The course shows learners how intelligence can drive value across various use cases in different ways. It gives learners a high-level programmatic overview of intelligence, including team composition, the organizational role of cyber threat intelligence (CTI) and stakeholder analysis. Learners will explore basic practitioner skills, such as developing raw data into minimally viable intelligence, interpreting cyber artifacts and leveraging the intelligence cycle, to compose original intelligence products. Basic attribution techniques are introduced. Concepts introduced in Cyber Intelligence Foundations are reinforced and explored in depth during subsequent intelligence training courses.
After completing this course, learners should be able to: • Clearly define cyber intelligence and the difference between intelligence and information, and articulate the role and importance of the cyber threat intelligence (CTI) capability • Describe how the Intelligence Cycle functions as the working model to operationalize intelligence • Explain the two modes of analytic thinking and the use of structured analytic techniques • Detail ways to counter analytic bias • Explain threat model concepts and why we use them • State the basics of malware composition • Describe how intelligence analysts convert raw threat data into actionable intelligence • Write well-structured intelligence reports and determine improvements to current communications