Applied Threat Analysis
Units: 6
The role of Cyber Threat Analysts is to aggregate and fuse disparate data sources to provide actionable information to decision makers in industry as well as both the federal and civilian government. More and more these sectors are relying on analysts who have a deep understanding of the ecosystem and the risks contained therein to better understand the cyber threats that they are facing. This course seeks to provide a richer context and a basis for understanding the evolving nature of cyber threats. This class will discuss the relationship between vulnerabilities, exploits, and malware. In addition this class will also explore the value of host based or network indicators and other indicators of compromise. Finally we will discuss the continuum of threat actors and why sometimes the greatest threat is from within.
Understanding Cyber Threat Ecosystem:
Data Aggregation and Fusion:
Threat Intelligence Analysis:
Vulnerabilities, Exploits, and Malware:
Indicators of Compromise (IoCs):
Threat Actor Profiling:
Risk Assessment and Mitigation:
Incident Response:
Policy and Compliance:
Communication and Reporting:
Ethical and Legal Considerations:
Hands-On Experience:
These learning objectives should help students acquire the necessary knowledge and skills to become proficient Cyber Threat Analysts and contribute effectively to decision-making in both industry and government contexts.
Basic Cybersecurity Knowledge: Participants should have a fundamental understanding of cybersecurity concepts, including terminology, principles, and common threats. They should be familiar with concepts like malware, hacking, and cybersecurity best practices.
Networking Fundamentals: An understanding of basic networking concepts, protocols, and technologies is essential. This knowledge provides the foundation for understanding network-based threats and indicators of compromise.
Operating System Knowledge: Proficiency in common operating systems (e.g., Windows, Linux, macOS) is important. Participants should be able to navigate and configure these systems.
Information Security Fundamentals: Familiarity with concepts such as encryption, authentication, access control, and security policies is beneficial.
Programming and Scripting Skills: Basic programming and scripting skills (e.g., Python) are useful for automating tasks and analyzing data. Many cyber threat analysis tasks involve working with data, so scripting abilities can be valuable.
Risk Management and Compliance: A foundational understanding of risk management principles and compliance requirements can be beneficial for grasping the importance of risk assessment and mitigation in cybersecurity.
Security Tools and Technologies: Familiarity with common security tools and technologies used in threat analysis, such as intrusion detection systems (IDS), intrusion prevention systems (IPS), antivirus software, and firewalls, is helpful.
Critical Thinking and Problem-Solving: Cyber threat analysis often involves complex problem-solving. Participants should have strong critical thinking skills and the ability to analyze situations, make informed decisions, and adapt to evolving threats.
Ethical and Legal Awareness: Awareness of ethical considerations and legal implications in the cybersecurity field is important. Participants should understand the legal and ethical responsibilities associated with handling cybersecurity incidents and data.
Communication Skills: Effective communication skills, both written and verbal, are crucial. Participants should be able to convey technical information to non-technical stakeholders and produce clear and actionable reports.