This introductory course examines what information is available open source, types of attack, differences between the Hacker, Hacktivist, and Terrorist, corporate attacks, and nation-state’s Advanced Persist Threats; and, the breadth of increasingly diverse and sophisticated threats in the cyber domain that impact the United States at the federal, state and local level. The course will also provide an overview of current threats, such as Ransomware and Insider Threats; and, the function of fusion centers, and their importance in law enforcement.

Commonly referred to as the “fifth geographic domain” (after land, sea, air and space), this non-technical topic examines the evolution of the cyber domain from when telecommunications and computer systems converged in the 1960s until now.  The production, storage, transmission and processing of information has fundamentally transformed how one communicates, socializes, conducts business, moves and learns.  Information can now be gathered across an ever-expanding scope, in greater volume, over vast distances and in virtually no time.  Consequently, both legal and illegal activities are adapting to, and taking advantage of, this transformation into a “worldwide internet of things.”  This topic will examine various approaches at the federal, state, local and individual level to “manage” the cyber domain by assessing who and how five key functions of the cyber domain (monitoring, detection, analysis, attribution, and response) are performed.

This core course provides a high-level understanding of the current and emerging geopolitical realities in the cyber domain.  Specifically, it highlights the need to inform government and industry professionals of their strategic cyber security concerns and why their mission-critical functions, that are increasingly dependent on a cyber infrastructure, might be at risk.  This instruction explores the importance of traditional tools of statecraft – diplomacy, political warfare, classic intelligence and counterintelligence tradecraft—in understanding why cyberattacks and espionage might occur and how to mitigate their impact on the enterprise.

• Introduction to the cyber domain, its evolution and importance to mission-critical functions

• Summary profiles of threat actors and their geopolitical interests.

• Introduction to threat and risk assessments.

• What is cyber intelligence and why is it important?

• Examine cyber-based efforts as tools of statecraft for government and Industry.

This course provides an overview of the growing recognition that US cyber security is increasingly interdependent with, and contributes greatly to, US national security.  The topic begins with and introduction to key concepts and definitions of cyber security, cyber intelligence, cyber counterintelligence, cyber espionage, cyber attacks, counter cyber intelligence, and cybercrime.  Case studies of foreign cyber threats are reviewed to identify their unique methods of operation and the challenges they pose to our nation’s ability to monitor, detect, analyze, attribute and respond to a cyber event.  This topic examines how the US is organized for cyber security, it reviews the strengths and weaknesses of the partnership between the public and private sectors, and it reviews the latest key issues in US legislation, policies, strategies and practices in the cyber domain.

This course provides corporate and government professionals with a fundamental understanding of how best to apply cyber intelligence to business strategies and better assess risk/reward value. This course facilitates clarity and understanding to executives on why and how to incorporate cyber intelligence into the fabric of their strategies and operations. The objective of this course is to provide executive participants with the mission critical understanding of cyber intelligence, its role and value in modern business strategy, whether in private sector or government.  Participants will learn about the foundations and history of cybersecurity, the high-level relationship of technology in cyber intelligence, the importance of technology innovation in cyber intelligence and a practical understanding of the importance of cyber intelligence relative to national security for private sector and government.  Participants will learn how to apply this critical cyber intelligence understanding to evaluate and improve relevant business strategies

• Foundations and History

• Cyber Crime Effects

• Technology and the Cyber Threat Landscape

• Cyber Interoperability in Business

• Technology Innovation and how it affects your organisation

• Cyber Intelligence Business Strategy – Case Studies

Coming soon...

This ground-breaking course focuses on the ability of terrorist organizations to navigate and exploit the cyber domain, and how it is a serious and growing concern. ISIS, Hezbollah, Al Qaeda affiliates and so-called lone wolves are but a few who have demonstrated sophisticated, improving and effective skills to communicate, propagate radical and violent ideologies, recruit sympathizers and operatives, collect intelligence, plan and oversee operations, exploit messaging and counter competing narratives.  Effective counter terrorism strategies and operations must not only recognize and understand, but also address and exploit this new, important and challenging dimension of conflict. The leading objective of this course is to provide the counter terrorism professional with a deeper understanding of how foreign and domestic terror operatives exploit the cyber domain to recruit and communicate, propagate radical ideologies, acquire finances and other resources, collect intelligence, and plan and support operations.  Participants will examine and better understand:

• Various threat profiles and capabilities to exploit the cyber domain

• Terrorists’ sophisticated exploitation of social media;

• Terrorists’ highly adaptive use of the “dark web.” 

• Counter terrorism strategies, operations and tactics in the cyber domain.

This core training program focuses on the best practices and methodology to empower organizations to plan, implement, and refine capabilities to mitigate malicious and unintentional insider threats to IT infrastructure, information systems, facilities, and people. Emphasis will be on developing an organizational and information infrastructure for combating insider threats; policies, procedures, and guidelines for such operations; and units capable of conducting these duties. This training will offer participants awareness of a wide spectrum of insider threats to organizations, means of detection, best practices in prevention, and paths toward developing programs to protect against both malicious and unintentional insider threats in the future. Focusing on conceptual and fundamental concept, participants should be able serve as leaders for combating insider threats within their parent organization, able to train others and pass on lessons learned.

