Training
Featured CourseView All Courses

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SEC595Cyber Defense, Artificial Intelligence
SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
View course detailsRegister
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
NEW - AI Security Training
Can't find what you are looking for?

Let us help.

Contact us
Free Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

Customer Case Studies

Discover how organizations and individual cyber practitioners use SANS training and GIAC certifications

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Contact Sales
Contact Sales

NEW2CTI | Bling-up Your Intelligence Requirements: Enhancing Your CTI Requirements With the Diamond Model Of Intrusion Framework

Download File
NEW2CTI | Bling-up Your Intelligence Requirements: Enhancing Your CTI Requirements With the Diamond Model Of Intrusion Framework (PDF, 1.24MB)Last updated: 26 Jan, 2026
Presented by:
Sherman Chu
Sherman Chu

Developing intelligence requirements is a recurring challenge often highlighted by the CTI community. Despite numerous great write-ups, discussions, and presentations on extracting and converting stakeholder needs into intelligence requirements, there is still plenty of room to explore practical ways of using requirements to evaluate and improve CTI lifecycles continuously.

One such method involves leveraging core concepts from the Diamond Model of Intrusion Analysis.

This presentation will examine and walk through how core principles from the Diamond Model can be integrated with cyber threat intelligence requirements. The overall goal is to demonstrate how Diamond Model-driven intelligence requirements enable CTI teams to continually assess and enhance the intelligence cycle, ultimately resulting in improved finished intelligence for stakeholders.

The audience can expect to learn how to practically layer their intelligence requirements with fundamental concepts from the Diamond Model of intrusion analysis. We will also break down how Diamond-model-driven intelligence requirements empower each phase of the intelligence lifecycle.

SANS Cyber Threat Intelligence Summit 2026

Presenter

Sherman Chu
Sherman Chu

Sherman Chu

As the CTI lead for BlackRock, Sherman Chu focuses on applying threat-informed defense to empower security through systematic adversary analyses.

Read more about Sherman Chu

Related Resources

Can We Forecast Our Own Fate? Mapping the Future of the CTI Industry with SATs

Summit PresentationDigital Forensics and Incident Response
  • 27 Jan 2026
  • Josh Darby MacLellan
  • SANS Cyber Threat Intelligence Summit 2026

From Overwhelm to Impact: A Prioritization Matrix

Summit PresentationDigital Forensics and Incident Response
  • 27 Jan 2026
  • Alex Berninger
  • SANS Cyber Threat Intelligence Summit 2026

Malware Magic: Revealing Intel Leads Without Reverse Engineering

Summit PresentationDigital Forensics and Incident Response
  • 27 Jan 2026
  • Christina Johns
  • SANS Cyber Threat Intelligence Summit 2026

Can’t Stop, Won’t Stop: TA584 Innovates Initial Access

Summit PresentationDigital Forensics and Incident Response
  • 27 Jan 2026
  • Selena Larson
  • SANS Cyber Threat Intelligence Summit 2026

Poison in the Digital Well: Intelligence-Driven Defense Against Supply Chain Attacks

Summit PresentationDigital Forensics and Incident Response
  • 27 Jan 2026
  • Shilpi Mittal
  • SANS Cyber Threat Intelligence Summit 2026

Keynote | From Theory to Tradecraft: Building Detection Systems to Track AI-Enabled Adversaries

Summit PresentationDigital Forensics and Incident Response
  • 27 Jan 2026
  • Kyla Guru
  • SANS Cyber Threat Intelligence Summit 2026

Related Courses

  • Slide 1 of 15

    FOR589: Cybercrime Investigations

    Intermediate
    FOR589Digital Forensics and Incident Response
    FOR589: Cybercrime Intelligence
    • 5 Days (Instructor-Led)
    • 30 CPEs / 30 Hours (Self-Paced)
    • Labs: 20 Hands-On Labs

    View course detailsRegister
  • Slide 2 of 15

    FOR585: Smartphone Forensic Analysis In-Depth

    Major Updates
    AI SKILLS
    Essentials
    FOR585Digital Forensics and Incident Response
    FOR585: Smartphone Forensic Analysis In-Depth
    • GIAC Advanced Smartphone Forensics (GASF)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 22 Hands-On Labs

