A three-week intensive on cyber threat analysis and cyber threat intelligence formulation. Students will gain foundational knowledge, tradecraft knowledge and hands-on experience with important leading edge tools for cyber threat hunting and analysis. The intensive is followed up with a one-week Capstone where students are given the opportunity to engage in a daily intelligence collection and analysis operation. Students that meet the participation and engagement requirements are then given the opportunity to join the CrowdWatch, a cadre’ of trained cyber threat analysts performing contract services to ISACs, ISAOs, government agencies and private companies.
An increasingly important dimension of modern conflict is information warfare. America’s enemies are aware that they cannot compete with us militarily. However, they know they can hurt us by denying, stealing, or manipulating the digital information that constitutes the lifeblood of our economy and way of life. In this new form of warfare our enemies are going after both private and public information, engaging in denial of service attacks, cyber espionage, and disinformation campaigns in order to inflict financial, economic and social harms on our country.
It’s time to fight back. It’s time to harness the collective power of public-private partnerships to collect, analyze and act upon intelligence about those who are attacking us. At the Cyber Resilience Institute (CRI) our goal is to train the next generation of threat hunters in the methodologies, tools and partnerships needed to track down the bad guys, gain insights into their modus operandi and work with law enforcement to turn the tables and inflict pain back on our adversaries.
We offer a one-month interdisciplinary intensive training course here on the Flywheel platform. Students learn to conduct political, social, legal and technical analysis of real threat actors targeting a specific event or a group of victims. Whereas traditional cybersecurity training is asset-centric, revolving around the protection of the confidentiality, integrity and availability of information assets, CRI’s training is threat-centric, revolving around the analysis and sharing of threat intelligence. We profile our adversaries, their motivations, their attack infrastructure, their capabilities, their attack histories, and hunt for observables in cyber space and social media that correlate with these profiles.
Basics of Intelligence-Led Defense
Fundamentals of Cyber Threat Hunting
Protected: W2-D2: Intelligence Analysis Frameworks
Today’s lesson is aimed at introducing the student to several concepts that have evolved to tell the story of how to hunt, what to look for, how to classify your findings, and finally how to communicate these findings to your stakeholders.