Intro to Threat Intelligence

CyberDefenses Academy



Available Upon Request


Available Upon Request

Delivery Method



Certification of Completion

Audience / Level





Laptop required

Course Details

Program Introduction

Defining Threat Intelligence (TI) in an understandable way can be frustrating. Every cybersecurity vendor and expert seems to have their own definition of what it entails, not to mention just as numerous procedural viewpoints to go along with it. One method to keep the concept of TI clear is to describe its actions with verbs, such as “collect”, “detect”, “investigate”, “analyze”, “alert”, and “report”. If you use those keywords as pivots, it’s easy to enumerate the functions of TI. An example of a few would be:

  • Identify and collect threat and high-value information (collect, analyze)
  • Determine the impact of events and incidents (analyze, investigate, report)
  • Create and present threat briefings (alert, report)
  • Correlate observed threats and associated adversary profiles to activities, current events, and incidents (analyze, investigate, detect)
  • Leverage tradecraft and experience to identify threats and suggest security measures to
    mitigate risk and inform decision making (analyze, investigate, detect)

The list continues on and includes “data” and “transformation”, as well. The course contains 12 labs to intensify a student’s introduction to TI. The course begins with a discussion of key concepts and principles and then builds to convey an understanding of how it fits in your company and when, where, and how to use it. The labs assist those aspiring to understand TI lock-down when and where it plays a role and how.

Course Objectives

  • It’s designed for those with an interest, but no background in threat intelligence.
  • It conveys the necessary concepts, principles and terms to lay down a solid foundation.
  • It is an introductory class on several tracks CDI offers for the professional starting out.

Target Student

  • Individuals new to threat intelligence, but with a need to understand its fundamentals.
  • Technical professionals that need to be armed with greater knowledge of incident response, threat intelligence, and the role it plays.


Monty St John
Monty St John is a computer science and information security expert, U.S. Navy and U.S. Air Force veteran, certified instructor, and author of dozens of classes for CyberDefenses. He has assisted numerous companies build and accredit laboratories, threat teams, and security operations centers. He’s also a prolific writer with two upcoming technical volumes set for 2018; Game Designer and Speaker. Learn more about Monty St John

Additional Information

  • Laptop required
  • Requires basic knowledge of computers, technology and command line interface (CLI)
    • Open and operate browsers
    • Find and use command line
    • Execute scripts
  • Prior threat intelligence experience NOT required
  • Understanding of virtual machines (VM) and how to use one.
    • Understand how to import and power on a VM
Follow up this course with another one of CDI’s offerings:
  • Threat Intelligence Fundamentals
  • CHRIME for Threat Intelligence
  • Identifying Adversary TTPs

Course Outline

  • Introduction
  • Key Concepts & Principles
    • The Threat
    • The Attribution
    • The Resources
    • Modeling Threat Intelligence
  • Intelligence Driven Strategy
  • Temporal Aspects
  • Use Cases & Benefits
  • Home Advantage
  • Role in Network Defense
  • Intelligence Cycle
  • Application & Integration
  • Storage & Dissemination
  • Managing the Program
  • Wrap-up & Close