Strategic Threat Intelligence for Analysts & SOC Operations

Name: Strategic Threat Intelligence for Analysts & SOC Operations
Rating: 5.0 (10 reviews)

Learn expert strategies in cyber threat intelligence, adversary analysis, attribution, and operational impact

Role Play

Created byStarweaver Experts, Mark Peters, Paul Siegel

Last updated 4/2026

English

What you'll learn

Analyze threat intelligence problems by defining requirements, applying analytic frameworks, and modeling adversaries and systems for data-driven decisions.
Apply advanced techniques to collect, filter, and normalize cyber threat data from multiple sources, ensuring data quality, relevance, and minimal bias.
Evaluate adversary behavior and attribution using structured analysis, map TTPs (Tactics, Techniques, Procedures) to frameworks, and assess confidence levels.
Drive operational threat intelligence by integrating threat analysis into defense workflows, measuring program effectiveness, and leveraging AI responsibly.
Enable cyber threat intelligence to drive defensive capabilities by evaluating its integration into defense processes, measuring impact, and responsible AI use.
Build an effective cyber threat intelligence strategy by leveraging advanced threat intelligence techniques.

Course content

15 sections • 53 lectures • 4h 0m total length

Intro Video to Course3:46
Introduction to the course, key topics to be covered, and call to action.
Welcome to the Course: Course Overview3:22

Section Introduction2:46
Introduction to the section, key topics to be covered, and call to action.
Defining Intelligence as Decision-Support Discipline4:27
Defines intelligence as a decision-enabling product, not a dataset or dashboard. Drawing from military and cyber intelligence tradecraft, learners explore how intelligence differs from information, indicators, and analysis outputs. The focus is on purpose, context, and actionability why intelligence exists and who it serves.
Strategic, Operational and Tactical Intelligence Explained4:31
Learners are introduced to strategic, operational, and tactical intelligence, with emphasis on how each supports different stakeholders and timelines. The video explains why misalignment such as using tactical indicators for strategic decisions creates false confidence and missed risk.
Applying the Intelligence Cycle to Cyber Threat Analysis6:29
Walks through the intelligence cycle requirements, collection, processing, analysis, dissemination, and feedback showing how it applies to cyber threat intelligence programs. Learners see how skipping steps or treating the cycle as linear undermines analytic integrity.

Framing the Intelligence Problem for Decision-Making4:04
Learners explore how poorly defined intelligence questions lead to irrelevant analysis and wasted collection. The video introduces techniques for turning vague concerns (“Are we being targeted?”) into answerable intelligence requirements.
Decomposing Intelligence Questions and Assumptions4:05
This video introduces structured problem analysis techniques to decompose intelligence questions into observable elements. Learners practice identifying assumptions, constraints, and indicators that make intelligence questions tractable.The emphasis is on analytic discipline, not mathematical modeling.
Using MITRE ATT&CK to Structure Intelligence Problems6:37
Learners are shown how to use MITRE ATT&CK as a problem-structuring tool, not a threat feed. The demo illustrates how ATT&CK helps scope adversary behavior, validate assumptions, and identify analytic gaps without conflating coverage with intelligence.

Modeling Adversaries, Capabilities and Intent3:48
Explore common intelligence models used to represent adversaries, capabilities, intent, and constraints. The video explains why models are simplifications, how they guide collection and analysis, and how misuse creates blind spots.
Analyzing Target Systems and Centers of Gravity6:57
This demo shows how analysts model target environments networks, processes, and dependencies to understand where adversaries can act. Learners see how system context transforms generic TTPs into meaningful risk insights. Highlights Boyd’s Center of Gravity analysis with a Mural demonstration
Managing Intelligence, Consumers, and Expectations4:23
This video addresses one of the hardest intelligence challenges: the customer relationship. Learners explore expectation management, confidence communication, and how to handle ambiguity without overstating certainty.
Tradecraft Primer0:09
Framing an Intelligence Requirement0:18
Translating Intelligence to Leadership: Signal, Confidence, and Relevance
Modelling the Threat

