Certified Cyber Threat Intelligence Analyst (CCTIA) - Threat Intelligence & Security Professionals

Duration: 5 Days

Modes: In-Person, Live Online, On-Site

Stop reacting. Start anticipating. This hands-on programme teaches you to collect, analyse, and operationalise cyber threat intelligence that drives real security decisions. Learn to track adversaries, map their tactics, and give your organisation the intelligence advantage before the next attack hits.

Speak to a Training Advisor

Course Objectives

Understand the fundamentals of cyber threat intelligence and its role in organisational security

Learn structured intelligence analysis methodologies and frameworks

Master Open Source Intelligence (OSINT) collection techniques and tools

Understand threat actor profiling, attribution, and tracking methodologies

Learn to map threat intelligence to the MITRE ATT&CK Framework

Understand how to integrate threat intelligence into SOC operations, incident response, and risk management

Learn to produce actionable intelligence reports for technical and executive audiences

Understand the dark web, underground forums, and adversary communication channels

Expected Outcomes

Collect and process intelligence from multiple open and closed sources

Analyse threat data using structured analytic techniques

Profile threat actors and map their tactics, techniques, and procedures (TTPs)

Produce strategic, operational, and tactical intelligence products

Integrate threat intelligence into SIEM detection rules and incident response workflows

Brief executive leadership and technical teams on the evolving threat landscape

Conduct dark web monitoring and underground forum analysis

Build and manage a threat intelligence programme for your organisation

Training Modules

1. Fundamentals of Cyber Threat Intelligence

1. What is cyber threat intelligence and why it matters
2. Intelligence lifecycle: Direction, Collection, Processing, Analysis, Dissemination
3. Types of intelligence: Strategic, Operational, Tactical, Technical
4. Threat intelligence frameworks and standards (STIX, TAXII)
5. Intelligence requirements and priority intelligence requirements (PIRs)

2. OSINT Collection and Analysis

1. Open Source Intelligence (OSINT) methodologies
2. OSINT tools and platforms for threat intelligence
3. Social media intelligence (SOCMINT)
4. Technical intelligence gathering: DNS, WHOIS, certificate transparency
5. Hands-on OSINT collection exercises

3. Threat Actor Profiling and Attribution

1. Threat actor taxonomy: nation-state, cybercriminal, hacktivist, insider
2. Adversary profiling and motivation analysis
3. Campaign tracking and attribution techniques
4. Diamond Model of Intrusion Analysis
5. Hands-on threat actor profiling exercises

4. MITRE ATT&CK for Threat Intelligence

1. Understanding the ATT&CK Framework for intelligence operations
2. Mapping adversary TTPs to ATT&CK techniques
3. Using ATT&CK Navigator for threat analysis
4. Building detection strategies from threat intelligence
5. Hands-on ATT&CK mapping exercises

5. Dark Web Intelligence and Monitoring

1. Introduction to the dark web ecosystem
2. Underground forums, marketplaces, and communication channels
3. Monitoring techniques for early warning indicators
4. Credential leak monitoring and data breach intelligence
5. Operational security for dark web research

6. Intelligence Production and Reporting

1. Structured analytic techniques for intelligence analysis
2. Writing intelligence assessments, briefs, and reports
3. Tailoring intelligence products for different audiences (CISO, SOC, Board)
4. Intelligence sharing and collaboration frameworks
5. Hands-on report writing and briefing exercises

7. Operationalising Threat Intelligence

1. Integrating intelligence into SOC operations and SIEM
2. Threat intelligence platforms (TIP) overview
3. Automated indicator enrichment and correlation
4. Measuring the effectiveness of a threat intelligence programme
5. Building a threat intelligence capability from the ground up

Certification & Accreditation

Certification Path 1: GlobalACE Certification

The GlobalACE certification is designed to align with internationally recognised Knowledge, Skills, and Attitudes (KSA) standards for Information Security Professionals. Candidates are assessed through a combination of multiple choice questions, practical assessments, assignments, and case studies. Examinations are conducted at authorised centres across participating member countries, and successful candidates are eligible to apply as Associate or Professional Members under the GlobalACE framework, recognised in 64+ countries.

Certification Path 2: CyberKnights Certification

The CyberKnights certification is conducted through the KALAM platform, a purpose-built cybersecurity examination and skills validation system. Candidates take a 25-question MCQ exam within 60 minutes, with a pass mark of 70%. Exam fees are inclusive in the course fees. All certified candidates receive complimentary membership access to the KALAM Cybersecurity Collaboration and Community Skills Validation Platform, giving them access to an active community of security professionals.

Frequently Asked Questions

Is this course suitable for SOC analysts looking to specialise in threat intelligence?

Yes. Many SOC analysts transition into threat intelligence roles. This programme builds on your existing detection and analysis skills and adds structured intelligence methodologies, OSINT tradecraft, and adversary profiling capabilities.

What tools will I learn to use during the course?

You will work with OSINT collection tools, MITRE ATT&CK Navigator, threat intelligence platforms, dark web monitoring tools, and structured analytic frameworks. All labs use industry-relevant tools and datasets.

Does the course cover threat intelligence for the APAC region?

Yes. The course includes case studies and threat actor profiles relevant to the APAC region, including nation-state actors and cybercriminal groups targeting Southeast Asian organisations.

How does threat intelligence help with regulatory compliance?

Threat intelligence supports compliance with MAS TRM, PDPA, and CSA CCoP 2.0 by providing early warning of emerging threats, improving incident response times, and demonstrating proactive risk management to regulators.

Can this programme be customised for our organisation's threat landscape?

Yes. We offer private on-site delivery where the exercises and case studies can be tailored to your industry, geography, and specific threat actor profiles most relevant to your organisation.

What career paths does this certification support?

CCTIA supports roles including Threat Intelligence Analyst, Cyber Threat Hunter, Intelligence Manager, SOC Analyst (Tier 2/3), Security Consultant, and CISO advisory positions.