Cyber Intelligence Foundations (CIF) Module Overview
This foundational course provides a wide-ranging introduction to Cyber Intelligence roles, frameworks, tradecraft, and organizational value.
The course shows learners how intelligence can drive value across various use cases in different ways. It gives learners a high-level programmatic overview of intelligence, including team composition, the organizational role of cyber threat intelligence (CTI) and stakeholder analysis.
Learners will explore basic practitioner skills, such as developing raw data into minimally viable intelligence, interpreting cyber artifacts and leveraging the intelligence cycle, to compose original intelligence products. Basic attribution techniques are introduced.
Concepts introduced in Cyber Intelligence Foundations are reinforced and explored in depth during subsequent intelligence training courses.
After completing this course, learners should be able to:
- Define cyber intelligence and articulate the roles, impact and value of a CTI function
- Recognize how intelligence analysts convert raw threat data derived from technical artifacts into actionable intelligence
- Interpret and assess intelligence reporting claims of attribution
- Explain the concepts and interactions between cyber key terrain, cyber security intelligence, quality assessments, indicators of compromise and threat modeling
- Use frameworks such as MITRE, the Intelligence Lifecycle and the Diamond Model in analysis
Who Should Attend
This is a foundational level course for anyone looking to get started with cyber intelligence, as a practitioner or consumer.
Content is available for 3 months from date of first login. It can be accessed 24/7 from a standard web browser.
$1,000 USD or 1 EOD Unit
Introduction to Cyber Threat Intelligence
- Roles and team structures
- Applying the intelligence cycle
- Categories of intelligence
The Analyst’s Toolkit
- Systems of analytic thought
- Cognitive biases
- Confidence levels in reporting
- 3 key types of cyber artifacts (file, host, network)
and relevance to intelligence reporting
- Analysis of real-world scenarios
- IOCs in modeling
Developing Raw Data into Minimally Viable Intelligence
- Common Operating Pictures, infrastructure analysis
- Threat modeling and threat groups (creating, merging)
How Intelligence Teams Work with Malware
- Static analysis
- Dynamic analysis
- String searching
- File formats
- Sandbox overview
- Binary launching
Writing Intelligence Products
- Technical writing
- Knowing your audience
- Critical thinking for establishing audience
- Review procedures
- Basic modeling techniques
- Levels of attribution
Tufail Ahmed, Principal Threat Analyst
Tufail Ahmed serves Mandiant customers globally by analyzing cyber threats. He has spent over 12 years in various technical analyst and consultant roles, supporting several customers across many different sectors. He is enthusiastic about automating all things cyber to detect threats using intelligence and analytics.
Sarah Atik, Intelligence Enablement Consultant
Sarah Atik helps organizations answer the question "Am I targeted?" through comprehensive assessments of their threat landscape. Her experiences in both 'red' & 'blue' teams equip her with a unique perspective on both sides of an attack, and she is passionate about connecting experience-based knowledge and anecdotal, real-world examples to security concepts and topics.
Mark Owens, Principal Intelligence Capability Consultant
Mark Owens is a trusted advisor to clients globally, leading organizations through significant challenges and aligning security initiatives with enterprise programs and business objectives. He works collaboratively to assess organizations’ cyber security capabilities, risk posture and threat landscape, while providing actionable recommendations to drive strategic change, reduce risk and build resilient, intelligence-led cyber defense programs.
Shanyn Ronis, Manager of Mandiant Intelligence Training Services
Shanyn Ronis has extensive knowledge and background in Cyber Threat Intelligence and methods for operationalizing intelligence for mission success. Since 2013, she has worked in various cyber intelligence positions, ranging from Intelligence Analyst to embedded Fusion Analyst within a SOC environment, to leading Tier 2 Incident Response. Ms. Ronis is a member of the Forbes 30 Under 30 class of 2017.
Andrew Schmidt, Director of Intelligence Performance and Production
Andrew Schmidt oversees quality control, strategic communications and intelligence production. Previously, he served as Senior Director of Production and Analysis for iSIGHT Partners, Managing Editor for iDefense Inc. and Deputy Intelligence Director for VeriSign-iDefense. He served for 21 years in the United States Air Force and Air National Guard in the fields of Logistics, Communications and Inspections, retiring as a Lieutenant Colonel.