We’ve been hit, how can CyberDefenses help? Incident Hotline

Cyber Defenses Academy

Threat Intelligence

Adversary Profiling


Product Description

Organizations thrive on being able to make the best decisions possible with the best knowledge available. Advances in technology allow for more and more data to be collected inside and outside of a company. While technology has not replaced human intelligence, it has managed to augment it. With an even vaster amount of information at our disposal, the need to understand it in a meaningful way is even greater. Good analysis is the key here, with a focus on analyzing trends, creating predictive models and analyzing security information to build strong controls and mitigations to problems.

Once data collections has started, a means to gather and store the data in such a way it can be understood is critical. The process of storing and understanding data is called Data mining, usually performed via a threat intelligence platform (TIP). Data is collected in different formats and may be with or without metadata or context. Profiling the data is where intelligence is fashioned from context infused information and made available for action, the analyzed knowledge of the history and past interactions of adversaries showing what they may take as their next move.

This is a very hands-on class, where students are challenged via a series of labs to showcase their analysis and profiling skills. The labs are contained within multiple VMs and students will min, analyze and profile the data and then map it to known and suspected enemies to build a threat matrix.

Why This Course?

  • It’s designed for those with an interest in using analysis and profiling techniques to
    disseminate intelligence from data.
  • It conveys the necessary concepts, principles and terms to lay down a solid
  • Introduction
  • Endgame for Analysis & Profiling
  • Data Science commandments
  • Case Study: Big Data-naughty or nice list
  • Mining
    • Storing strategies
    • Threat Intelligence Platforms
  • Case Study: TIP-ing data your way
  • Analysis
    • Data Preview & Selection
    • Cleansing & Preparation
    • Selecting the right SATs
  • Case Study: Faces of the Enemy
  • Profiling
    • Choosing the right time points & observations
    • Linking data to the enemy
    • Entering the (threat) matrix
  • Anomalies & issues
  • Tips and Tricks
  • Wrap-up & Close

Who Should Attend?

  • Individuals with experience in threat intelligence, desiring a better understanding of analysis & profiling.
  • Professionals who deal with technical issues, but feel they do not have enough background in profiling techniques.
  • Technical professionals that need to be armed with greater knowledge of incident response, profiling, analysis and their role in resolving incidents.


Monty St John

Monty St John is a computer science and information security expert, U.S. Navy and U.S. Air Force veteran, certified instructor, and author of dozens of classes for CyberDefenses. He has assisted numerous companies build and accredit laboratories, threat teams, and security operations centers. He’s also a prolific writer with two upcoming technical volumes set for 2018; Game Designer and Speaker.

Monty’s investigative background began in the U.S Navy, where he spent the better part of a decade seeking out prisoners-of-war and individuals missing in action. Working to resolve and close decades-old cold cases in foreign lands in another tongue crafted a skillset uniquely suited to Infosec work. To prove it Monty shifted from the U.S. Navy to the U.S. Air Force, switching uniforms and positions, to the Defense Cyber Crime Center (DC3). The work done at DC3 was pioneering in many ways and some of the greatest talent in the industry can trace their history back to DC3.”

What began as a simple meeting of minds with a few friends, has quickly grown into sharing across entire classrooms of new people, with different and keen ideas on how things should be done. Monty has written and teaches a variety of classes and prefers an active learning approach. Monty holds a firm belief that critical thinking underpins everything at some level, but more specifically in Infosec. Every class he crafts sustains this belief and is geared to empowering students to walk away with the ability to sleuth – to outline the problem and then determine the solution. He says. “Once you learn the reason why – the concepts that underpin everything—you will quickly realize that you can take them and apply them to any case, any engagement or issue presented.”

He’s a regular speaker and trainer at industry conferences, including BSides (BSidesCharm, BSidesOK, BSidesKC, Austin BSides, San Antonio BSides, BSidesDFW, BSidesROC), Derbycon, ISSA Summits, OWASP Summits, and ISC2 Summits. He’s also presented security topics to a number of high profile and Fortune 500 executives.

Get to Know Monty St John:

Schedule & Duration

2 days
May 17-18 in Round Rock, TX

Class Type / Level



Identifying Adversary TTPs

Delivery Method



Laptop required
Python experience required


Certification of Completion

Additional Information

  • Laptop required
  • Requires basic knowledge of computers, technology and command line interface (CLI)
    • Open and operate browsers
    • Find and use command line
    • Execute scripts
  • Requires knowledge of Linux
  • Python experience required
  • Understanding of virtual machines (VM) and how to use one.
    • Understand how to import and power on a VM

Contact CyberDefenses today to learn how we can help your company’s cybersecurity needs.