Certified Threat Intelligence Analyst (CTIA)
- 02 Aprile 2025
- Duration 24 weeks
- 01 June 2026
- Duration: 36 weeks
Uncover, analyze, and counter cyber threats with CTIA — the global standard in threat intelligence
As an Authorized Training Center of EC-Council, we deliver official CTIA training and certification designed to prepare professionals to identify, analyze, and respond to evolving cyber threats with actionable threat intelligence.
Key features & benefits
40+ hands-on labs that mirror real-world threat intelligence operations, so you learn by doing
Build and manage a professional threat intelligence program aligned with MITRE ATT&CK and global frameworks
Master data collection, analysis, and reporting — skills highly demanded by SOC and cybersecurity teams
Gain expertise across all levels of threat intelligence: strategic, operational, tactical, and technical
Ensure compliance with international standards (ISO 27001, NIST, GDPR) and strengthen your organization’s defenses
Earn the official EC-Council CTIA certification, recognized worldwide and valued by leading employers
Course outline
Module 01
Introduction to threat intelligence
Introduction to threat intelligence
- Intelligence
- Cyber threat intelligence concepts
- Threat intelligence lifecycle and frameworks
- Threat intelligence platforms (TIPs)
- Threat intelligence in the cloud environment
- Future trends and continuous learning
Key topics covered: cyber threat intelligence, threat intelligence vs. threat data, threat intelligence vs. traditional cybersecurity approaches, types of threat intelligence, threat intelligence generation, responsibilities of cyber threat analysts, threat intelligence lifecycle, threat intelligence strategy, threat intelligence maturity model, threat intelligence frameworks, threat intelligence platforms (TIPs), role of threat intelligence in cloud security, career paths and opportunities in threat intelligence field
Module 02
Cyber threats and attack frameworks
Cyber threats and attack frameworks
- Cyber threats
- Advanced persistent threats
- Cyber kill chain
- MITRE ATT&CK and diamond model
- Indicators of compromise
Key topics covered: cyber threats, cybersecurity threat categories, threat actors, objectives of cybersecurity attacks, advanced persistent threats, advanced persistent threat lifecycle, cyber kill chain methodology, MITRE ATT&CK framework, diamond model of intrusion analysis, indicators of compromise, categories of indicators of compromise, pyramid of pain
Module 03
Requirements, planning, direction, and review
Requirements, planning, direction, and review
- Organization’s current threat landscape
- Requirements analysis
- Plan a threat intelligence program
- Establish management support
- Build a threat intelligence team
- Threat intelligence sharing
- Review threat intelligence program
Key topics covered: identify critical threats to the organization, threat intelligence requirements, MoSCoW method for prioritizing requirements, scope of threat intelligence program, rules of engagement, threat intelligence program planning, project charter and policy preparation, threat intelligence roles and responsibilities, build intelligence team, threat intelligence sharing, types of sharing partners, threat intelligence-led engagement review
Module 04
Data collection and processing
Data collection and processing
- Threat intelligence data collection
- Threat intelligence collection management
- Threat intelligence feeds and sources
- Threat intelligence data collection and acquisition
- Bulk data collection
- Data processing and exploitation
- Threat data collection and enrichment in cloud environments
Labs:
- data collection through search engines, web services, website footprinting, email footprinting, DNS interrogation, automated OSINT tools, social engineering techniques, cyber counterintelligence (CCI) techniques, malware analysis, and Python scripting
- IoC data collection through external and internal sources
- structuring and normalization of collected data
Key topics covered: threat intelligence data collection, data collection methods, types of data, types of threat intelligence data collection, threat intelligence collection plan, threat intelligence feeds, threat intelligence sources, threat intelligence data collection and acquisition, data collection through Python scripting, bulk data collection, bulk data management, data processing and exploitation, structuring and normalization of collected data, data sampling, threat data collection in cloud environments
Module 05
Data analysis
Data analysis
- Data analysis
- Data analysis techniques
- Threat analysis
- Threat analysis process
- Fine-tuning threat analysis
- Threat intelligence evaluation
- Create runbooks and knowledge base
- Threat intelligence tools
Labs: perform threat modeling and data analysis, perform complete threat intelligence using threat intelligence tools
Key topics covered: data analysis, types of data analysis, statistical data analysis, analysis of competing hypotheses (ACH), structured analysis of competing hypotheses (SACH), threat analysis, types of threat intelligence analysis, threat analysis process, threat modeling methodologies, threat analysis process with diamond model framework, validating and prioritizing threat indicators, fine-tuning threat analysis, automate threat analysis processes, threat intelligence evaluation, threat attribution, creating runbooks, threat knowledge base, threat intelligence tools
Module 06
Intelligence reporting and dissemination
Intelligence reporting and dissemination
- Threat intelligence reports
- Dissemination
- Participate in sharing relationships
- Sharing threat intelligence
- Delivery mechanisms
- Threat intelligence sharing platforms
- Intelligence sharing acts and regulations
- Threat intelligence integration
- Threat intelligence sharing and collaboration using Python scripting
Labs: perform threat intelligence reporting and sharing
Key topics covered: threat intelligence reports, types of cyber threat intelligence reports, report writing tools, dissemination, threat intelligence sharing, information sharing model, information exchange types, sharing community, sharing intelligence using YARA rules, standards and formats for sharing threat intelligence, information sharing and collaboration platforms, intelligence sharing acts and regulations, threat intelligence integration, threat intelligence sharing using Python scripting
Module 07
Threat hunting and detection
Threat hunting and detection
- Threat hunting concepts
- Threat hunting automation
Labs: perform targeted threat hunting using Python scripts, perform threat hunting automation using threat intelligence tools
Key topics covered: threat hunting, types of threat hunting, threat hunting process, threat hunting maturity model (HMM), threat hunter skillset, threat hunting loop, targeted hunting integrating threat intelligence (TaHiTI), threat hunting automation, threat hunting automation using Python scripting
Module 08
Threat intelligence in SOC operations, incident response, and risk management
Threat intelligence in SOC operations, incident response, and risk management
- Threat intelligence in SOC operations
- Threat intelligence in risk management
- Threat intelligence in incident response
Labs: perform cyber threat intelligence using the SOC threat intelligence platforms
Key topics covered: threat intelligence in SOC operations, building SOC threat intelligence, next-gen intelligent SOC, SOC threat intelligence platforms (TIPs), threat intelligence in risk management process, integrating threat intelligence into risk management processes, threat intelligence into the incident response process, threat intelligence in incident recovery and resilience
Our partners & vendors
Ready to grow your cybersecurity team?
