Mastering Cyber Threat Intelligence

22 – 26 June 2026 • Mombasa, Kenya • USD 1,500 per trainee

This 5-day intensive workshop provides a complete, hands-on introduction to Cyber Threat Intelligence (CTI). You will learn the end-to-end process of building actionable intelligence—from collecting data and profiling threat actors to writing reports and integrating findings into security operations. Designed for practitioners, this workshop focuses on real-world skills using open-source tools and industry-standard frameworks like MITRE ATT&CK.

 

The workshop starts with the foundations of CTI and its role in modern cybersecurity. From there, we cover adversary analysis, data processing, analytical techniques, and operational integration. Each day blends theory with practical exercises, ensuring you leave with the confidence to apply CTI techniques immediately in your organization.

Introduction

This workshop will cover the key components of a threat intelligence program, including strategic, operational, tactical, and technical intelligence. You will learn how to track threat actors, map their behaviors to attack frameworks, process indicators of compromise (IOCs), and create intelligence products for different stakeholders.

 Throughout the workshop, you will work with real-world data, participate in scenario-based labs, and review sample intelligence reports. You will have access to a range of open-source tools and platforms commonly used in CTI work, along with resources for continued learning after the workshop.

 These hands-on sessions are designed to build your analytical judgment, sharpen your reporting skills, and prepare you to support threat hunting, incident response, and defensive planning. The workshop is interactive and encourages discussion, allowing you to learn from both the instructor and peers with diverse security backgrounds.

 By the end of this workshop, you will understand how to perform essential CTI tasks and contribute to a threat-informed defense strategy. This workshop is ideal for security analysts, SOC personnel, incident responders, and anyone looking to start or advance a career in cyber threat intelligence.

Pre-requisites

A basic understanding of cybersecurity concepts—such as malware, network protocols, and common attack vectors—is recommended. No prior experience in threat intelligence is required.

Who Is This Workshop For?

This workshop is designed for security professionals who want to develop or enhance their threat intelligence capabilities. It is particularly useful for:

  • Security Operations Center (SOC) analysts and engineers
  • Incident responders and forensic investigators
  • Threat hunters and vulnerability management specialists
  • IT and security managers overseeing threat intelligence functions
  • Aspiring threat intelligence analysts
What Will You Learn?

By completing this workshop, you will gain a practical understanding of the threat intelligence lifecycle and how to apply it in your organization.

 You will learn:

  • The purpose, value, and types of cyber threat intelligence
  • How to use the intelligence lifecycle and key CTI frameworks
  • Techniques for profiling threat actors and mapping TTPs to MITRE ATT&CK
  • Methods for collecting, processing, and scoring indicators of compromise
  • How to write and present intelligence reports for technical and executive audiences
  • Strategies for integrating CTI into SOC workflows, incident response, and proactive hunting
Business/Organization Benefits
  • Move from reactive security to intelligence-driven defense
  • Improve threat detection and accelerate incident response with contextualized intelligence
  • Enable data-driven decisions for security investments and risk management
  • Establish a foundation for a mature, repeatable CTI program
Requirements

Basic knowledge of computers and networking is required. For the best learning experience, participants are encouraged to use their own laptop to perform hands-on labs. Individuals without suitable hardware can follow along using the instructor’s live demonstration environment.

Recommended laptop specifications
  • OS: Windows 10/11, Kali Linux, or Ubuntu
  • Processor: Minimum 4-core CPU (Intel i5 / AMD Ryzen 5 or equivalent)
  • RAM: 16 GB minimum (32 GB recommended for virtual machine labs)
  • Storage: At least 100 GB free disk space
  • Administrative rights to install software and configure system settings
  • Virtualization software (VirtualBox or VMware Workstation Player) installed

Workshop Itinerary

DAY 1

Foundations of Cyber Threat Intelligence

We begin by defining threat intelligence and its role in cybersecurity. You’ll learn the intelligence lifecycle, explore different types of intelligence, and review common frameworks and maturity models.

  • Welcome and workshop overview
  • What is CTI? Definitions, purpose, and business value
  • Types of threat intelligence: Strategic, Operational, Tactical, Technical
  • The intelligence lifecycle: Direction, Collection, Processing, Analysis, Dissemination, Feedback
  • CTI frameworks and standards: MITRE ATT&CK, STIX/TAXII, Diamond Model
  • Hands-on: Setting up a basic CTI analysis environment

DAY 2

Threat Actor and Adversary Analysis

Day two focuses on understanding the adversary. You’ll learn how to research threat actors, analyze campaigns, and map malicious behavior to structured frameworks.

  • Introduction to adversary analysis and attribution
  • Threat actor motivations, capabilities, and TTPs
  • Campaign analysis and tracking actor activity
  • Mapping adversary behavior to MITRE ATT&CK
  • Hands-on: Creating a threat actor profile and TTP mapping from a case study

DAY 3

Data Collection, Processing, and Intelligence Production

This day covers the core of intelligence work: turning raw data into actionable intelligence. We explore data sources, enrichment techniques, and indicator management.

  • CTI data sources: OSINT, commercial feeds, internal telemetry, and community sharing
  • Planning and managing collection
  • Processing and enriching data: Normalization, correlation, and context
  • Indicator scoring and lifecycle management
  • Hands-on: Processing a data feed and enriching IOCs

DAY 4

CTI Analysis Techniques and Reporting

Here we focus on the analyst’s craft—turning information into insight. You’ll learn structured techniques to reduce bias, build intelligence narratives, and communicate findings effectively.

  • Analytical methodologies for CTI
  • Structured Analytic Techniques (SATs) and avoiding cognitive bias
  • Developing clear and compelling intelligence narratives
  • Reporting for different audiences: Executive briefings, tactical alerts, and technical reports
  • Hands-on: Analyzing a dataset and producing two distinct report types

DAY 5

Applying CTI to Security Operations

The final day is about making intelligence operational. We cover integrating CTI into security teams, driving proactive activities, and measuring the success of your intelligence program.

  • Operationalizing intelligence across security functions
  • Integrating CTI into SOC, incident response, and threat hunting
  • Using CTI for proactive defense and vulnerability management
  • CTI program governance, metrics, and continuous improvement
  • Capstone exercise: Full-cycle intelligence scenario from tip-off to briefing
  • Workshop wrap-up, Q&A, and resource sharing
Workshop Trainer Image Placeholder

Daniel Maluki

Managing Director

ENOVISE RWANDA

DATES22 – 26 June 2026

VENUEPrideInn Paradise Beach Resort & Spa MombasaKENYA

WORKSHOP COSTUSD 1,500PER TRAINEE

Register for Workshop