lateral thinking ability to more swiftly respond to requests for information from leadership, hone forecasting skills, and fill knowledge gaps on nation-state cyber threat actors. It will also prepare organizations to proactively anticipate shifts in cyber threats and adjust their risk management and enterprise cyber security strategies accordingly.

Learning Objectives

After completing this course, learners should be able to:

  • Understand how governments use cyber operations to support national-level priorities
  • Unpack why governments may seek to use cyber espionage, attacks, and cyber-enabled influence operations independently or in concert with one another
  • Identify catalysts that could drive potential future cyber efforts against specific industries through key doctrine, policies, or geopolitical initiatives
  • Vet the quality of cyber threat intelligence vendor reporting and determine how the reports fill key gaps

Who Should Attend

This course is intended for executive leadership, risk managers, SOC and CTI analysts, incident responders, penetration testers, hunt teams, and those who are new and interested in learning about cyber threats.




16 hours
Content is available for 3 months from date of first login. It can be accessed 24/7 from a standard web browser.


$2,000 USD or 2 EOD Units

Course Outline

Cyber Risk

  • Organizational Cyber Security Structure
  • Introduction to Cyber Risk Concepts
  • An Organization’s Cyber Threat Profile
  • Case Study: Supply Chain Attacks

Cyber Threat Intelligence Vendor 101

  • Cyber Threat Vendor Collection
  • Finished Intelligence and Threat Intelligence Platforms (TIPs)
  • Vendor Naming Conventions

Why and How States Use Cyber Operations

  • Introduction to Cyber Operation Types and Motivations
  • Case Study: Destructive Cyber Operation
  • Introduction to the DIMEFIL Framework


  • Brief History of Russia and Its National Priorities
  • The Russian Government’s Organizational Structure
  • Russia’s Use of Cyber Operations
  • Russian Cyber Threat Groups
  • Russia’s Domestic Censorship, Monitoring, Controls, and Information Operations


  • Brief History of China and Its National Priorities
  • The Chinese Government’s Organizational Structure
  • China’s Use of Cyber Operations
  • Chinese Cyber Threat Groups
  • China’s Domestic Censorship, Monitoring, Controls, and Information Operations

The Democratic People's Republic of Korea (DPRK)

  • Brief History of the DPRK and Its National Priorities
  • The DPRK Government’s Organizational Structure
  • The DPRK’s Use of Cyber Operations
  • DPRK Cyber Threat Groups
  • DPRK’s Domestic Censorship and Technical Monitoring


  • Brief History of Iran and Its National Priorities
  • The Iranian Government’s Organizational Structure
  • Iran’s Use of Cyber Operations
  • Iranian Cyber Threat Groups
  • Iran’s Domestic Censorship, Monitoring, Controls, and Information Operations

Capstone Exercise: Applying the Analysis of Competing Hypothesis (ACH) to Cyber Attribution