• Identifying and Categorizing Insider Threats

• Mitigating Insider Threat Effects

• Information Access, Dissemination, and Handling Procedures

• Organizing for Insider Threat Prevention and Response

This course will provide a strong understanding of the Geopolitical environment and realities we live in today. Focusing on US adversaries and allies; culture, history, leadership, actions, cyber strategies and policies, and how this fundamental knowledge increases the ability to keep our networks and our nation more secure.  Instructors will profile strategies, organizational structure, emerging capabilities and operational activities of ‘bad actors” in the cyber domain.  Government and industry professionals need to understand how cyber adversaries in China, Iran, Russia, North Korea and other countries are working tirelessly to get around network defenses to steal intellectual property, disrupt business or attack our national economy or national defense.  Targeted intrusions will continue to proliferate, and nation-states will use espionage to collect information from any organization with valuable data that will serve a country’s national interests.  Participants taking this course will have a greater ability to characterize risks and threats, identify and detect attacks and can help provide the best course of prevention, and/or remediation. 

• China Cyber Threats

• Russia Cyber Threats

• Other World Cyber Threats

• Cyber Crime

According to the Department of Justice (DOJ), an average of 4,000 ransomware attacks occurred per day in 2016 in the U.S., a 4x increase over the previous year.  Ransomware is a virus that blackmails users by encrypting their hard drives or locking them out of the computer, demanding payment to restore it, which may or may not be restored. Ransomware has not only become a billion dollar “business”, it has become one of the most - if not the most prevalent, effective and successful forms of cybercrime affecting both the private and public sector, including law enforcement agencies This compelling course presents the following subtopics of ransomware:

• The History and Evolution of Ransomware

• How Ransomware Gets onto a Computer

• Ransomware Methods

• The Rise of Reveton (a ransomware type that impersonates law enforcement agencies), and Police Ransomware:

  • The Biggest Ransomware Attacks and Most Prominent Variants

  • Nation-State sponsored Ransomware versus Common Criminal Perpetrators

  • The Bitcoin Connection

  • Key Do’s and Don’ts to protect against Ransomware

  • Case Study examination of Infamous Ransomware Attack to Date (i.e., NotPetya-Maersk, WannaCry-Lazarus/North Korea)

This course focuses on basic cyber intelligence analysis skills and how to integrate strategic and tactical cyber intelligence into usable and impactful strategic assessments. These lessons can be applied to the public or public sector, including the military, and can be specially configured per audience. Course content focuses on fundamental all-source cyber analytical skills such as interpreting the cyberattack life cycle, attribution, and vetting information. Students should be relatively new analysts with one year or less of strategic intelligence experience and possess some training in research and intelligence methodology. 

• Integrating Tactical and Strategic Intelligence

• Evaluating and Accessing Cyber Intelligence

• Cyber Threat Landscape

• Cyber Intelligence Support to Operations

• Mini Cyber Intelligence War Game

This course focuses on best practices for cyber intelligence analysis, and integrating strategic and tactical cyber intelligence to support high-level operations and decision making. These lessons can be applied to analysts working in the public or public sector, including the military, and can be specially configured per audience. Course content consists of intermediate all-source cyber analytical skills for managers, emerging thought leaders, and mid-level analysts. Students should possess one to three years of strategic intelligence experience as well having some familiarity with cyber, research, and intelligence methodology. 

• All-Source Cyber Intelligence Tradecraft

• Open Source and Intelligence Fusion

• Cyber Threat Actors

• Cyber Intelligence Support to Operations

• Mini Cyber Intelligence War Game

The value of this discipline stretches across many industries and impacts many companies and employees. As tens of millions of people are dependent on critical infrastructure services, it also is a prime target for an adversary.  Having a thorough understanding of risks in critical infrastructure, the types of attacks that are more likely to be seen and the development and use of cyber Intel to increase security is foundation to success.  Students will gain insight into how Cyber Intel informs decisions to strengthen infrastructure security and resilience, as well as response and recovery efforts during incidents. Informed professionals protect the nation’s critical infrastructure through an integrated analytical approach evaluating the potential consequences of disruption from cyber threats and incidents and providing data on traditional kinetic attacks. Students will also gain insight into how control systems differ from information systems and how cyber intelligence informs the impact of their exploitation.  This course will enable technicians and leaders to identify, mitigate and recover from internal and external cyber threats unique to control system domain. 

• Risk assessment on all Critical Infrastructure Sectors

• Policies, laws and best practice

• NIST Cybersecurity Framework

• Emerging threats and new vulnerabilities

The Cyber Intelligence War Game (CIWG) is focused on the integration of strategic and tactical cyber intelligence world, and decision and crisis management support to senior decision makers. The CIWG places participants in real world scenarios, configured upon client requirements, parameter and features a blend of true events with event-specific background info. Participants will be required to function as components of a larger cyber intelligence team, organizing into groups optimized for cyber intelligence analysis and dissemination, developing communication methods, conducting analysis, and providing reports and briefs to decision makers, who will be simulated by experienced role players. Course proctors will provide valuable feedback at the end of each segment and an after action review at the conclusion of the simulation.  Can also be integrated into any training workshop as a capstone project/simulation.

• Organizing for Effective Cyber Intelligence Analysis

• Developing Process for Communication and Dissemination

• Structured Analytical Methodology

• Research, Vetting, and Classifying Information

• Briefing Techniques and Considerations