c-Watch Fall 2020: Cyber Threat Hunting and Analysis Training

A three-week intensive on cyber threat analysis and cyber threat intelligence formulation.  Students will gain foundational knowledge, tradecraft knowledge and hands-on experience with important leading edge tools for cyber threat hunting and analysis. The intensive is followed up with a one-week Capstone where students are given the opportunity to engage in a daily intelligence collection and analysis operation.  Students that meet the participation and engagement requirements are then given the opportunity to join the CrowdWatch, a cadre’ of trained cyber threat analysts performing contract services to ISACs, ISAOs, government agencies and private companies.

Course Information

Estimated Time: Three weeks, plus a one-week capstone.

Difficulty: Intermediate


Course Instructors

Jane Ginn Jane Ginn Faculty
Nick Sturgeon Nick Sturgeon Faculty
Stephen Campbell Stephen Campbell Faculty
Doug DePeppe Doug DePeppe Faculty
Kyle Kweder Kyle Kweder Faculty
Christopher Robinson Christopher Robinson Faculty
Brad Rhodes Brad Rhodes Faculty

c-Watch Elections2020

4 months of access

An increasingly important dimension of modern conflict is information warfare. America’s enemies are aware that they cannot compete with us militarily. However, they know they can hurt us by denying, stealing, or manipulating the digital information that constitutes the lifeblood of our economy and way of life. In this new form of warfare our enemies are going after both private and public information, engaging in denial of service attacks, cyber espionage, and disinformation campaigns in order to inflict financial, economic and social harms on our country.

It’s time to fight back. It’s time to harness the collective power of public-private partnerships to collect, analyze and act upon intelligence about those who are attacking us. At the Cyber Resilience Institute (CRI) our goal is to train the next generation of threat hunters in the methodologies, tools and partnerships needed to track down the bad guys, gain insights into their modus operandi and work with law enforcement to turn the tables and inflict pain back on our adversaries.

We offer a one-month interdisciplinary intensive training course here on the Flywheel platform. Students learn to conduct political, social, legal and technical analysis of real threat actors targeting a specific event or a group of victims. Whereas traditional cybersecurity training is asset-centric, revolving around the protection of the confidentiality, integrity and availability of information assets, CRI’s training is threat-centric, revolving around the analysis and sharing of threat intelligence. We profile our adversaries, their motivations, their attack infrastructure, their capabilities, their attack histories, and hunt for observables in cyber space and social media that correlate with these profiles.

Basics of Intelligence-Led Defense

Fundamentals of Cyber Threat Hunting

Forming Cyber Threat Intelligence