
Inside the Mind of an APT
(On-Demand Module Overview)
This course provides the cornerstone to quickly upskill employees with knowledge and insights necessary to advise organizations on nation-state cyber threats.

Course Description
The Inside the Mind of an APT on-demand course is designed to explore how countries use cyber operations as a tool of statecraft to advance national-level priorities and in response to geopolitical drivers. Primarily focused on the “Big 4” cyber countries—China, Iran, North Korea, and Russia—the course will examine how, why, and against whom nation-states attack. These capabilities include:
- Conducting cyber espionage
- Destructive or disruptive cyber attacks
- Cyber-enabled information operations
Insights gleaned from this course will allow students to improve their critical and lateral thinking ability to more swiftly respond to requests for information from leadership, hone forecasting skills, and fill knowledge gaps on nation-state cyber threat actors. It will also prepare organizations to proactively anticipate shifts in cyber threats and adjust their risk management and enterprise cyber security strategies accordingly.
Learning Objectives
After completing this course, learners should be able to:
- Understand how governments use cyber operations to support national-level priorities
- Unpack why governments may seek to use cyber espionage, attacks, and cyber-enabled influence operations independently or in concert with one another
- Identify catalysts that could drive potential future cyber efforts against specific industries through key doctrine, policies, or geopolitical initiatives
- Vet the quality of cyber threat intelligence vendor reporting and determine how the reports fill key gaps
Who Should Attend
This course is intended for executive leadership, risk managers, SOC and CTI analysts, incident responders, penetration testers, hunt teams, and those who are new and interested in learning about cyber threats.
Prerequisites
None
Duration
16 hours
Content is available for 3 months from date of first login. It can be accessed 24/7 from a standard web browser.
Cost
$2,000 USD or 2 EOD Units
Course Outline
Cyber Risk
- Organizational Cyber Security Structure
- Introduction to Cyber Risk Concepts
- An Organization’s Cyber Threat Profile
- Case Study: Supply Chain Attacks
Cyber Threat Intelligence Vendor 101
- Cyber Threat Vendor Collection
- Finished Intelligence and Threat Intelligence Platforms (TIPs)
- Vendor Naming Conventions
Why and How States Use Cyber Operations
- Introduction to Cyber Operation Types and Motivations
- Case Study: Destructive Cyber Operation
- Introduction to the DIMEFIL Framework
Russia
- Brief History of Russia and Its National Priorities
- The Russian Government’s Organizational Structure
- Russia’s Use of Cyber Operations
- Russian Cyber Threat Groups
- Russia’s Domestic Censorship, Monitoring, Controls, and Information Operations
China
- Brief History of China and Its National Priorities
- The Chinese Government’s Organizational Structure
- China’s Use of Cyber Operations
- Chinese Cyber Threat Groups
- China’s Domestic Censorship, Monitoring, Controls, and Information Operations
The Democratic People's Republic of Korea (DPRK)
- Brief History of the DPRK and Its National Priorities
- The DPRK Government’s Organizational Structure
- The DPRK’s Use of Cyber Operations
- DPRK Cyber Threat Groups
- DPRK’s Domestic Censorship and Technical Monitoring
Iran
- Brief History of Iran and Its National Priorities
- The Iranian Government’s Organizational Structure
- Iran’s Use of Cyber Operations
- Iranian Cyber Threat Groups
- Iran’s Domestic Censorship, Monitoring, Controls, and Information Operations
Capstone Exercise: Applying the Analysis of Competing Hypothesis (ACH) to Cyber Attribution