Cyber Threat Intelligence training for people who need to deliver under scrutiny.
CTI-CRAFT is an advanced practitioner-led programme for analysts, consultants and security teams who need to produce defensible intelligence assessments, threat scenarios and regulatory-grade outputs — not just memorise CTI theory.
Most CTI training teaches the lifecycle. That is not enough.
Regulated intelligence engagements require judgement, structure, defensible reasoning and the ability to support operational testing. CTI-CRAFT is built around that reality.
Theory does not survive scrutiny
Knowing the intelligence cycle is useful. Producing a threat assessment that survives client, regulator and red team challenge is a different skill entirely.
IOC handling is not strategic intelligence
Threat feeds and indicators are only one layer. The real value comes from requirements, analysis, scenario design, judgement and decision-ready reporting.
Regulated testing has raised the bar
DORA, CBEST and TIBER-EU demand intelligence professionals who understand business services, threat-led testing, mature reporting and operational handover.
Position yourself above generic CTI.
This programme is for professionals who want to move from generic cyber threat reporting into intelligence-led security testing, regulated engagement support and senior analytical delivery.
Join the Interest ListWhat CTI-CRAFT teaches you to do
The outcome is not more knowledge. The outcome is capability: the ability to plan, analyse, produce and defend intelligence work in high-stakes environments.
Lead intelligence engagements
From scoping and requirements through to collection planning, analysis, reporting and stakeholder review.
Produce regulatory-grade threat scenarios
Develop plausible, evidence-backed CBEST and TIBER-style scenarios with actor selection, attack paths and ATT&CK mapping.
Conduct TI maturity assessments
Assess governance, programme planning, operations and functional management using structured evidence and scoring.
Use structured analytic techniques
Apply ACH, KAC, premortems, indicators and warnings, alternative futures and estimative language with confidence ratings.
Support red teams and purple teams
Brief red teams, provide adversary context, support technique replay and help convert intelligence into detection improvement.
Curriculum built around real intelligence work
The programme combines core intelligence foundations with advanced modules focused on CBEST, TIBER-EU, DORA TLPT and financial-sector threat intelligence.
Core Tradecraft
Intelligence principles, lifecycle management, collection, requirements, legal and ethical boundaries, reporting and technical foundations.
Financial Sector Intelligence
Important Business Services, Critical Important Functions, payment systems, systemic risk, SWIFT, open banking and financial sector threat actors.
Scenario Development
Actor profiling, procedure-level ATT&CK mapping, attack path design, plausibility statements and red team handover.
TIMA & Programme Maturity
Governance, programme planning, operations, functional management, evidence-based scoring and improvement roadmaps.
Structured Analytics
Bias control, probability language, confidence ratings, assumptions testing, alternative futures and intelligence failure analysis.
Advanced Threat Domains
Geopolitical analysis, OT/ICS threats, insider threat, purple teaming, AI-enabled intelligence and AI-specific attack vectors.
Learn how intelligence fails — before it fails in front of a client.
Senior analysts are not separated by how many frameworks they know. They are separated by how well they handle ambiguity, weak evidence, uncertainty, challenge and pressure.
Includes practical outputs you can actually use.
CTI-CRAFT is designed around demonstrated work products, templates, live walkthroughs and practical exercises. Students learn how to produce the kind of artefacts expected in real intelligence-led engagements.
- Threat Intelligence Assessment templates
- PIR and collection planning frameworks
- TIMA scoring and evidence worksheets
- Scenario development packs
- ATT&CK mapping structures
- Board, regulator and red team briefing formats
Training backed by operational workflows
Live demonstrations use the ThreatInsights platform to show how intelligence requirements, collection, analysis, fusion, scenario development and reporting can be managed in practice.
Requirements to Reporting
See how PIRs, sources, evidence, analysis and outputs connect into a coherent intelligence workflow.
Analysis to Scenario
Watch threat actor profiles, attack paths and ATT&CK mapping become defensible CBEST/TIBER-style scenarios.
Evidence to Judgement
Learn how to turn incomplete, conflicting evidence into clear judgements with probability, confidence and caveats.
Start with the free Cyber Threat Intelligence foundation course.
Before joining CTI-CRAFT, you can access the free Cyber Threat Intelligence course at cyberthreatintelligence.info. It teaches the intelligence foundations needed before moving into advanced CBEST, TIBER-EU and DORA TLPT tradecraft.
- Understand core intelligence concepts
- Learn the intelligence lifecycle
- Build analytical foundations
- Prepare for advanced CTI-CRAFT modules
- Progress from foundation knowledge to regulated engagement capability
Register interest in CTI-CRAFT
Join the interest list for launch updates, early access, sample modules, access to the free CTI foundation course and beta pricing.