Training
Featured CourseView All Courses

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SEC595Cyber Defense, Artificial Intelligence
SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
View course detailsRegister
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
NEW - AI Security Training
Can't find what you are looking for?

Let us help.

Contact us
Free Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

Customer Case Studies

Discover how organizations and individual cyber practitioners use SANS training and GIAC certifications

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Contact Sales
Contact Sales

Threat Analyst

Return To SAP HomepageJoin The SANS Community
SAP

Role Description 

A Threat Analyst, or Cyber Threat Intelligence Analyst, specializes in gathering, analyzing, and applying intelligence about potential cyber threats. Their mission is to equip organizations with actionable insights to proactively detect, prevent, and respond to attacks, helping defenders stay ahead of adversaries and evolving threats.

BLUF 

Threat Analysts must progress from fundamental security knowledge (T1) to applied intelligence gathering and analysis (T2–T3), and ultimately into advanced adversary tracking and intelligence integration (T4–T5). This roadmap ensures they can transform raw data into intelligence that drives enterprise defense decisions.

Development Roadmap with TKS Alignment

T1 – Novice (Foundations)

Course: SEC275 / SEC401. Aligned TKSs: 101 Security Fundamentals, K0164 Report Writing Techniques (introductory), S0021 Written Communication for Technical Audiences (basic)

  • Slide 1 of 2

    SEC275: Foundations: Computers, Technology, & Security

    Beginner
    SEC275Cyber Defense
    SEC406: Linux Security for InfoSec Professionals
    • GIAC Foundational Cybersecurity Technologies (GFACT)
    • 38 CPEs / 38 Hours (Self-Paced)
    • Labs: 90 Hands-On Labs

    View course detailsRegister
  • Slide 2 of 2

    SEC401: Security Essentials - Network, Endpoint, and Cloud

    Essentials
    SEC401Cyber Defense
    SEC401: Security Essentials - Network, Endpoint, and Cloud
    • GIAC Security Essentials (GSEC)
    • 6 Days (Instructor-Led)
    • 46 CPEs / 46 Hours (Self-Paced)
    • Labs: 20 Hands-On Labs

    View course detailsRegister

T2 – Practitioner (Applied Knowledge)

Course: SEC504. Aligned TKSs: K1010 Behavioral & Technical Indicators of Advanced Threats, K1011 Adversarial TTPS, K0252 Intelligence Gathering Techniques, T1178 Apply Threat Intelligence to Defense

SEC504: Hacker Tools, Techniques, and Incident Handling

MAJOR UPDATES
AI SKILLS
Essentials
SEC504Offensive Operations
SEC504: Hacker Tools, Techniques, and Incident Handling
  • GIAC Certified Incident Handler Certification (GCIH)
  • 6 Days (Instructor-Led)
  • 38 CPEs / 38 Hours (Self-Paced)
  • Labs: 44 Hands-On Labs

View course detailsRegister

T3 – Advanced (Specialized Knowledge)

Course: SEC565. Aligned TKSs: K1012 APT Groups & TTPs, K1013 Threat Modeling Techniques, K1023 Intelligence Requirements, T1176 Analyze Threat Intelligence Reports, T1177 Produce Threat Intelligence

SEC565: Red Team Operations and Adversary Emulation

MAJOR UPDATES
Intermediate
SEC565Offensive Operations
SEC565: Red Team Operations and Adversary Emulation
  • GIAC Red Team Professional (GRTP)
  • 6 Days (Instructor-Led)
  • 36 CPEs / 36 Hours (Self-Paced)
  • Labs: 28 Hands-On Labs

View course detailsRegister

T4 – Expert (Enterprise Integration)

Course: FOR578. Aligned TKSs: K0253 Threat Intelligence Sources, S0405 Use OSINT to Enrich Indicators, S0695 Skill in Performing OSINT Research, S0890 Skill in Performing Threat Analysis, T1180 Track Adversary Infrastructure

FOR578: Cyber Threat Intelligence

MAJOR UPDATES
Intermediate
FOR578Digital Forensics and Incident Response
FOR578: Cyber Threat Intelligence
  • GIAC Cyber Threat Intelligence (GCTI)
  • 6 Days (Instructor-Led)
  • 36 CPEs / 36 Hours (Self-Paced)
  • Labs: 20 Hands-On Labs

View course detailsRegister

T5 – Expert / Mentor (Strategic Threat Intelligence Leadership)

Course: SEC497. Aligned TKSs: K0252 / K0253 Intelligence Gathering & Sources (executive refinement), S0405 / S0695 OSINT Enrichment & Research (mentor level), T1177 / T1178 Threat Intel Production & Application (strategic oversight)

SEC497: Practical Open-Source Intelligence (OSINT)

Intermediate
SEC497Cyber Defense
SEC497: Practical Open-Source Intelligence (OSINT)
  • GIAC Open Source Intelligence (GOSI)
  • 6 Days (Instructor-Led)
  • 36 CPEs / 36 Hours (Self-Paced)
  • Labs: 29 Hands-On Labs

View course detailsRegister