• Online, Instructor-Led
Course Description

Strategic analysis requires a breakdown of the complexity's analysts face during data examination. Keeping the analysis and results relevant is difficult. Analysts need to find ways to organize, rank, and present their findings. Analyst's always keep a close eye on what the findings will mean to the stakeholders.

Stakeholders need to understand that analysts always work with incomplete and fragmented data. Adversaries work hard to deny analysts the data. Their methods include various types of deception.

This course provides analysts with a framework reducing many of the problems faced with fragmented data.

This course takes from the best of the intelligence community, academia, years of hands-on activities to move your cyber threat intelligence program to a sustainable model adding real value to all stakeholders. We set students up for success building a model that moves cyber threat intelligence functions to the role of trusted advisor assisting in business decision-making. The course not only educates the student but prepares the student to educate leadership, integrate into corporate business processes, while delivering timely intelligence. We help students get to the point where they really understand the challenges of corporate decision-makers using inside and outside sources.

The course is timely, contextually needed, and moves the market while establishing the cyber threat intelligence analyst as a true discipline greatly needed in all corporate environments.

We found a need to assist organizations best understand the strategic functions of intelligence. Although there is some overlap in this course, the course goes into greater depth expanding well beyond traditional IT-type threat intelligence building the foundation for supporting decision-making outside of IT. There is some review for those who have taken previous Treadstone 71 courses but this course is the natural next steps in establishing a resilience, and sustainable cyber threat intelligence program. The course moves the functions and capabilities to a valid corporate asset.

We deliver several hands-on exercises complete with templates and examples. Our intent is to send each student back to their corporate environments armed with the knowledge necessary to immediately enhance their existing programs or, start new programs with a foundation rooted in excellence.

Learning Objectives

Knowledge and Intelligence, Knowledge Generation, Principles of Knowledge Management, Analysis Projects, Analysis Cycle, Briefing, Management Brief, Starting the Project, Project Brief, Checklist, Collection Planning, Attributes of Sources - Source-Centered Collection Plan, Collection Plan, Segmentation of Sources, Valuation of Sources, Verification Process and Checklists

Intelligence Requirements, Prioritization, Essential Elements of Information, Indicators, Specific Information Requirements, Glossary and Taxonomy, Mission and Requirements Management, Tools to Use, Data to Collect, Iterative and Continuous Feedback Loop, The Data Collection Plan, Free-flow, Interviewing, Sampling, Networking (Cooperation, rules, benefits, risks & issues, analysis), Protecting your Sources Across Cultural Barriers, Collecting from Unsuspecting Sources, Passive Collection, Elicitation, Collection from Public Domain, Anatomy of OSINT, Applications of OSINT, Imagery Intelligence output, Analysis, Attributes of strategic analysis, Collector - Analyst Relationship, Collector-Analyst Differences, Strategic Analysis Cycle, Anatomy of Analysis, Data Credibility, Source Validity, Data and Source Relevance, Scoring Methods, Data Preparation, managing incomplete data, managing conflicting data, Misperceiving Events, Confusing causality and correlation, Flawed analogies, Functions and Responsibilities, Structured Analytic Techniques, Scenario Analysis, Mechanics/Attributes of Scenario Analysis, Estimative intelligence, Forecasting, Warning Intelligence, The Role of Warning Intelligence, Key Warning Factors in Preparations, Strategic versus Tactical Warning, Warning as an Assessment of Probabilities, Warning as a Judgment for the Stakeholder, Fundamentals of Indications Analysis, Cyber Indications and Warnings, Specifics of the Analytical Method, Presumption of Surprise, Scope of Relevant Information, Objectivity and Realism, Need to Reach Immediate Conclusions, Inference, Deduction and Induction, Understanding How the Adversary Thinks, Order of Cyber Battle Analysis in a Crisis Situation, Cyber Order of Battle Methods, Analysis of Cyber Mobilization, Recognition of Cyber Buildup, Preparation for Cyber Warfare, Key Warning Factors in Preparations, Cyber Readiness, Exercises for Preparation, Cyber Wargaming, Objectives/Success Factors, STEMPLES Plus, Considerations in STEMPLES Plus Warning, Meaning of Evidence, Hofstede Principles, Adversary Baseball Cards, Benching marking your adversary, Adversary Supply Chain, Principal Factors in Timing and Surprise, Examples of Assessing Timing, Warning is Not a Forecast of Imminence, The Problem of Deception, Infrequency and Neglect of Deception, Principles, Techniques and Effectiveness of Deception, What Do Top Stakeholders Need, and Want, to Know?, Assessing Probabilities, Improving Warning Assessments, Factors Influencing Judgments and Reporting, General Warning Principles, Scope of compliance and ethics in analysis, Organizing a Strategic Analysis Function, The right structure enables efficient/effective execution, competency building, Towards a world-class strategic analysis organization, Five Levels of Strategic Analysis Professionalism, Profile of an analyst, Functional, behavioral, measuring competencies – models, Job descriptions and hiring questions.

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • All-Source Analysis
  • Collection Operations
  • Cyber Investigation
  • Cyber Operations
  • Threat Analysis