Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.


Intro to Cyber Threat Intelligence

via Cybrary


In its core, this course will explain what approaches and frameworks are available to implement a Cyber Threat Intelligence unit and how they can be used in it, and at the end you will have the necessary resources to be able to implement a Cyber Threat Intelligence unit.

Cyber Threat Intelligence Training Prerequisites

  • Knowledge and understanding of Information Security triad: Confidentiality, Integrity and Availability.
  • Experience in the Cyber Security field from a technical perspective.
  • Network protocols and data flow understanding.
  • Common knowledge on Incident Response, Network Monitoring, Vulnerabilities and Exploits.

Cyber Threat Intelligence Course Goals

By the end of this course, students should be able to:

  • Define what Cyber Threat Intelligence is and what is not.
  • Scope what implementation of Cyber Threat Intelligence is needed for an organization according to its resources and capabilities.
  • Understand how Cyber Threat Intelligence interacts with other units.
  • Define the type of intelligence that the Cyber Threat Intelligence provides depending on
  • the unit requiring the information.
  • Know the basic concepts to build the core of Cyber Threat Intelligence

Study Resources

Students can review specific topics regarding Cyber Threat Intelligence by consulting the following materials:

  • How to Define and Build an Effective Cyber Threat Intelligence Capability, Book by Henry Dalziel
  • Effective Threat Intelligence: Building and Running an Intel Team for Your Organization, Book by James Dietle

In this Cyber Threat Intelligence (CTI) training course, students will receive an introduction to key definitions and concepts of the CTI realm. At its core, the course will teach students about different CTI frameworks and to implement a CTI unit.

What is Cyber Threat Intelligence and How is it Used?

Cyber threat intelligence is a term that refers to information that an organization utilizes to understand the cyber threats that have occurred in the past, will occur in the future, or are currently targeting the organization. The intelligence that is collected is then analyzed to prepare, prevent, and identify cyber threats that are seeking to take advantage of the organization’s valuable resources. It allows for much more proactivity in protecting those resources.

Cyber threat intelligence is typically divided into three subcategories:

  • Strategic: Strategic threat intelligence tells analysts how foreign policies, global events, and other international and local actions may potentially impact the cybersecurity of an


  • Tactical: Tactical threat intelligence is technical, focuses on the immediate future, and it helps identify simple signs of compromise.
  • Operational: Every cyberattack has a “who,” “why,” and “how.” These refer to attribution, motivation, and the TTPs the attacker employs, respectively. These factors of cyberattacks provide context, and that context provides insight into how attackers plan, conduct, and sustain major operations and campaigns. This insight is what operational threat intelligence is.

Why is Cyber Threat Intelligence Important?

The cybersecurity world today involves attackers and defenders constantly trying to outsmart one another. Organizations need to understand attackers’ next moves so they can proactively defend their sensitive data and prevent future attacks. To achieve that, security teams need knowledge. Cyber threat intelligence training provides that knowledge by bringing to light unknown threats and allowing the organization to make better decisions about its security.

When cyber threat intelligence is implemented well, it can help organizations:

  • Ensure that security teams stay up to date with the massive volume of cyber threats, including methods used, weaknesses, targets, and cyber attackers.
  • Become proactive about future cyber threats.
  • Keep stakeholders, leaders, and users informed and training about the latest cyber threats and the impact they could have on the organization.

What Is Covered in This Cyber Threat Intelligence Training?

In this CTI training, students will learn the skills and knowledge needed to implement a CTI unit within their organizations. The course objectives that will be covered include:

  • Defining exactly what CTI is and isn’t
  • Identifying what implementation CTI is required for an organization based on its capabilities and resources
  • Understanding how CTI interacts with other organizational units
  • Defining the type of intelligence the CTI team provides based on the unit that requires the information
  • Understanding the basic concepts needed to build the core of a CTI unit

What Does a Cyber Threat Intelligence Analyst Do?

Cyber Threat Intelligence Analysts are information security professionals who are responsible for helping to counter activities of hackers and other cyber criminals, including those who develop malicious software.

Cyber intelligence analysts often use their skill and expertise in network administration or network engineering. There, they work to perform the following:

  • Technical research that involves collecting information regarding cyber criminal activities that are Internet-based and malware related.
  • Intelligence analysis that allows them to make predictions about cyber attackers and possible future attacks that are based on what is already known about them.
  • Communicating the results of their analysis, through intelligence reports, to the leadership who need to know them.

Because the cyber world is constantly changing and cyber criminals are continually becoming smarter and sneakier, the exact roles and responsibilities of Cyber Threat Intelligence Analysts can, and do, change to keep up. It can be an exciting career for those who are interested in information security and helping organizations avoid cyberattacks.

How Does One Get into Cyber Threat Intelligence?

Entering the cyber security industry is a great decision. It’s a growing industry that currently has more job openings than there are professionals to fill them. The cyber threat intelligence field is one that is only going to grow, as professionals who protect organizations’ data are some of the most in-demand employees in the information security industry.

Getting started with Cyber Threat Intelligence training is as easy as taking our course. In the course, you will learn the fundamentals of cyber threat intelligence, which may just be the start of your information security career.

If you would like to get started, simply click on the Register button at the top right of this screen.


  • Module 1: Introduction to Cyber Threat Intelligence
    • 1.1 Course Introduction
    • 1.2 Introduction to Cyber Threat Intelligence (CTI)
  • Module 2​: History and Main Concepts and Definitions of Cyber Threat Intelligence
    • 2.1 CTI History
    • 2.2 CTI Concepts and Definitions
  • Module 3​: Intelligence-Driven Security
    • 3.1 Intelligence-Driven Security and CTI Lifecycle
    • 3.2 Data Collection Sources
    • 3.3 CTI Lifecycle
  • Module 4​: Cyber Threat Intelligence Role in SOC, IR and Risk Analysis
    • 4.1 CTI Role in SOC Part 1
    • 4.2 CTI Role in SOC Part 2
    • 4.3 CTI Role in Incident Response Part 1
    • 4.4 CTI Role in Incident Response Part 2
    • 4.5 CTI Role in Incident Response Part 3
    • 4.6 CTI Role in Risk Analysis
  • Module 5​: Cyber Threat Intelligence for Fraud Prevention
    • 5.1 CTI for Fraud Prevention
  • Module 6​: Cyber Threat Intelligence Frameworks
    • 6.1 Cyber Kill Chain
    • 6.2 Diamond Model Part 1
    • 6.3 Diamond Model Part 2
    • 6.4 MITRE ATT&CK
  • Module 7: Developing the Core of Cyber Threat Intelligence
    • 7.1 Preparing Your Ground
    • 7.2 Key Success Factors
    • 7.3 Team and Approach
    • 7.4 Technical Resources
  • Module 8​: Conclusion
    • 8.1 Key Takeaways
    • 8.2 Units in Need of CTI
  • Module 9​: Summary and References
    • 9.1 Summary and References Part 1
    • 9.2 Summary and References Part 2
  • Course Assessment
    • Course Assessment - Intro to Cyber Threat Intelligence

Taught by

Melinton Navas


Start your review of Intro to Cyber Threat Intelligence

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.