• Threat intelligence analysts, threat hunters, or specialists
• Security operations (SOC) analysts and incident responders
• Cybersecurity engineers who want to incorporate intelligence into their defenses
• Professionals in roles such as security operations, threat research, risk & compliance
• Mid to senior cybersecurity practitioners with some experience (often 3+ years)

• Solid understanding of networking, security fundamentals, and incident response workflows
• Familiarity with security tools and logging, basic scripting or data processing
• Some exposure to OSINT, malware analysis, or security operations environments
• While not always required, 2–3 years of relevant cybersecurity experience is often recommended

• Understand and differentiate between data, information, and intelligence, and apply them in security contexts
• Plan and develop a threat intelligence program with clear requirements, PIRs, and stakeholder alignment
• Collect, validate, and process threat data from diverse sources (OSINT, HUMINT, malware feeds)
• Analyze threat data using structured methodologies (e.g. SACH, ACH), threat modeling, profiling
• Generate and deliver actionable intelligence via high-quality reports tailored for different audiences
• Integrate threat intelligence into SOC workflows, incident response, detection engineering, and risk programs
• Perform threat hunting and detection using intelligence-informed hypotheses and automation
• Apply frameworks such as Kill Chain, MITRE ATT&CK, TTP mapping, IoCs, actor profiling
• Collaborate and share intelligence in regulated, legal, or cross-organizational environments
• Evaluate and mature a threat intelligence practice, measure effectiveness, iterate improvements

• Definition, essential terminology: data vs information vs intelligence
• Intelligence vs information vs data
• Threat intelligence lifecycle and stages
• Threat intelligence strategy, maturity models, frameworks
• Types of threat intelligence: strategic, operational, tactical, technical
• Integration of threat intelligence in SIEM and incident response contexts
• Use cases and expectations in organizations

• Understanding cyber threats: actors, motives, intent, capability, opportunity
• Advanced Persistent Threats (APT) lifecycle
• Cyber Kill Chain methodology, tactics/techniques/procedures (TTPs)
• Indicators of Compromise (IoCs), pyramid of pain
• Adversary modeling and profiling

• Assessing organization’s threat landscape and requirements
• Priority Intelligence Requirements (PIRs), scoping the program
• Rules of engagement, NDAs, stakeholder alignment
• Building a threat intelligence team, roles and competencies
• Threat intelligence sharing: platforms, partners, regulations
• Program review, metrics, feedback loops

• Data collection methods: OSINT, HUMINT, threat feeds, malware analysis
• Collection management, validating reliability of sources
• Bulk data collection, dark web / deep web harvesting
• Data processing, normalization, sampling, enrichment
• Structuring and storing threat data
• Threat data collection in cloud environments

• Data contextualization and threat analysis
• Analytical techniques: Structured Analysis of Competing Hypotheses (SACH), ACH, statistical methods
• Threat modeling and profiling
• Fine-tuning and evaluating threat analysis
• Building runbooks and knowledge base
• Use of threat intelligence tools for analysis

• Designing threat intelligence reports for different audiences
• Delivery mechanisms, report formats, executive vs tactical
• Intelligence sharing standards, platforms, legal & regulatory considerations
• Integration of intelligence into operations and systems
• Collaboration and sharing models (e.g. ISACs, CERTS)

• Threat hunting fundamentals, process, methodology
• Threat hunting automation, hypothesis generation
• Detection engineering, data pivoting, enrichment
• Hunting in cloud and hybrid environments
• Use of ATT&CK, playbooks, sensor placement

• Embedding intelligence into SOC operations and alerting
• Incident response enhancement via threat intel (TTPs, indicators)
• Risk management: threat-informed risk decisions
• Use of intelligence in threat scenario planning
• Program maturity and feedback into operations