Cybersecurity Threat Intelligence

Threat Intelligence Fundamentals

Build the core skills to collect, analyse, and operationalise cyber threat intelligence with confidence.

Log In to Enroll About this course Get unlimited access
Threat Intelligence Fundamentals logo
Quick Course Facts
18
Self-paced, Online, Lessons
18
Videos and/or Narrated Presentations
6.2
Approximate Hours of Course Media
About the Threat Intelligence Fundamentals Course

Threat Intelligence Fundamentals is a practical Cybersecurity course for learners who want to understand how threat intelligence is collected, analysed, communicated, and applied. You will build the core skills to collect, analyse, and operationalise cyber threat intelligence with confidence, helping security teams make clearer decisions and respond more effectively to real-world threats.

Build Practical Cybersecurity Threat Intelligence Skills

  • Learn the intelligence cycle and how it supports stronger Cybersecurity decision-making.
  • Understand indicators, TTPs, threat actors, campaigns, confidence levels, and analytical judgement.
  • Use frameworks such as MITRE ATT&CK and the Cyber Kill Chain to structure threat analysis.
  • Turn intelligence into detection, hunting, incident response, vulnerability prioritisation, and executive briefings.

Threat Intelligence Fundamentals teaches the essential methods, vocabulary, and workflows used to produce actionable Cybersecurity intelligence.

This course begins with the foundations of threat intelligence, including what it is, why it matters, and how the intelligence cycle works in cyber security. You will explore strategic, operational, tactical, and technical intelligence, while developing a strong grasp of core terms such as indicators of compromise, TTPs, actors, campaigns, malware profiles, and risk.

You will then learn how to define intelligence requirements, assess collection sources, and evaluate reliability, bias, and confidence. The course covers responsible handling of indicators, structured analytic techniques, attribution challenges, uncertainty, and the judgement needed to produce credible intelligence assessments.

As the course progresses, you will apply threat intelligence to real Cybersecurity outcomes, including detection engineering, threat hunting, incident response, exposure prioritisation, and business communication. By the end of Threat Intelligence Fundamentals, you will be able to create clearer intelligence products, support operational teams, brief stakeholders with confidence, and contribute to a more mature threat intelligence programme.

Course Lessons

Full lesson breakdown

Lessons are organized by topic area and each includes descriptive copy for search visibility and student clarity.

Foundations

4 lessons

Lesson 1: What Threat Intelligence Is and Why It Matters

18 min Preview
This lesson defines cyber threat intelligence as evidence-based knowledge about adversaries, their motivations, capabilities, infrastructure, and likely actions. It distinguishes intelligence from raw…

Lesson 2: The Intelligence Cycle in Cyber Security

20 min
This lesson introduces the intelligence cycle as the operating model behind effective cyber threat intelligence. Learners will see how direction, collection, processing, analysis, dissemination, and f…

Lesson 3: Types of Threat Intelligence: Strategic to Technical

19 min
This lesson explains the main types of cyber threat intelligence and how they differ by audience, purpose, time horizon, and level of detail. You will learn how strategic, operational, tactical, and t…

Lesson 4: Core Vocabulary: Indicators, TTPs, Actors, Campaigns, and Risk

21 min
This lesson establishes the working vocabulary used throughout cyber threat intelligence. Learners will distinguish indicators from behaviours, actors from campaigns, and risk from general concern. By…

Planning and Collection

3 lessons

Lesson 5: Defining Intelligence Requirements

20 min
This lesson explains how threat intelligence teams turn broad security concerns into clear intelligence requirements that guide planning and collection. Learners will distinguish business questions fr…

Lesson 6: Collection Sources: Internal Telemetry, Open Sources, Vendors, and Communities

22 min
This lesson examines the main source categories used in cyber threat intelligence collection: internal telemetry, open sources, commercial vendors, and trusted communities. Learners will see how each …

Lesson 7: Source Reliability, Bias, and Confidence Levels

18 min
This lesson teaches a practical framework for judging the reliability of threat intelligence sources, recognizing bias, and expressing analytic confidence clearly. Learners will distinguish source rel…

Analysis Methods

4 lessons

Lesson 8: Handling Indicators of Compromise Responsibly

19 min
Indicators of compromise can help analysts move quickly, but they can also mislead teams when they are collected, shared, or acted on without context. This lesson explains how to handle IOCs responsib…

Lesson 9: Using Frameworks Such as MITRE ATT&CK and the Cyber Kill Chain

23 min
This lesson explains how analysts use structured frameworks to make threat intelligence clearer, more consistent, and more actionable. It focuses on two widely used models: MITRE ATT&CK , which descri…

Lesson 10: Structured Analytic Techniques for Threat Intelligence

22 min
This lesson introduces structured analytic techniques that help threat intelligence analysts move from raw evidence to defensible judgments. Learners will practice using methods that reduce bias, clar…

Lesson 11: Attribution, Uncertainty, and Analytical Judgement

21 min
This lesson teaches students how to make careful attribution assessments without overstating what the evidence can support. It explains why attribution is rarely a single technical conclusion, how ana…

Intelligence Products

2 lessons

Lesson 12: Building Actor, Malware, and Campaign Profiles

20 min
In this lesson, learners build practical profile formats for threat actors, malware families, and campaigns. The focus is on turning scattered reporting, telemetry, and incident observations into stru…

Lesson 13: Writing Clear Intelligence Assessments and Briefings

22 min
This lesson teaches how to turn threat intelligence analysis into clear written assessments and briefings that decision-makers can use. It focuses on structure, analytic language, confidence levels, e…

Operational Application

4 lessons

Lesson 14: Turning Intelligence into Detection and Hunting Use Cases

24 min
This lesson shows how to convert finished threat intelligence into practical detection and hunting use cases. Learners will move from intelligence findings, such as adversary behavior and observed inf…

Lesson 15: Supporting Incident Response with Threat Intelligence

21 min
This lesson explains how threat intelligence supports incident response before, during, and after an active security incident. It focuses on practical ways intelligence analysts can help responders sc…

Lesson 16: Using Intelligence for Vulnerability and Exposure Prioritisation

20 min
This lesson shows how threat intelligence turns vulnerability management from a generic severity queue into a risk-based prioritisation process. Learners will distinguish between vulnerability severit…

Lesson 17: Communicating Threat Intelligence to Executives and Business Teams

18 min
This lesson focuses on turning threat intelligence into clear, decision-ready communication for executives, risk owners, legal teams, finance, operations, and other business stakeholders. Learners wil…

Programme Development

1 lesson

Lesson 18: Building and Measuring a Threat Intelligence Programme

23 min
This lesson explains how to build a threat intelligence programme that produces useful, decision-ready intelligence rather than disconnected reports or indicator feeds. It focuses on defining purpose,…
About Your Instructor
Professor Christina Ross

Professor Christina Ross

Professor Christina Ross guides this AI-built Virversity course with a clear, practical teaching style.