Training prerequisites
Core knowledge
Solid understanding of computer networks, protocols, and cybersecurity fundamentals
Familiarity with concepts of threat actors, malware, and common attack techniques
Recommended: prior knowledge of security operations or equivalent professional experience
Technical skills
Ability to analyze security events, logs, and indicators of compromise (IoCs)
Experience with open-source intelligence (OSINT) tools and basic threat intelligence platforms (TIPs)
Familiarity with frameworks such as MITRE ATT&CK, Cyber Kill Chain, and Diamond Model
Understanding of reporting standards and compliance requirements (e.g., GDPR, ISO 27001, NIST)
OS & tools
Comfortable working with Linux and Windows environments
Proficiency in using command-line utilities and automation scripts (Python or PowerShell preferred)
Familiarity with SIEM solutions, SOC workflows, and security monitoring tools
Ability to integrate data from multiple sources for analysis and reporting
Training & register details
TRAINING OVERVIEW
Certified Threat Intelligence Analyst (CTIA)
Strengthen your organization’s cyber defense with advanced threat intelligence skills to identify, analyze, and mitigate evolving threats
Training Duration: 3 days (24 hours)
Format: Instructor-Led Online
Level: Intermediate to Advanced
Language: Ukrainian
Materials: English | 12 months valid
Labs: 24/7 180 days access
Exam Attempts: 1 offline
HOW TO REGISTER
1. Submit your application
Submit a quick application to let us know you’re interested in the course.
2. Intro call
We’ll schedule a short call to learn more about your goals and expectations.
3. Confirm your spot
Get accepted and complete the paperwork. We’ll send you all the info you need.
4. Start learning
Access your learning platform and get familiar with the materials.
5. Join the community
Get access to the student chat, events, and mentorship opportunities.
Who is CTIA for?
Cybersecurity experts
Accelerate your career with CTIA and gain globally recognized expertise in threat intelligence. Learn to uncover hidden adversaries, analyze advanced attacks, and deliver actionable intelligence that employers demand
Teams & businesses
Strengthen your company’s cyber resilience by training staff to detect, predict, and prevent threats before they escalate. With CTIA, your team transforms data into powerful insights that drive smarter security decisions
Government & defense
Equip national security and defense operations with intelligence-led capabilities trusted worldwide. CTIA provides the methodologies, frameworks, and tools needed to outpace sophisticated adversaries and protect critical assets
Educators
Enhance your academic or corporate programs with official EC-Council content. CTIA brings cutting-edge threat intelligence practices into the classroom, helping you deliver training that shapes the next generation of cybersecurity leaders
FAQ
What does a C|TIA do?
What is the C|TIA?
C|TIA is a professional certification program, designed and developed by cybersecurity and threat intelligence experts worldwide. It focuses on all the stages of a threat cycle, emphasizing data collection, attackers’ TTPs, and converting refined data to actionable intelligence. It offers a 60:40 theory and practical ratio, hands-on skills, and a 360-degree approach to prepare candidates to secure organizations from potential threats.
Why is a threat intelligence analyst important?
A Threat Intelligence Analyst strengthens cybersecurity defenses by proactively identifying and analyzing potential threats. A Threat Intelligence Analyst equipped with C|TIA certification can help proactively identify and assess potential risks through comprehensive threat intelligence analysis. This certification validates an individual’s ability to understand threat actors’ tactics, techniques, and procedures (TTPs), enabling them to contribute to a comprehensive cybersecurity posture.
Is the C|TIA for beginners?
The C|TIA certification program is designed for mid to high-level cybersecurity professionals with at least 2 years of experience in cybersecurity, IT, or related fields
Is the C|TIA worth getting?
Yes, the C|TIA is a credible certification. The global market for cyber threat intelligence is expected to reach $21 billion by 2027, and the Certified Threat Intelligence Analyst (C|TIA) certification demonstrates your competence in combating cyber threats. With global recognition, the certification leads professionals to better opportunities, advancing careers and aligning them with the industry standards in the dynamic cybersecurity landscape.
What is the course duration for C|TIA?
EC-Council’s C|TIA offers a 24-hour or 3-day training session with Examination preparation study materials. The Examination spans 2 hours with 50 multiple-choice questions.
Which industries need cyber threat intelligence analyst professional?
Threat Intelligence Analysts are more prevalent in industries, including:
- Finance and Banking
- Government and Defense
- Healthcare
- Technology and IT
- Energy and Utilities
- Telecommunications
- Critical Infrastructure
- Retail and E-Commerce
- Education
- Aerospace and Aviation
What resources are provided in the C|TIA program?
C|TIA provides thorough training materials encompassing threat intelligence concepts, practical skill development through hands-on labs, and industry framework-aligned training. Students gain access to online discussions and community assistance, the latest techniques and technology for improved opportunities to applicants with an intensive course that includes over 800 pages of the comprehensive student manual, 350+ pages of the lab manual, and 27 hands-on labs.