The below information provide non-inclusive overviews of Treadstone 71 Courses.  The courses are listed in order of suggested training. Courses may be taken separately or as a package. Course requests and modifications acceptable. Courses are based upon intelligence and intelligence analysis tradecraft.

Upcoming Classes

SIGN UP – Next class November 29-December 2 in the DC METRO area for the Cyber CounterIntelligence Tradecraft Course –

For more information: or 888.714.0071

Cyber Intelligence Tradecraft Certification

This course is highly specialized following intelligence community tradecraft. If you want purely technical, then this is not the course for you. If you want tradecraft that lays the foundation for a solid program, education that creates a lasting impact, then this is the course for you.

Your enemies scour blogs, forums, chat rooms and personal websites to piece together information that used to harm the government and commercial organizations. Learning about cyber intelligence, OSINT and Cyber-OPSEC effectively equips students with the tools to gather data points, transform these data points into actionable intelligence that prevents target attacks.

The course includes:

CYBINT1 – Collection Methods and Techniques, Collection Planning, PIRs, Collection Process Flow, Collection Tools and Targeting, Alignment with Hunt and Detect Needs, Ties to CSIRT, TTPs, IoCs, Threat Intelligence, Open Source Intelligence, All-Source Intelligence, Standard Glossary and Taxonomy – (Case Study 1)

CYBINT2 – Organization, Production, and Structured Analytic Techniques, Use of Techniques, Production Management, Critical Thinking, Process Flow, Metrics, Intake forms, and templates – (Case Study 2)

CYBINT3 – Types and Methods of Analysis, Decomposition, Recomposition, Methods for Fusion, Case Studies in Analysis, Cognitive Bias, Credibility and Reliability of Sources, Confidence Levels, Analysis of Competing Hypothesis, Flow into Hunt, Detect, CSIRT, TTPs, IoCs, Inductive/Abductive/Deductive Reasoning, Historic trending and campaign analysis, Intelligence for organizational resilience.

CYBINT4 – Table Top Exercises (TTXs), Identifying Your Consumers, Stakeholder Identification, and Analysis, Standing Orders from Leadership, Analytic Writing, BLUF, AIMS, Types of Reports, Product Line Mapping / Report Serialization, and Dissemination, Cyber and Threat Intelligence Program Strategic Plan, Goals, Objectives. Case Study Presentations

Lecture, Hands-on, Apprenticeship, in class exercises, student presentations, analytic products, templates, course material—40 CPEs (5-days – 40 hours)

All Case Studies use all methods, techniques, and tools referenced in the course material. The Case Studies used are straight from the headlines giving students real world experience during the class.

Cyber Counterintelligence

This course presents the student with foundational concepts and processes in the discipline of cyber counterintelligence with a focus on cyber counterintelligence missions, defensive counterintelligence, offensive counterintelligence, and counterespionage as these realms apply to traditional tradecraft, and how they are or will evolve into the cyber domain. By starting with traditional counterintelligence and progressing to cyber counterintelligence, the student will develop an appreciation for collection efforts, exploitation of potential threats, insider concerns, and the risks and benefits of counterintelligence.

With the expanding importance of the comprehensive and timely need for intelligence for nations as well as businesses, the student will explore the essential elements that make up the intelligence cycle with a focus on how these pivotal points are exploited. As part of this class, the exploration of the continued importance of critical thinking as well as out-of¬the-box analysis will be heavily leveraged to improve the critical-thinking skills of the students.  As cyber topics continue to evolve, the increased importance of cyber intelligence is growing and as such the protection of our intelligence cycles will expand as well; emphasizing the growing need to ensure our processes are not compromised in a cyber-dominated landscape.  Cyber Counterintelligence is one aspect and possibly one of the most crucial topics at the core of protecting our collection efforts. The potential for active defense or offensive cyber counterintelligence operations will be covered.
The course will rely heavily on individual research and group discussion to explore the world of cyber counterintelligence, and where applicable, make use of the student’s ability to do independent thinking and analysis of in-class problems assigned through weekly discussion threads. This course focuses on open source intelligence and adversaries while creating online personas to assist in data collection and information extraction. This introductory course examines open source intelligence collection as well as the availability and use of OSINT tools. Students will be able to understand the use methods of only anonymity, the fundamentals behind cyber persona development, enrollment in various social media sites and applications, and how these current methods can be employed in their organizations to assist in operational cyber security, their defense against adversaries, and passive data collection.  The establishment of cyber personas takes patience and time to create a credible resource. Parallel activities occur through the outline above. Treadstone 71 maintains separation from the client as required maintaining confidentiality of methods and processes.

Sitreps and current intelligence may redirect activities. The intent is to establish a program of cyber and open source intelligence that creates data streams for analysis. Data streams take the time to develop to establish links, trends, tendencies and eventually, anticipatory and predictive analysis. The desire is to move from a detective approach to one that is preventive while moving too predictive.