The below information provide non-inclusive overviews of Treadstone 71 Courses.  The courses are listed in order of suggested training. Courses may be taking separately or as a package. Course requests and modifications acceptable. These are high-level outlines. The courses teach intelligence tradecraft with a focus upon intelligence analysis, methods, tactics, techniques, procedures, and operational security (OPSEC).

Upcoming Classes

For more information: osint@treadstone71.com or 888.714.0071

Cyber Intelligence Tradecraft Certification

This course is highly specialized following intelligence community tradecraft. If you want purely technical, then this is not the course for you. If you want tradecraft that lays the foundation for a solid program, education that creates a lasting impact, then this is the course for you.

Your enemies scour blogs, forums, chat rooms and personal websites to piece together information that used to harm the government and commercial organizations. Learning about cyber intelligence, OSINT, and Cyber-OPSEC effectively equips students with the tools to gather data points, transform these data points into actionable intelligence that prevents target attacks.

The course includes:

CYBINT1 – Collection Methods and Techniques, Collection Planning, PIRs, Collection Process Flow, Collection Tools and Targeting, Alignment with Hunt and Detect Needs, Ties to CSIRT, TTPs, IoCs, Threat Intelligence, Open Source Intelligence, All-Source Intelligence, Standard Glossary and Taxonomy – (Case Study 1)

CYBINT2 – Organization, Production, and Structured Analytic Techniques, Use of Techniques, Production Management, Critical Thinking, Process Flow, Metrics, Intake forms, and templates – (Case Study 2)

CYBINT3 – Types and Methods of Analysis, Decomposition, Recomposition, Methods for Fusion, Case Studies in Analysis, Cognitive Bias, Credibility and Reliability of Sources, Confidence Levels, Analysis of Competing Hypothesis, Flow into Hunt, Detect, CSIRT, TTPs, IoCs, Inductive/Abductive/Deductive Reasoning, Historic trending and campaign analysis, Intelligence for organizational resilience.

CYBINT4 – Table Top Exercises (TTXs), Identifying Your Consumers, Stakeholder Identification, and Analysis, Standing Orders from Leadership, Analytic Writing, BLUF, AIMS, Types of Reports, Product Line Mapping / Report Serialization, and Dissemination, Cyber and Threat Intelligence Program Strategic Plan, Goals, Objectives. Case Study Presentations

Lecture, Hands-on, Apprenticeship, in class exercises (3 Live Case Studies), student presentations, analytic products, templates, course material—40 CPEs (5-days – 40 hours)

All Case Studies use all methods, techniques, and tools referenced in the course material. The Case Studies used are straight from the headlines giving students real world experience during the class.

Cyber Counterintelligence http://www.planetreg.com/CounterIntel

This course presents the student with foundational concepts and processes in the discipline of cyber counterintelligence with a focus on cyber counterintelligence missions, defensive counterintelligence, offensive counterintelligence, and counterespionage as these realms apply to traditional tradecraft, and how they are or will evolve into the cyber domain. By starting with traditional counterintelligence and progressing to cyber counterintelligence, the student will develop an appreciation for collection efforts, exploitation of potential threats, insider concerns, and the risks and benefits of counterintelligence.

With the expanding importance on the comprehensive and timely need for intelligence for nations as well as businesses, the student will explore the essential elements that make up the intelligence cycle with a focus on how these pivotal points are exploited. As part of this class, the exploration of the continued importance of critical thinking as well as out-of¬the-box analysis will be heavily leveraged to improve the critical-thinking skills of the students.  As cyber topics continue to evolve, the increased importance of cyber intelligence is growing and as such the protection of our intelligence cycles will expand as well; emphasizing the growing need to ensure our processes are not compromised in a cyber-dominated landscape.  Cyber counterintelligence is one aspect and possibly one of the most crucial topics at the core of protecting our collection efforts. The potential for active defense or offensive cyber counterintelligence operations will be covered. The course will rely heavily on individual research and group discussion to explore the world of cyber counterintelligence, and where applicable, make use of the student’s ability to do independent thinking and analysis of in-class problems assigned through weekly discussion threads.

