Hello SANS Community! In an effort to continue to improve our training offerings, we authored this blog to gauge interest in a potential foundations of cyber threat intelligence course as a bridge course that would set students up for the more advanced FOR578 course. Recently, SANS received anecdotal feedback that mid-career professionals and aspirant cyber threat intelligence analysts would benefit from taking an introduction course before moving into the advanced, faster pace FOR578.
While some FOR578 instructors have created additional boot camps outside of course hours or primers describing how to and use cases for various tools, this introductory course would codify these knowledge, skills, and ability gaps using presentation, interactive discussion, and real world stories.
Within the survey, we would like to seek input on level of interest, topical coverage, and course duration with an emphasis on the underpinning elements of cyber threat analysis and analytic tradecraft to include:
- Foundational IT concepts surrounding enterprise networks and operating systems;
- The evolution of operating system and application cyber security measures;
- Internal data sources on computer systems, digital forensics principles, and artifacts of attacker activity;
- Cyber security frameworks, best practices, and discipline favorite tools;
- Organizational integration, business acumen, and alignment to drivers of cyber security investment;
- The composition of nation-state and criminal hacking programs;
- How cyber operations are used as a tool of statecraft to support national level strategic and tactical priorities;
- Conceptualizing industry-specific threats and organizational crown jewels;
- Effective ways to construct written intelligence products and briefings to deliver high impact messages to senior leaders and operational and technical audiences;
- Cyber threat intelligence analysts types—strategic, operational, and tactical—and the skills needed for each.
We encourage survey participants to review the FOR578 course page and recent SANS blog post by one of our FOR578 instructors, John Doyle, that maps out FOR578 course coverage juxtaposed against knowledge, skills, and abilities required within the cyber threat intelligence field. We welcome any and all participation from FOR578 alumni and other practitioners alike. Many thanks in advance for taking the time to fill out the short survey.