Section Introduction2:20
Introduction to the section, key topics to be covered, and call to action.
Designing OSINT Research Strategies5:56
Introduces structured research strategies for open-source intelligence, emphasizing intentional collection over opportunistic searching. Learners explore how to scope sources, validate credibility, and avoid collection bias while maintaining analytic relevance.
Collecting and Interpreting Dark Web Intelligence5:02
This video examines the dark web as an intelligence environment, not a novelty. Learners explore access considerations, operational risks, and the limitations of dark-web data, with emphasis on signal versus deception and the ethical boundaries of collection.
Filtering OSINT Data for Analytic Relevance7:24
This video focuses on filtering techniques that reduce noise and prevent analytic overload. Learners examine how tagging, prioritization, and relevance criteria transform raw OSINT into inputs suitable for structured analysis, without prematurely drawing conclusions.

Identifying and Evaluating Malware Intelligence Sources7:36
This video introduces common malware intelligence sources and explains how malware artifacts contribute to understanding adversary capability and intent. Learners assess the tradeoffs between accessibility, fidelity, and legal considerations when working with malware-derived data.
Observing Malware Behavior Using Sandboxes6:01
This demonstration shows how sandbox environments can be used to observe malware behavior safely and consistently. The emphasis is on what behavioral signals matter for intelligence, not reverse engineering depth or tool mastery. Uses Cuckoo to provide a demo of protectected Malware analysis
Inferring Adversary Intent from Malware Behavior8:53
This video teaches learners how to move from observed malware behavior to causal explanations. Learners explore how analysts infer adversary objectives, constraints, and tradecraft evolution without over-attributing intent or certainty.

Applying Statistical Reasoning to Threat Intelligence6:53
This video introduces basic statistical reasoning relevant to threat intelligence, focusing on distributions, outliers, and trend interpretation. Learners explore how misapplied statistics can distort confidence and lead to false signals.
Visualizing Threat Data for Analytic and Executive Use5:46
This demonstration shows how normalized data is aggregated into dashboards and visual outputs. Learners examine how visualization choices influence perception, prioritization, and executive interpretation of intelligence findings.
Identifying and Mitigating Bias in Threat Data7:02
This video focuses on cognitive and data-driven bias introduced during collection and processing. Learners explore confirmation bias, survivorship bias, and tooling bias and how disciplined workflows mitigate their impact before analysis begins
What Is OSINT (Open-Source Intelligence) in 2025?0:22
From Collection to Intelligence Ready Data0:21
Interpreting Malware Behavior: Evidence vs. Over-Attribution
Analyzing Data Effectively

Section Introduction2:06
Introduction to the section, key topics to be covered, and call to action.
Applying Predictive Reasoning to Adversary Behavior4:57
This video introduces predictive analytic techniques used in intelligence to assess likely adversary actions and trajectories. Learners explore how analysts reason forward from observed behavior while explicitly managing uncertainty and avoiding overconfidence.
Analyzing Adversary Organizations and Constraints3:34
This video examines how adversary organizational structure, incentives, and constraints shape cyber operations. Learners analyze how hierarchy, resourcing, and mission objectives influence tradecraft consistency and variation.
Assessing Adversary Technical Capabilities and Tradeoffs4:33
This video focuses on assessing adversary technical capabilities without assuming sophistication equals intent. Learners explore how tooling choices reflect trade-offs, access, and operational priorities rather than technical prowess alone.

