Threat Intelligence Fundamentals
A 6-week part-time program teaching how to produce intelligence the SOC actually uses.
About this program
Most threat-intel courses teach feeds and frameworks. This one teaches you to write briefs the duty analyst will read at 03:00. You start by mapping consumer needs, then build collection, analysis, and dissemination workflows around three real-world scenarios: a commodity ransomware campaign, an insider risk indicator, and a supply-chain compromise rumour you have to evaluate without panicking.
What is included
- Intelligence cycle with explicit consumer-needs mapping
- Source weighting and admiralty-style confidence scoring
- Diamond Model and ATT&CK enrichment exercises
- Brief writing for three audiences: SOC, CISO, and executive
- Capstone: produce a 2-page brief on a real CTI feed
By the end of the program
- 01 Map collection requirements to a specific consumer
- 02 Write a brief that gets read instead of skimmed
- 03 Decide what NOT to investigate — the harder skill
Frequently asked questions
No, but the program is more useful if you have at least seen a ticket queue. Pure-research backgrounds will get value but should expect to do extra reading on operational context.
From past cohorts
I have read three threat-intel books and this six-week program taught me more about audience than all of them combined.
Honest about what threat intel is not. That alone saved me from chasing the wrong career path.
Ready to talk through fit?
We do a 30-minute scenario walkthrough with admissions before any paid intermediate or advanced track. We will tell you honestly if a different program — or no program — would serve you better right now.