    View course detailsRegister
  • Slide 3 of 15

    FOR608: Enterprise-Class Incident Response & Threat Hunting

    updated
    Intermediate
    FOR608Digital Forensics and Incident Response
    FOR608: Enterprise-Class Incident Response & Threat Hunting
    • GIAC Enterprise Incident Responder (GEIR)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 20 Hands-On Labs

    View course detailsRegister
  • Slide 4 of 15

    FOR518: Mac and iOS Forensic Analysis and Incident Response

    updated
    Intermediate
    FOR518Digital Forensics and Incident Response
    FOR518: Mac and iOS Forensic Analysis and Incident Response
    • GIAC iOS and macOS Examiner (GIME)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 23 Hands-On Labs

    View course detailsRegister
  • Slide 5 of 15

    FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics

    updated
    Intermediate
    FOR508Digital Forensics and Incident Response
    FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
    • GIAC Certified Forensic Analyst (GCFA)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 35 Hands-On Labs

    View course detailsRegister
  • Slide 6 of 15

    FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques

    Advanced
    FOR610Digital Forensics and Incident Response
    FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
    • GIAC Reverse Engineering Malware (GREM)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 48 Hands-On Labs

    View course detailsRegister
  • Slide 7 of 15

    FOR578: Cyber Threat Intelligence

    Intermediate
    FOR578Digital Forensics and Incident Response
    FOR578: Cyber Threat Intelligence
    • GIAC Cyber Threat Intelligence (GCTI)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 20 Hands-On Labs

    View course detailsRegister
  • Slide 8 of 15

    FOR509: Enterprise Cloud Forensics and Incident Response

    Major Updates
    Intermediate
    FOR509Digital Forensics and Incident Response
    FOR509: Enterprise Cloud Forensics and Incident Response
    • GIAC Cloud Forensics Responder (GCFR)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 23 Hands-On Labs

    View course detailsRegister
  • Slide 9 of 15

    FOR528: Ransomware and Cyber Extortion

    Intermediate
    FOR528Digital Forensics and Incident Response
    FOR528: Ransomware and Cyber Extortion
    • 4 Days (Instructor-Led)
    • 24 CPEs / 24 Hours (Self-Paced)
    • Labs: 13 Hands-On Labs

    View course detailsRegister
  • Slide 10 of 15

    FOR577: LINUX Incident Response and Threat Hunting

    Intermediate
    FOR577Digital Forensics and Incident Response
    FOR577: LINUX Incident Response and Threat Hunting
    • GIAC Linux Incident Responder (GLIR)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 23 Hands-On Labs

    View course detailsRegister
  • Slide 11 of 15

    FOR710: Reverse-Engineering Malware: Advanced Code Analysis

    Advanced
    FOR710Digital Forensics and Incident Response
    FOR710: Reverse-Engineering Malware: Advanced Code Analysis
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 12 Hands-On Labs

    View course detailsRegister
  • Slide 12 of 15

    FOR498: Digital Acquisition and Rapid Triage

    Essentials
    FOR498Digital Forensics and Incident Response
    FOR498: Digital Acquisition and Rapid Triage
    • GIAC Battlefield Forensics and Acquisition (GBFA)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 20 Hands-On Labs

    View course detailsRegister
  • Slide 13 of 15

    FOR563: Applied AI for Digital Forensics and Incident Response: Leveraging Local Large Language Models

    new
    AI-FOCUSED
    Intermediate
    FOR563Digital Forensics and Incident Response, Artificial Intelligence
    FOR509: Enterprise Cloud Forensics and Incident Response
    • 1 Day (Instructor-Led)
    • 6 CPEs / 6 Hours (Self-Paced)
    • Labs: 4 Hands-On Labs

    View course detailsRegister
  • Slide 14 of 15

    FOR500: Windows Forensic Analysis

    updated
    Essentials
    FOR500Digital Forensics and Incident Response
    FOR500: Windows Forensic Analysis
    • GIAC Certified Forensic Examiner (GCFE)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 22 Hands-On Labs

    View course detailsRegister
  • Slide 15 of 15

    FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response

    Advanced
    FOR572Digital Forensics and Incident Response
    FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
    • GIAC Network Forensic Analyst (GNFA)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 20 Hands-On Labs

    View course detailsRegister