Cyber Threat Intelligence SIG


To define Threat Intelligence in the commercial space. To discuss common applications of threat intelligence capability with a view to agree best practice in the context of supporting effective digital forensics and incident response (DFIR) operations.


  1. Workshop on Threat Intelligence - collating a common FIRST view of threat intelligence
  2. Briefing Paper – Using Threat intelligence to Support Incident Response
  3. Creation of a FIRST wide common body of knowledge (CBK) on Threat Intelligence
    1. Definitions of commonly used terms and terminology
    2. Collate list of Open Source Threat Intelligence Tools that can be used by Threat Intelligence Teams
    3. Glossary Collate list of Cyber Threat Intelligence Feeds and sources
    4. Description of methods, models and techniques
  4. We are considering training modules as an output. There is a severe lack of training in this area at present.
  5. Stock slide-deck for FIRST members to present the topic of Threat Intel to their executive management


Member section

Experience in the commercial or government space relevant to the SIG mission and at discretion of the chairs.

Mailing list

If you would like to keep up with the CTI SIG, we maintain low volume (once a month) mailing list where we publish updates about new Curriculum versions, work progress, etc.

SIG Membership

SIG Membership is open to FIRST members meeting particular requirements. In rare occasions we accept applications from non-FIRST affiliated individuals.

CTI SIG Membership Application