Cyber Threat Intelligence

Course description

This course provides the skills needed to collect, analyze, and use information on cyber threats in order to anticipate, detect, and respond effectively to cyberattacks.

Course objectives

By the end of this course, participants will be able to:

• Understand the fundamentals of Cyber Threat Intelligence.
• Collect, analyze, and correlate threat information.
• Use CTI tools and platforms.
• Produce actionable intelligence reports.
• Integrate CTI into a defensive cybersecurity strategy.

Who is this course for?

This course is intended for a broad audience, including:

• Information security managers.
• System and network administrators.
• Cybersecurity consultants.
• Cloud and infrastructure architects.
• IT compliance and governance professionals.

Prerequisites

No specific prerequisites are required.

Course curriculum

Introduction to Cyber Threat Intelligence

• Types of intelligence (strategic, tactical, operational, technical)
• The intelligence cycle
• Role of CTI in an overall security strategy
• Differences between cloud security and traditional infrastructure security.

Threat actors and motivations

• Attacker typology: APTs, hacktivists, cybercriminals, insiders
• TTPs (Tactics, Techniques, and Procedures)
• Case studies: analysis of known actors (e.g., Lazarus, FIN7)

Sources and data collection

• OSINT (Open Source Intelligence)
• HUMINT, SIGINT, Dark Web, underground forums
• Technical sources (logs, IOCs, sandbox, honeypots)
• Collection tools (e.g., Maltego, SpiderFoot, Shodan)

Analysis and correlation

• Governance and access management in the cloud (IAM, RBAC)
• Cloud network security configuration: firewalls, VPC, and application security
• Multi-factor authentication (MFA)
• Identity and compliance management strategies

Production and dissemination

• Standard formats (STIX, TAXII, IODEF).
• Writing actionable CTI reports (executive vs technical)
• Intelligence sharing (ISACs, CERTs, public/private partnerships)

CTI in the organizational environment

• Integration with the SOC, SIEM, and other security teams
• CTI and proactive detection
• Use cases in risk management and incident response
• Limitations and challenges of CTI (bias, verification, information overload)

Use cases

• Analysis of an APT from open sources
• Creation and dissemination of a CTI report

Intelligence cycle simulation

Course benefits

• Pedagogical approach: Alternating theory and practice for better mastery of concepts.
• Qualified instructors: Specialists with hands-on experience in cloud security.
• Tools and learning resources: Access to online resources, live demos, and real case studies.
• Accessibility: Training open to all, with no advanced technical prerequisites.

Teaching methods and tools used

Live demonstrations on cloud security.
Real case studies and hands-on labs.
Discussions on industry best practices.
Project management tools for tracking and feedback.

Assessment

• End-of-course multiple-choice quiz.
• Practical case studies.
• Continuous assessment with personalized feedback.

Standards and references

• Cloud Providers’ Well-Architected Framework
• ISO/IEC 19086
• GDPR (General Data Protection Regulation)
• NIST Cloud Computing Standards (SP 500-292)
• ISO 27001 Information Security: Ensures data security in cloud environments while monitoring and managing costs