Cyber CI Team Presentations: Cyber Infiltration, Information Operations, Information Support Operations

  • National Counterintelligence Strategy
  • Standard Glossary and Taxonomy
  • Mission Based Counterintelligence
  • Counter Collection and Anticipation
  • Denial and Deception
  • Counter-Denial and Deception
  • Cyberspace
  • The Cyber Persona Layer
  • Perception as Deception
  • Social Psychology
  • Differences in Culture
  • Hofstede Dimensions
  • Includes open source tool usage
  • Persona creation, establishment, maintenance, expansion (depending upon taking Cyber Intelligence Course)
  • Data collection – recycle for Cyber CI updates/improvements
  • Authoring of blogs and articles for influencing
  • Placement of specific concepts and phrases
  • Target profiles – dossiers
  • Target gap analysis
  • Clearly define the mission so that it aligns with organizational objectives
  • Clandestine Collection
    • Operation
    • Surveillance
    • Counter Surveillance
    • CI Activities
    • CI Analysis and Production
    • CI Analysis Reporting
      • Support Brief
      • Source Evaluation
      • Operational analysis report
      • Asset Evaluation
      • Support Package
      • CI Assessment
      • CI Campaign
        • Mission
        • Mission Management
        • Operations
      • Effects-Based Operations
      • Functions and Services
    • CI Insider Threat
      • Investigations
    • Prepare an estimate of the situation
      • Prepare the plan
        • Support Plan
      • Cyber Media selection
      • Snuggling
      • Internet OPSEC
      • Product development
      • Pretesting – determines the probable impact on the target audience
      • Production and dissemination of material
      • Implementation
      • Post-testing evaluation of audience responses
      • Feedback
    • Ten Commandments of Cyber Counterintelligence
      • Be offensive
      • Honor your profession
      • Own the street
      • Know your history
      • Do not ignore analysis
      • Do not be parochial
      • Train your people
      • Do not be shoved aside
      • Do not stay too long
      • Never give up
    • Research and analyze methods of influencing adversaries from a variety of information sources
    • Team/Individual Presentations

Lecture, Hands-on, Apprenticeship, in class exercises (Live Case Studies), student presentations, templates, course material—30 CPEs 4-days

All Case Studies use all methods, techniques, and tools referenced in the course material. The Case Studies used are straight from the headlines giving students real world experience during the class.

Target-Centric Open Source Intelligence

This course focuses on open source intelligence and adversaries while creating online personas to assist in data collection and information extraction. This introductory course examines open source intelligence collection as well as the availability and use of OSINT tools. Students will be able to understand the use methods of only anonymity, the fundamentals behind cyber persona development, enrollment in various social media sites and applications, and how these current methods can be employed in their organizations to assist in cyber operational security, their defense against adversaries, and passive data collection.  The establishment of cyber personas takes patience and time in order to create a credible resource. Parallel activities occur through the outline above. Treadstone 71 maintains separation from the client as required maintaining confidentiality of methods and processes. Sitreps and current intelligence may redirect activities. The intent is to establish a program of cyber and open source intelligence that creates data streams for analysis. Data streams take time to develop in order to establish links, trends, tendencies and eventually, anticipatory and predictive analysis. The desire is to move from a detective approach to one that is preventive while moving too predictive.

Adversaries scour blogs, forums, chat rooms and personal websites to piece together information that used to harm the government and commercial organizations. Learning about cyber intelligence, OSINT, and Cyber-OPSEC effectively equips students with the tools to gather data points, transform these data points into actionable intelligence that prevents target attacks. Students will learn methods to create and manage personas while passively gathering information leading to cyber street credentials.

The course covers (non-inclusively):

  • Open Source Intelligence
    • Methods of collection
    • Specific tools
    • Social media sites and enrollment
  • Methods of Social Media Research
    • Tools and techniques
    • Social media demographics
    • Cyber Criminals
  • Social Psychology
    • Reciprocity
    • Consistency
    • Social validation
    • Liking
    • Authority
    • Scarcity
  • Differences in Culture
    • Diversity
    • What is …
  • Hofstede Dimensions
  • Big 5 Theory of Personality
  • Information Warfare and Cyber Psychological Operations
    • Target analysis and message manipulation where applicable
  • Establish Priority Intelligence Requirements
    • Establish Information Requirements
  • Persona creation and implementation
    • Cyber Persona Development and Maintenance
      • Leverage existing
      • Create new
      • Establish the storyline
      • Establish the plot synopsis
      • Storyline and plot synopsis
    • Story weaving and management
    • Snuggling
    • Collection
      • Linkages, trends, tendencies
    • Cyber Target Acquisition and Exploitation
      • Validation of target
      • Identify active adversary campaigns
      • Intent, Motivation, Goals, & Requirements.
    • Passive data collection
      • Campaign development
      • Target sites
        • Enrollment
      • Tactics, techniques, and procedures
      • Intent, motivation, goals, and requirements
      • Vectors of approach – Courses of action
      • Elicitation and exfiltration

Lecture, Hands-on, Apprenticeship, in class exercises (Live Case Studies), student presentations, templates, course material—30 CPEs 4-days

All Case Studies use all methods, techniques, and tools referenced in the course material. The Case Studies used are straight from the headlines giving students real world experience during the class.

osint@treadstone71.com 888.714.0071 http://www.planetreg.com/E76722275820