Existing Training/Certifications

Organization Title Syllabus Notes
SANS FOR578 - Cyber Threat Intelligence This has been running in a couple of different forms over the last two years. Current version of the course is centred around SANS Digital Forensics and Incident Response training. Robert M Lee from Dragos is the current maintainer. The course content has been reviewed at the SANS DFIR CTI Summit (next one in Jan)
CREST CREST Certified Threat Intelligence Manager (CCTIM) Although CREST are not a training provider themselves, they do partner with others who provide training. They provide an official qualification for CCTIM designed to accredit managers and directors who participate in threat intelligence used in the UK threat led penetration testing standards (CBEST and STAR). The corresponding European program (TIBER-NL and TIBER-EU has adopted a non-certified approach, however holders of these qualifications may provide supporting evidence to financial institutions considering the test.
CREST CREST Registered Threat Intelligence Analyst This CREST qualification was created to support threat intelligence analysts who support work on the UK CBEST and STAR adversary emulation for security testing work. This is a requirement for those tests.
EC Council Certified Threat Intelligence Analyst This paid for course appears to cover a comprehensive sylabus that includes threat modelling and risk analysis techniques. If anyone knows about approximate costs it would be interesting to learn more.

Online courses


See the resources section for a list of books (here: Books).