Question 1

What Are The Laptop Requirements?

Accepted Answer

Important! Bring your own system configured according to these instructions. Students will need a laptop capable of running VMware Workstation or VMware Fusion. The host machine should have a minimum of 16GB of RAM to support running up to one VM with 4GB of RAM simultaneously. Students will also need spreadsheet software (Microsoft Excel, Google Sheets, LibreOffice, or equivalent) for data analytics processing and self-assessment skills inventory labs. Internet access is required to use vendor tools and data sets throughout the course. Students will be provided with a SIFT VM pre-configured with tools consistent with the FOR578 course environment. If you have additional questions about the laptop specifications, please contact customer service.

Question 2

Who Should Attend FOR478 Training?

Accepted Answer

FOR478 is built for a wide range of professionals who want to develop or sharpen their CTI skills:Aspirant or current CTI analysts who want to understand industry state of play, how CTI programs are structured, and how to shore up foundational practices, methodologies, or tool use Incident Responders who want to understand how CTI can assist their hunt efforts and work better with CTI peers SOC Analysts who want to understand how geopolitical dynamics impact cyber threat activities and explore natural career pathways into CTI Military, civilian intelligence, and law enforcement agents who require a baseline understanding of working cyber threats in public or private sector roles Business, systems, and risk (GRC) analysts who want to expand their job prospects in CTI and understand which skills are transferable Data scientists and intelligence engineers who need to understand CTI data, tooling, and which workflow elements can be automated

Question 3

What Will You Get?

Accepted Answer

A personalized CTI career roadmap built during the course A library of production-ready CTI program templates for immediate use after training Direct exposure to industry thought leaders through expert panel discussions 8 hands-on labs designed to replicate professional CTI research and analysis expectations A SIFT VM pre-configured with tools consistent with the FOR578 course environment

Question 4

What Are The Prerequisites For This Course?

Accepted Answer

FOR478 does not have any prerequisites.

Question 5

What Learning Path Is This Course A Part Of?

Accepted Answer

FOR478 is designed as a feeder course into more specialized SANS offerings, including:FOR578: Cyber Threat Intelligence FOR589: Cybercrime Investigations SEC497: Practical Open-Source Intelligence SEC587: Advanced Open-Source Intelligence FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics FOR528: Ransomware and Cyber Extortion  FOR610: Malware Analysis Tools and Techniques   Students looking to advance their CTI expertise should plan to progress into one of these courses after completing FOR478.

Question 6

What Is Cyber Threat Intelligence And Why Is It Important?

Accepted Answer

As cyber operations continue to evolve into a formidable capability used by states, criminal enterprises, and non-state actors, the ability to understand and communicate threat realities has become a critical organizational function. Cyber Threat Intelligence (CTI) is a customer-centric service function that applies domain expertise in cybersecurity, intelligence, and cyber threat activity and threat actor research to provide decision-support for organizational stakeholders. Rather than simply delivering a data feed, CTI analysts research adversary capabilities, intentions, and activities to produce finished intelligence products that drive better decision-making across security and risk teams.  Those decisions result in mitigating cyber risk, reducing the exposed attack surface, protecting brand reputation, and demonstrating measurable return on investment for cyber security programs.

Question 7

How Will This Course Benefit My Career?

Accepted Answer

FOR478 transforms aspirant analysts into qualified practitioners by closing knowledge gaps in CTI operations and historical adversary tradecraft. By understanding the evolution of adversary tradecraft and shifts in their decision calculus, analysts can rapidly contextualize emerging threats, cyber news, and intrusion activities by drawing on historical commonality. Students leave FOR478 with a working understanding of CTI program structure, stakeholder management, threat research workflows, and the analytic tradecraft required to succeed in a fast-growing, high-demand field.  Students learn how to use cybersecurity and external data in tandem to support stakeholders needs, learning how to pivot between various disparate data sources as part of their research, - something CTI analysts do on a daily basis. Students are exposed to key industry players and their expert insights to include lessons learned that can be immediately integrated into your analytic workflows and career planning. Students are provided with the time, space, and guidance to develop a career plan that maps to current CTI industry needs. A library of production-ready CTI program templates for immediate use after training to help drive the current state of your CTI program, making you look like a rockstar to your leadership team.

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

FOR478: Cyber Threat Intelligence Foundations

Course Overview

What You'll Learn

Business Takeaways

Meet Your Authors

John Doyle

Andreas Sfakianakis

Josh Darby MacLellan

Course Syllabus

Section 1Foundational Elements of a CTI Program

Topics covered

Labs

Section 2Cyber Threats and Stakeholder Workflows

Topics covered

Labs

Things You Need To Know

Learn Alongside Leading Cybersecurity Professionals From Around The World

Benefits of Learning with SANS