Cyber Threat Intelligence

Learn all about Cyber Threat Intelligence with great free learning resources on the Upskilld Cyber Learning Library.

Online Training


The Cuckoo’s Egg Decompiled Course

In the 1980’s, Cliff Stoll discovered a $0.75 accounting error on the computer systems he managed at Lawrence Berkeley Laboratory. This small discovery would eventually lead him on the year-long pursuit of a group of five KGB sponsored hackers who managed to access numerous US government and military networks. His story has inspired countless people to pursue the profession of information security. The Cuckoo’s Egg Decompiled is a free online course designed to provide an introduction to information security, as told through the lens of Cliff Stoll’s “The Cuckoo’s Egg” book.


The Diamond Model of Intrusion Analysis [PDF]

This paper sets out a foundational approach to conducting cyber threat intelligence analysis. The Diamond Model is widely used and referenced across the industry. It was written by Sergio Caltagirone, Andrew Pendergast and Christopher Betz. Abstract Excerpt: This paper presents a novel model of intrusion analysis built by analysts, derived from years of experience, asking the simple question, “What is the underlying method to our work?” The model establishes the basic atomic element of any intrusion activity, the event, composed of four core features: adversary, infrastructure, capability, and victim. These features are edge-connected representing their underlying relationships and arranged in the shape of a diamond, giving the model its name: the Diamond Model.


Psychology of Intelligence Analysis

Published by the CIA, this book by Richards J. Heuer, Jr. is recommended for anyone interested in intelligence. Although it is focused on the broader field of intelligence analysis (rather than cyber threat intelligence specifically), the concepts are still very applicable.


Sherman Kent and the Profession of Intelligence Analysis

Sherman Kent is is often described as "the father of intelligence analysis". This paper sets out Kent's includes an overview of Kent's analytic doctrine: 'Focus on Policymaker Concerns', 'Avoidance of a Personal Policy Agenda', 'Intellectual Rigor', 'Conscious Effort to Avoid Analytic Biases', 'Willingness to Consider Other Judgments', 'Systematic Use of Outside Experts', 'Collective Responsibility for Judgment', 'Effective communication of policy-support information and judgments', 'Candid Admission of Mistakes'.


Industrial Control Threat Intelligence Whitepaper

A whitepaper on cyber threat intelligence for industrial control system environments by Sergio Caltagirone of Dragos Inc.


How Intelligence Works - The Intelligence Cycle

From the US government Intelligence Careers website. The Intelligence Community is responsible for supplying accurate and usable information to those who make national security decisions. Generating reliable, accurate intelligence is an active, never-ending process commonly referred to as the intelligence cycle. Explore what goes into each step of the process.


The Mandiant Cyber Threat Intelligence (CTI) Analyst Core Competencies Framework

The Mandiant Cyber Threat Intelligence (CTI) Analyst Core Competencies Framework has three primary goals: empower organizations to identify areas for team or individual growth, determine appropriate development roadmaps, and align internal, external, or on-the-job training opportunities to ensure CTI skills progression; provide a guidepost for aspirant CTI analysts to tailor their studies; assist network defenders in understanding the roles and responsibilities of a CTI analyst to improve collaboration between disciplines. The framework groups competencies into four foundational pillars: Problem Solving, Professional Effectiveness, Technical Literacy, and Cyber Threat Proficiency. Each competency is then broken out into one or more series of skills with some competencies more prescriptive than others.