FOR578: Cyber Threat Intelligence will equip you, your security team, and your organization in the tactical, operational, and strategic level cyber threat intelligence skills and tradecraft required to better understand the evolving threat landscape and to accurately and effectively counter those threats.

Learning Outcome

Every security practitioner should attend the FOR578: Cyber Threat Intelligence course . This course is unlike any other technical training you have experienced. It focuses on structured analysis in order to establish a solid foundation for any security skillset and to amplify existing skills. The course will help practitioners from across the security spectrum to:
  • Develop analysis skills to better comprehend, synthesize, and leverage complex scenarios
  • Identify and create intelligence requirements through practices such as threat modeling
  • Understand and develop skills in tactical, operational, and strategic-level threat intelligence
  • Generate threat intelligence to detect, respond to, and defeat focused and targeted threats
  • Learn the different sources to collect adversary data and how to exploit and pivot off of it
  • Validate information received externally to minimize the costs of bad intelligence
  • Create Indicators of Compromise (IOCs) in formats such as YARA, OpenIOC, and STIX
  • Move security maturity past IOCs into understanding and countering the behavioral tradecraft of threats
  • Establish structured analytical techniques to be successful in any security role

Who should Attend?

  • Security Practitioners, should attend. This course is perfect match to any Security skill set from red teamers to incident responders. The course is focused on analysis skills.
  • Incident Response Team Members who respond to complex Security incidents/intrusions and need to know how to detect, investigate, remediate, and recover from compromised systems across an enterprise
  • Threat Hunters who are seeking to understand threats more fully and how to learn from them to be able to more effectively hunt threats and counter the tradecraft behind them
  • Security Operations Center Personnel and Information Security Practitioners who support hunting Operations that seek to identify attackers in their network environments
  • Digital Forensic Analysts and Malware Analysts who want to consolidate and expand their understanding of filesystem forensics, investigations of technically advanced adversaries, incident Response tactics, and advanced intrusion investigations
  • Federal Agents and Law Enforcement Officials who want to master advanced intrusion investigations and incident Response, as well as expand their investigative skills beyond traditional host-based Digital forensics
  • Technical Managers who are looking to build intelligence teams or leverage intelligence in their organizations building off of their Technical skillsets
  • SANS Alumni looking to take their analytical skills to The next level

Eligibility Criteria

  • FOR578 is a good course for anyone who has had security training or prior experience in the field. Students should be comfortable with using the command line in Linux for a few labs (though a walkthrough is provided) and be familiar with security terminology
This course is endorsed under Critical Infocomm Technology Resource Programme Plus (CITREP+) Programme.
To find out more about CITREP+ Funding, please refer to Programme Support under CITREP+ page

Information is accurate as of 6 August 2019