Cyber Threat Intelligence training for people who need to deliver under scrutiny.
CTI-CRAFT is an advanced practitioner-led CTI training programme for analysts, consultants and security teams who need to produce defensible intelligence assessments, threat scenarios and regulatory-grade outputs — not just memorise cyber threat intelligence theory.
Most CTI training teaches the lifecycle. That is not enough.
Regulated intelligence engagements require judgement, structure, defensible reasoning and the ability to support operational testing. CTI-CRAFT is built around that reality.
Theory does not survive scrutiny
Knowing the intelligence cycle is useful. Producing a threat assessment that survives client, regulator and red team challenge is a different skill entirely.
IOC handling is not strategic intelligence
Threat feeds and indicators are only one layer. The real value comes from requirements, analysis, scenario design, judgement and decision-ready reporting.
Regulated testing has raised the bar
DORA, CBEST and TIBER-EU demand intelligence professionals who understand business services, threat-led testing, mature reporting and operational handover.
Position yourself above generic CTI.
This programme is for professionals who want to move from generic cyber threat reporting into intelligence-led security testing, regulated engagement support and senior analytical delivery.
Join the Interest ListWhat this cyber threat intelligence training teaches you to do
The outcome is not more knowledge. The outcome is capability: the ability to plan, analyse, produce and defend intelligence work in high-stakes environments.
Lead intelligence engagements
From scoping and requirements through to collection planning, analysis, reporting and stakeholder review.
Produce regulatory-grade threat scenarios
Develop plausible, evidence-backed CBEST and TIBER-style scenarios with actor selection, attack paths and ATT&CK mapping.
Conduct TI maturity assessments
Assess governance, programme planning, operations and functional management using structured evidence and scoring.
Use structured analytic techniques
Apply ACH, KAC, premortems, indicators and warnings, alternative futures and estimative language with confidence ratings.
Support red teams and purple teams
Brief red teams, provide adversary context, support technique replay and help convert intelligence into detection improvement.
CTI training curriculum built around real intelligence work
The programme combines core intelligence foundations with advanced modules focused on CBEST, TIBER-EU, DORA TLPT and financial-sector threat intelligence.
Core Tradecraft
Intelligence principles, lifecycle management, collection, requirements, legal and ethical boundaries, reporting and technical foundations.
Financial Sector Intelligence
Important Business Services, Critical Important Functions, payment systems, systemic risk, SWIFT, open banking and financial sector threat actors.
Scenario Development
Actor profiling, procedure-level ATT&CK mapping, attack path design, plausibility statements and red team handover.
TIMA & Programme Maturity
Governance, programme planning, operations, functional management, evidence-based scoring and improvement roadmaps.
Structured Analytics
Bias control, probability language, confidence ratings, assumptions testing, alternative futures and intelligence failure analysis.
Advanced Threat Domains
Geopolitical analysis, OT/ICS threats, insider threat, purple teaming, AI-enabled intelligence and AI-specific attack vectors.
Learn how intelligence fails — before it fails in front of a client.
Senior analysts are not separated by how many frameworks they know. They are separated by how well they handle ambiguity, weak evidence, uncertainty, challenge and pressure.
Includes practical outputs you can actually use.
CTI-CRAFT is designed around demonstrated work products, templates, live walkthroughs and practical exercises. Students learn how to produce the kind of artefacts expected in real intelligence-led engagements.
- Threat Intelligence Assessment templates
- PIR and collection planning frameworks
- TIMA scoring and evidence worksheets
- Scenario development packs
- ATT&CK mapping structures
- Board, regulator and red team briefing formats
Training backed by operational workflows
Live demonstrations use the ThreatInsights platform to show how intelligence requirements, collection, analysis, fusion, scenario development and reporting can be managed in practice.
Requirements to Reporting
See how PIRs, sources, evidence, analysis and outputs connect into a coherent intelligence workflow.
Analysis to Scenario
Watch threat actor profiles, attack paths and ATT&CK mapping become defensible CBEST/TIBER-style scenarios.
Evidence to Judgement
Learn how to turn incomplete, conflicting evidence into clear judgements with probability, confidence and caveats.
Start with the free Cyber Threat Intelligence foundation course.
Before joining CTI-CRAFT, you can access the free Cyber Threat Intelligence course at cyberthreatintelligence.info. It teaches the intelligence foundations needed before moving into advanced CBEST, TIBER-EU and DORA TLPT tradecraft.
- Understand core intelligence concepts
- Learn the intelligence lifecycle
- Build analytical foundations
- Prepare for advanced CTI-CRAFT modules
- Progress from foundation knowledge to regulated engagement capability
Developed by a practising TIBER-EU intelligence lead
CTI-CRAFT is not assembled from slides. It is built from live regulated intelligence engagements, active TIBER-EU and CBEST delivery, financial sector advisory, and 20+ years of operational security experience spanning law enforcement intelligence and advanced adversary simulation.
Active TIBER-EU practitioner
Currently delivering Targeted Threat Intelligence phases for Tier 1 financial institutions under TIBER-EU and DORA TLPT requirements — not past experience, live engagement work.
CREST accredited & certified
CREST Pathway+ accredited, OSCP and OSAI certified, with hands-on experience spanning threat intelligence, offensive security, penetration testing and regulated financial sector advisory.
Law enforcement intelligence background
Tradecraft grounded in structured intelligence production, source handling and 3x5x2/NATO grading — applied directly to cyber threat intelligence delivery and analytical methodology.
Frequently asked questions about CTI-CRAFT
Common questions about the cyber threat intelligence training programme.
Who is this CTI training programme designed for?
CTI-CRAFT is for security analysts, intelligence consultants, red team leads and financial sector security professionals who need to produce and defend regulatory-grade intelligence outputs for CBEST, TIBER-EU and DORA TLPT engagements. If you already understand the CTI lifecycle and need to operate at a higher level, this programme is built for you.
How does CTI-CRAFT differ from other CTI courses and certifications?
Most cyber threat intelligence training courses teach framework knowledge and lifecycle theory. CTI-CRAFT is built around what happens when your intelligence work is challenged — by a client, a regulator or a red team. The focus is defensible analytical tradecraft, operational delivery under scrutiny, and the specific intelligence artefacts required for regulated threat-led testing. Not credential accumulation.
Is CTI-CRAFT aligned to CBEST, TIBER-EU and DORA TLPT?
Yes. The curriculum is built specifically around the intelligence requirements for regulated threat-led penetration testing programmes. This includes Targeted Threat Intelligence (TTI) production, CBEST and TIBER-style scenario development, Threat Intelligence Maturity Assessment (TIMA), and regulatory-grade reporting — the actual deliverables expected in live intelligence engagements.
Do I need prior CTI experience to join this training?
CTI-CRAFT is an advanced cyber threat intelligence training programme. Candidates without a foundation in intelligence concepts are recommended to complete the free Cyber Threat Intelligence course at cyberthreatintelligence.info before progressing to CTI-CRAFT modules.
What practical outputs does the CTI training produce?
Students produce real work products used in live engagements: Threat Intelligence Assessment templates, PIR and collection planning frameworks, TIMA scoring worksheets, scenario development packs, ATT&CK mapping structures, and board, regulator and red team briefing formats. The focus is on demonstrated capability, not theoretical knowledge.
When does CTI-CRAFT launch?
CTI-CRAFT is currently in development. Register your interest below to receive launch updates, early access pricing, sample training modules and access to the free CTI foundation course at cyberthreatintelligence.info.
Register interest in CTI-CRAFT cyber threat intelligence training
Join the interest list for launch updates, early access, sample modules, access to the free CTI foundation course and beta pricing.