Advanced Cyber Threat Intelligence

Do you want to take your cyber threat intelligence skills to the next level so you can better protect your organization? Learn to leverage existing data sources, reduce false positives, and use models like the Cyber Kill Chain, and the MITRE ATT&CK framework to structure your analysis in this Advanced Cyber Threat Intelligence course.

Course Content

1.1 Course Introduction


Module 1: Introduction
3.1 Introduction to Data Processing


Module 3: Data Management and Processing
5.1 Introduction to Campaigns


Module 5: Campaign Analysis
7.1 Introduction to Dissemination


Module 7: Dissemination and Sharing
8.1 Summary


Module 8: Summary
3.2 Common CTI Standards Part 1


Module 3: Data Management and Processing
5.2 Heatmap Analysis


Module 5: Campaign Analysis
6.2 Cognitive Biases


Module 6: Attribution
7.2 Tactical Intelligence


Module 7: Dissemination and Sharing
2.3 External Data Sources


Module 2: Collection
3.3 Common CTI Standards Part 2


Module 3: Data Management and Processing
5.3 Visual Analysis


Module 5: Campaign Analysis
6.3 Logical Fallacies


Module 6: Attribution
7.3 Operational Intelligence


Module 7: Dissemination and Sharing
3.4 Storage and Integration


Module 3: Data Management and Processing
Course Description

Cyber threats keep getting more complex and sophisticated and security teams cannot continue playing whack-a-mole. Basic methods and tools are no longer efficient against these emerging threats. This is why moving towards more data driven security is a necessity and of course all of this requires specific skills that you will be learning through this course. This course, Advanced Cyber Threat Intelligence, is built with the intelligence cycle in mind to create a consistent image and a logical sequence of how to build and leverage a Threat Intelligence program.

So, you will be interested to enroll in the course if you already have some basic knowledge about cyber threat intelligence and you are looking for a course to enhance your existing skills, or perhaps you are building a new Cyber Threat Intelligence program for your organization. The advanced Cyber Threat Intelligence course will benefit security practitioners and individuals interested in preventing cyber threats. In this course, we will discuss how Threat Intelligence can help you leverage your existing data sources to extract useful information and how to find complementary information and intelligence from external sources. We will also explain how to get actionable data through the process of vetting and the importance of this task to reduce efforts on false positives investigations.

The next part will be dealing with analysis of intrusion and campaigns. It can help you structure your analysis using models and techniques like the Analysis of Competing Hypotheses, the Cyber Kill Chain and MITRE ATT&CK. A full part will be dedicated to campaign investigation and its sophisticated analysis methods such as Visual analysis and Heatmap analysis. Another interesting part of the analysis is attribution. Working on complex investigations can often lead to create confusion or even push analysts to use shortcuts to come up with conclusions especially related to attribution. At some point, it becomes a handicap to think properly but if the analysts are unable to identify these issues, they won’t be able to defeat them. For this reason, one of the modules will discuss biases and logical errors identification and giving advice on how to manage them.

And finally, one of the key concepts of Cyber Threat Intelligence is dissemination. Therefore, it is essential to choose the right format of intelligence to share based on your targeted audience (tactical, operational, strategic).


  • Familiar with networking essentials
  • Familiar with security terminology (Firewall, SIEM, IPS, …)
  • Complete the “Intro to Cyber Threat Intelligence” course
  • Basic OSINT knowledge
  • Basic understanding of the Cyber Kill Chain
  • Basic understanding of data analysis
  • Course Goals

    By the end of this course, students should be able to:

  • Run a threat intelligence program for an organization
  • Collect and select relevant intelligence to enhance detection and response
  • Analyze a campaign using ACH
  • Understand the mindset of modern attackers and adapt detection & response strategies based on Cyber Threat Intelligence analysis
  • Challenge and manage biases in intrusion analysis
  • Provide actionable advice about emerging threats
  • Build and disseminate threat intelligence reports based on the intended audience

    This course is part of a Career Path:
    SOC Analyst, Level 2 Certification Prep, Training & Courses
    This Career Path is for a Security Operations Center Analyst (SOC Analyst). This particular Career Path covers a more intermediate-level SOC role. As a SOC Analyst, your primary duty is to ensure that the organization’s digital assets are secure and protected from unauthorized access. That means that you are responsible for protecting both online and on-premise infrastructures, monitoring data to identify suspicious activity, and identifying and mitigating risks before there is a breach. In the event that a breach does occur, a SOC analyst will be on the front line, working to counter the attack. This career path is aligned to the Cyber Defense Incident Responder NICE/NIST Work Role.

    Instructed by

    Alyssa Berriche

    I am a Senior Cyber Threat Intelligence Analyst with 3+ years of professional experience in cybersecurity field and have been a cyber security college instructor for more than two years. My first steps in the cybersecurity field were during my college years, within the organization “SecuriNets," where I had the chance to become the president from 2014 to 2015 and participated on the organization of the national security day “Securiday."

    For my non-work-related activities, I’m a cat-mom, so taking care of my cats represents an important part of my day-to-day life. On my free time, I enjoy writing articles on my magazine (, I do media coverage of geek events and cyber security events.

    I joined Cybrary as a regular member more than 2 years ago and I’ve been watching the growth of the platform and enrolled to few courses. I found out about the TA and Instructor programs though one of the email notifications, so I first applied as a TA and joined the community. Quickly after that I saw that there was a Cybrary course waiting for an instructor, so I wondered if it was the right time to give back to the community and start sharing. I applied for the instructor position and started my first course right away!

    Cybrary Logo
    Certification Body
    Certificate of Completion

    Complete this entire course to earn a Advanced Cyber Threat Intelligence Certificate of Completion