Identifying Meaningful Signals in Threat Activity4:12
This video teaches learners how to identify analytically meaningful signals within large datasets. Learners explore how analysts distinguish enduring adversary behavior from environmental noise and opportunistic activity.
Analyzing Adversary TTPs Using MITRE ATT&CK5:14
This demonstration shows how MITRE ATT&CK is used to structure TTP analysis and compare observed activity against known patterns. The focus is on analytic alignment, not coverage metrics or checklist thinking.
Translating TTP Analysis into Defensive Use Cases4:56
This video demonstrates how intelligence teams translate TTP analysis into concrete defensive and operational use cases. Learners see how analytic conclusions inform detection logic, prioritization, and response planning. Uees the MITRE ATT&CK Navigator

Producing Intelligence That Answers Organizational Requirements4:05
This video teaches learners how to directly answer intelligence requirements without unnecessary technical detail. Emphasis is placed on clarity, relevance, and alignment to decision-maker needs.
Expressing Confidence and Uncertainty in Intelligence Reporting8:00
This demonstration shows how analysts express confidence levels using probabilistic language and evidence weighting. Learners explore how confidence framing affects credibility and downstream decision-making. Includes Cuckoo to show how confidence alters with tools
Identifying Intelligence Gaps and Future Collection Needs4:12
This video focuses on identifying intelligence gaps and future collection requirements. Learners explore how good intelligence products create feedback loops that strengthen the overall intelligence cycle.
Emergent Intelligence: Spycraft and Intelligence in the AI Era0:27
Evaluating Adversary Behavior and Attribution0:19
Assessing Attribution and Tradeoffs Under Uncertainty
Compiling Intelligence Results

Requirements

Learners should have basic familiarity with cybersecurity operations, threat intelligence concepts, and enterprise security environments.

Description

Advanced Threat Intelligence Techniques (ATI) is designed to equip learners with a structured, practical, and analysis-driven understanding of modern threat intelligence under real-world constraints. Participants will learn how cyber threat intelligence professionals frame complex security problems, collect and process relevant data, and produce actionable intelligence that supports both operational and strategic decision-making.

The program follows an industry-relevant curriculum that covers core intelligence tradecraft, including disciplined collection, analytic evaluation, managing uncertainty, and operationalising intelligence outcomes. Each module focuses on the critical skills needed to produce defensible intelligence that helps organisations mitigate cybersecurity threats.

Learners will develop job-ready skills to assess adversary behaviour, identify relevant indicators, manage analytic uncertainty, and communicate confidence levels in cyber threat intelligence assessments. The course emphasises rigorous intelligence tradecraft over reliance on tools, ensuring participants understand how to structure analysis, evaluate competing hypotheses, and transform raw data into meaningful intelligence. Practical exercises guide learners through real-world analytical challenges, helping them produce intelligence that is both defensible and actionable.

Participants will also gain experience communicating intelligence effectively to both technical teams and executive stakeholders. By the end of the program, learners will be able to produce decision-relevant threat intelligence, demonstrate the value of intelligence to leadership, and integrate intelligence outcomes into security operations and strategic planning. They will leave with the ability to apply disciplined analytic methods, clearly articulate confidence in their findings, and support organisations in making informed, intelligence-driven security decisions.

Who this course is for:

This course is designed for threat intelligence analysts, SOC personnel, incident responders, and security researchers seeking to enhance their detection capabilities and response strategies. It’s perfect for SOC analysts looking to strengthen their threat intelligence and detection skills, threat researchers tracking APT (Advanced Persistent Threat) groups, and incident responders who need actionable, real-time cyber threat intelligence to mitigate and respond to emerging threats effectively.

Strategic Threat Intelligence for Analysts & SOC Operations

What you'll learn

Explore related topics

Course content

Introduction to the Course2 lectures • 7min

What is Intelligence?4 lectures • 18min

Shaping Intelligence Requirements3 lectures • 15min

Modelling the Threat6 lectures • 16min

Working with Open Source4 lectures • 21min

Working with Malware3 lectures • 23min

Analyzing Data Effectively6 lectures • 20min

Structured Analytical Techniques4 lectures • 15min

Analysing Tactics, Techniques, and Procedures (TTP)3 lectures • 14min

Compiling Intelligence Results6 lectures • 17min

Requirements

Description

Who this course is for: