1. Home
  2. Training courses
  3. Full catalogue of courses
  4. Practicing Cyber Threat Intelligence (CTI) analyst skills

Practicing Cyber Threat Intelligence (CTI) analyst skills

Registration
Start Date:
End Date:
Event dates
Start Date:
End Date:
Location
Global or multi-regional
Training topics
  • Cybersecurity
Training modality
Online instructor led
Languages
  • English
Event mail contact
rj@nrdcs.lt
Event organizer
NRD Cyber Security
Tutors
  • Vilius Benetis
Coordinators
  • Angel Draev
  • Rūta Jašinskiene
  • Ghazi Mabrouk
Course level

Intermediate

Price
$0.00
Global Gateway and EU flag blank

Description

This comprehensive training program is tailored to provide attendees with practical analyst skills in Cyber Threat Intelligence (CTI) using MISP - one of the most widely used Threat Intelligence Platform (TIP) platform in the field. MISP is a powerful open-source threat intelligence platform organizations can use to store, share and receive information about malware, threats, and vulnerabilities in a structured way. Participants will examine the logic of different tasks analyst do, immerse themselves in real-world scenarios to understand how responder teams effectively leverage CTI through MISP. They will learn how to extract valuable insights from intelligence feeds and master the formulation of strategic questions to maximize organizational benefits. Additionally, the focus on the added value of contributing to the TIP will be covered, teaching participants how to create queries and share intelligence effectively. With a dedicated emphasis on intelligence sharing, students will gain crucial insights into what, how, and to whom information can be shared for various purposes. Access to the MISP platform will be provided, allowing participants to practice and complete homework assignments designed to reinforce their learning.

This training course is intended for incident response specialist and managers who are working in SOC or CISRT.  

The training courses are open for applications from all interested professionals, irrespective of their race, ethnicity, age, gender, religion, economic status and other diverse backgrounds. We strongly encourage registrations from female applicants, and applicants from developing countries (includes least developed countries, small island developing states, landlocked developing countries). 

At least basic knowledge on cybersecurity, and threat analyst job role. 

Upon completion of this course, participants will be able to:  

  • Argue about activities cyber threat analyst is doing. 
  • Quantify own practical value of CTI in daily operations. 
  • Formulate questions to research in CTI datasets. 
  • Plan justification and creation/collection of own CTI datasets. 
  • Use MISP for situational awareness, most common cyber threat intelligence tasks.  
  • Encode typical cyberthreat artifacts into MISP (for ex. scams, phishing, impersonation, technical attacks). 

The course consists of 8 modules and is divided into 4 online sessions, one session per week.  An online session lasts 3 hours with a 15-minute break.  

Three first sessions end with a practical task to be completed at the student's convenience before the next session, i.e. within one week. 

Participants will be given access to the MISP CTI platform, where they will be able to not only complete the assignments, but also practice alongside the assignments to gain a better understanding of how it works and its benefits. 

All necessary course materials and additional resources (if any) will be provided through the ITU Academy platform. 

To ensure maximum engagement and retention, the 4MAT teaching methodology will be utilized in all sessions. This involves interactive discussions on a topic, practical exercises, discussions to identify learning points, and individual notetaking to reflect on relevant habits that can be changed moving forward. At the end of each day, a review will be conducted to reinforce the key takeaways.

Students will be graded on whether or not they have completed the assignments (60% of the total, 20% per assignment) and on their active participation in the lectures (max. 40% for lecture attendance, 10% per lecture). 

A total score higher than 70% is required to obtain the ITU certificate. 

Module 1 Introduction to CTI – where it fits according to CSIRT services framework 

Key learning points

  • Introduction to and discussion about Cyber Threat Intelligence, definition and purpose.. 
  • Intelligence Lifecycle (direction, collection, processing, analysis, dissemination, evaluation).  

Training activities details

Lecturing, discussions 

 

Module 2 Situational Awareness service design and stakeholder mapping  

Key learning points

  • CTI “location” in different services model – FIRST.org CSIRT services, SOC-CMM. What to expect from CTI and how it facilitates CSIRT operations. 
  • Introduction to the MISP tool and interface 
  • Practicing searching in MISP 

Training activities details

  • Lecturing, discussions 
  • Practical assignment (homework) 

Module 3 Value of CTI technology  

Key learning points

  • CTI Outputs and deliverables, MISP examples 
  • Typical CTI samples to understand their practical applications. 

Training activities details

Lecturing, discussions 

 

Module 4 CTI data modelling  

Key learning points

  • Data structures of CTI – STIX, MISP Objects, Galaxies, Tags 
  • Encoding simple threat intelligence instance 
  • Utilize internal and external threat intelligence feeds within MISP. 

Training activities details

  • Lecturing, discussions 
  • Practical assignment (homework) 

 

Module 5 Processes and workflows of Situational Awareness 

Key learning points

  • Typical activities and workflows of CTI analyst 
  • Challenges of CTI analyst 

Training activities details

Lecturing, discussions 

 

Module 6 Cyber events encoding into CTI platform 

Key learning points

  • Methods to decompose different cyberthreat events (scam, phishing etc.) into data structures 
  • Encoding scams, phishing into the MISP 

Training activities details

  • Lecturing, discussions 
  • Practical assignment (homework) 

 

Module 7 Different MISP usages 

Key learning points

  • Learning how different organizations are using MISP and other CTI platforms 
  • Lecturing, discussions 

Module 8 Sharing of CT 

  • Facilitating the exchange of Indicators of Compromise among trusted communities.  
  • Understand different sharing models in MISP (private, community, public). 
  • Configure secure sharing of CTI data with trusted partners. 

Training activities details

Lecturing, discussions 

 

Registration information

Document on registration information (English)

Unless specified otherwise, all ITU Academy training courses are open to all interested professionals, irrespective of their race, ethnicity, age, gender, religion, economic status and other diverse backgrounds. We strongly encourage registrations from female participants, and participants from developing countries. This includes least developed countries, small island developing states and landlocked developing countries.

Share in