Learning Objectives

With the completion of this course, participants will:

• Conduct intelligence analysis of cyber activities
• Analyze threat data collected to detect cyberthreats exploiting vulnerabilities and present evidence
• Understanding of the theory and practice of cyber threat intelligence operations
• Develop capabilities to undertake operational Threat Intelligence activities
• Integrate event logs and alerts from different data sources
• Implement Threat Detection.

Who Should Attend?

• Professionals who are seeking to establish themselves within the Threat Intelligence industry.
• Prerequisite: Basic Knowledge of OS, Network Operations.

Prerequisites & Exams

Recommended Prerequisites:

Before attending this course, students are recommended to have:

• Polytechnic Diploma
• Demonstrate familiarity with basic Operating System and Networking concept.

Certification Exam

The CREST Practitioner Threat Intelligence Analyst CPTIA examination is an entry-level qualification aimed at individuals who are seeking to establish themselves within the Threat Intelligence industry. There is no requirement for a candidate to have a specified amount of previous experience working in the Threat Intelligence industry.

Number of Questions : 120

Duration : 2 Hours

Format : Multiple choice questions

Location : Pearson Vue Testing Center

Passing Score

Successful candidates must score 70% of the available marks in each component. That is: at least 84 marks from the written component (possible total: 120 marks).

Unsuccessful candidates will be told their final scores in the sections where they didn’t reach the required pass mark.

Course Outline

Day 01

1. Organizational Security Posture

• 1.1. Review of security posture
• 1.2. Identify Risk Scenarios

2. Threat Intelligence

• 2.1. Threat Intelligence
• 2.2. Internal Threat Intelligence
• 2.3. External Threat Intelligence
• 2.4. Lab 1

3. Vulnerability Analysis and Threat Modelling

• 3.1. Malwares and Exploits
• 3.2. Vulnerability Analysis
• 3.3. Threat Modelling

4. Threat Detection and Threat Hunting

• 4.1. Review Cyber Kill Chain
• 4.2. Threat Hunting using TTP (Techniques Tactic Procedures)

Day 02

5. Intrusion Detection and Monitoring Technologies

• 5.1. Organizational guidelines covering Technical, Cost, Human Resources and Quality aspects
• 5.2. End Point Detection Solutions
• 5.3. Network Detection Solutions
• 5.4. Cloud Detection Solutions

6. Central Monitoring and Detection

• 6.1. SIEM (Security Information Event Management)
• 6.2. Cloud Data Lake
• 6.3. Security Orchestration Automation Response

Day 03

7. Implementation and testing of monitoring technologies

• 7.1. Reports Templates for penetration test results
• 7.2. Intrusion Detection Implementation
• 7.3. Incident Response Technologies

8. Cyber Range Exercise

• 8.1. Familiarization
• 8.2. Cyber range
• 8.3. Post Cyber Range Review