DEF CON Training
Bobby Thomas, Matthew Lamanna, Kyle Smathers, Nathan Johnson - Cyber Threat Intelligence Analysis Course $1,900
Cyber Threat Intelligence Analysis (CTIA) Course
This course presents the fundamentals of cyber threat intelligence (CTI) and guides analysts in the application of intelligence to enable proactive defensive operations and support incident response. The threat environment is growing more complex and correspondingly, costs to businesses affected by malevolent activity is also increasing. Intelligence is information that has been analyzed and refined to meet the needs of the cyber defenders and/or decision makers. Cyber Threat Intelligence should use the intelligence operations cycle of Planning and Direction, Collection, Processing and Exploitation, Analysis and Production, Dissemination and Integration, and Evaluation and Feedback to facilitate its mission. The end state should characterize, investigate, and attribute indicators of compromise (IOCs) to advanced persistent threats (APTs) and the application of adversarial profiles to tactics, techniques, and procedures (TTPs) in order to proactively defend networks. CTI analysts should work to identify and generate threats relevant to client requirements, illuminating adversary’s exploitation methodology and motivation, applying them in a structured way not only to integrate but to drive an organization’s DCO posture.
This course applies the intelligence cycle to the full-spectrum exercise of proactive network defense. When properly employed, this process fosters a cyber environment of pre-emptive action. Network defenders and operators are provided with the necessary tactics, techniques, and procedures (TTPs) to generate timely and relevant intelligence. Such intelligence informs stakeholders and applies network fortifications before compromise.
- Introduction to Threat Intelligence
- What is Intelligence?
- Intelligence vs. information vs evidence
- The intelligence cycle: Information into intelligence
- Reducing uncertainty
- Bias and Cognition
- Planning and Direction
- Planning and Direction
- Intelligence planning: Strategic, operational, tactical, and technical
- PIRs, Irs, EEIs
- Cyber Threat Intelligence (CTI)-driven cyber risk management
- Risk rating methodologies
- Project management for intelligence operations
- CTI support to proactive DCO planning
- Network discovery/Topology
- Threat assessment/gap analysis
- Exercise: Risk rating methodology; Explore your security controls; Write and answer a Priority Intelligence Requirements (PIRs)
- Collection, Processing, and Exploitation
- Collection Sources
- Further OSINT resources
- Mitigation strategies/Counterintelligence concerns
- Dedicated cybersecurity intelligence repositories
- The Dark Web
- Data collection and analysis
- Malware collection and forensics
- Memory forensics
- Processing and Exploitation
- Exercise: Generate Intelligence Collection Requirements (ICRs); Maltego; Research a given domain
- Analysis and Production
- Analysis and Production
- Analysis overview
- CTI Objectives
- CTI Models and Frameworks
- Structured Analytic Techniques (SATs)
- Additional analytic concepts
- Production overview: The writing process
- Editing and final review
- CTI production categories
- Intelligence Community Directive (ICD) 203
- Exercise: Reporting
- Dissemination, Integration, Evaluation, and Feedback
- Analysis and Production/CTI report categories
- Dissemination and Evaluation/Feedback
- Cyber Threats and Network Security Operations
- Cyber Threats
- Network Security Operations
- Final Capstone
Deloitte is recognized as a global leader in Security Consulting, Cybersecurity Incident Response Services, Managed Cloud Services, and Strategic Risk Management Consulting. Deloitte is considered one of the “Big Four” accounting firms and is the largest professional services organization in the world.
20+ years of experience in Cyber Security Career Field. Bobby served with the Air Force where he was a Cyber Operator most of his career. He was also a previous Intelligence Analyst with the Air Force. Bobby currently works for Deloitte as a Hunt Instructor. He enjoys working out and traveling with his family. Their favorite vacation spot is anywhere there are relaxing beaches and good restaurants to visit.
Awarded July 04, 2022
ISC2 Member ID 830294
20+ years of experience working in both the government and commercial Cybersecurity industry. Served in the Air Force for 21 years as a Cyber Operator in different operational roles. Nathan most recently worked for the U.S. Space Force (USSF) as the 16th Air Force Liaison to the USSF Delta 6. Past projects also include implementation and curriculum development for the Air Force Big Data Platform (ELICSAR). Nathan’s current role supports Deloitte’s Strategic Growth Offering as a DCO Hunt curriculum developer and instructor. He is currently enrolled in the SANS Graduate Certificate track in Cybersecurity Engineer (Core) and expects to graduate summer of 2024. His off time includes spending time with family, traveling and cycling.
CE Awarded July 02, 2015
Member ID COMP001008448250
Awarded April 18, 2012
Matt Lamanna is a Specialist Master in Deloitte Risk & Financial Advisory. Current focus areas include business development within New Mexico & Texas as well as being the deputy program manager on the United States Space Force (USSF) Space Operations Command Intelligence and Cyberdefense Enterprise Services (SPICES) contract. Matt is also the cybersecurity lead for a HQ USAF A2/6O Enterprise Digital Transformation project, and Defensive Cyber Operations project. Lastly, he is part of two Deloitte Strategic Growth Offerings; a big data platform and defensive cyber for on-orbit space vehicles.
Before joining Deloitte Matt spent 20 years in the Air Force and retired a Master Sergeant out of the Air Force Operational Test & Evaluation Center, Kirtland AFB, NM. He spent 15 years as a Signals Intelligence Specialist and 5 years in offensive cyberspace operators and cyber threat intelligence.
GSEC, Awarded 2013
GCIH, Awarded 2013
Root9B OCO Operator, Awarded 2013
Battle tested cybersecurity professional, capabilities developer, and leader. Previously an active duty Air Force Officer of 10 years, current Air Force reserve member. Experienced with state-of-the-art cybersecurity platforms, training and missions. Previously served on a Cyber Protection Team as the lead threat hunter, wrote the requirements for the Air Force’s ‘Interceptor’ hunting platform and taught as a formal training instructor.
In my free time I am either with my family, riding my bicycle or working on a house project.
CISSP- Awarded Oct, 2017
Elastic Certified Analyst – Sept 2022
VMWare Certified Professional-Data Center Virtualization – April 2022
Basic understanding of defensive cyber operations or basic understanding of security controls.
Students should bring:
Students will need to bring their personal laptops.
DATE: August 14th-15th 2023
TIME: 8am to 5pm PDT
VENUE: Caesars Forum, Las Vegas, NV
TRAINER: Bobby Thomas, Matthew Lamanna, Kyle Smathers, Nathan Johnson
- 16 hours of training with a certificate of completion.
- 2 coffee breaks are provided per day
- Note: Food is not included
Registration terms and conditions:
Trainings are refundable before July 1st, the processing fee is $250.
Trainings are non-refundable after July 10th, 2023.
Training tickets may be transferred. Please email us for specifics.
Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.
By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.