Threat intelligence done right.

What the industry deems “Threat Intelligence” is too often shortsighted and mislabeled, leaving security analysts chasing indicators around like some game of cat and mouse. Intelligence is supposed to change that game.

The frustration is over. The CIAO course was designed by seasoned military intelligence and cyber operators that can give you the tools to be successful in intelligence driven cyber operations. It’s time to finally get ahead of the adversary.


  • The ins and outs of all stages of the intelligence cycle from collection to analysis from seasoned intel professionals.

  • How to employ threat intelligence to conduct comprehensive defense strategies to mitigate potential compromise.

  • How to use TI to respond to and minimize impact of cyber incidents.

  • How to generate comprehensive and actionable reports to communicate gaps in defenses and intelligence findings to decision makers.

Target audience: Security Analysts, Decision Makers, CISOs, Network/Sys Admins


Length: 40 Hours/5 Days


Completion: Course Certification

Applying our Threat Intelligence methodology additionally allows you to cut cybersecurity operating costs by determining where you actually need resources and making more efficient use of the tools you have available.

Stop relying on the “Hope Strategy” to protect against advanced threats and continue having frustrating discussions with decision makers about what you need to secure your network. Sign up today to gain control of your cyber program by learning how to apply a threat-based defense strategy and how intelligence can completely revitalize your existing cyber program.


MODULE 1:  Introduction to Cyber Intelligence        

  • Lesson 1.1: Defining Intelligence      

  • Lesson 1.2: Building and Operationalizing a Threat Intel Program       

  • Lesson 1.3: Planning, Direction and Requirements  

MODULE 2:  Intelligence Analysis       

  • Lesson 2.1: Critical Thinking      

  • Lesson 2.2: Quantitative vs. Qualitative Intelligence Analysis      

  • Lesson 2.3: Threat Attribution and Threat Modeling      

  • Lesson 2.4: Open Source Intelligence Collection       

  • Lesson 2.5: Threat Intelligence Platforms  

MODULE 3:  Pre-Compromise Threat Intelligence Operations        

  • Lesson 3.1: Threat Based System Baselining       

  • Lesson 3.2: Intelligence Collection Sources       

  • Lesson 3.3: Intelligence-Driven Network Defense Operations       

  • Lesson 3.4: Intelligence Repositories  

MODULE 4:  Post-Compromise Threat Intelligence Operations        

  • Lesson 4.1: Intelligence-Driven Detection Operations       

  • Lesson 4.2: Adversary Activity in Data Analysis       

  • Lesson 4.3: Understanding the Adversary       

  • Lesson 4.4: Intelligence-Driven Incident Response  

MODULE 5:  Intelligence Analysis Reporting and Dissemination        

  • Lesson 5.1: Intelligence Sharing       

  • Lesson 5.2: Intelligence Reports and Dissemination  

MODULE 6:  Cyber Threat Intelligence Culmination CTF Exercise          

  • Lesson 6.1: Completing the Cycle     

Shadowscape's threat intelligence certification program is a comprehensive, multi-course track that is not simply a watered-down overview of what TI is, but rather is built upon a platform that necessitates the students gain expert level knowledge about the adversary and their TTPs. Students will install and employ industry standard TI platforms and tools as well as gain a comprehensive understanding of the intelligence and analytics processes of refining data and information into usable, actionable content. Make no mistake, this certification program will give our students the resources to build and employ a comprehensive TI program within their own organizations as well as the knowledge and expertise absolutely necessary to recognize the threat when it's knocking on their doorstep.


upcoming cIAO Courses

Cyber Intelligence Analytics and Operations - VILT
Mon, Jun 22
Virtual Instructor Led Training
Jun 22, 9:00 AM MDT – Jun 26, 5:00 PM MDT
Virtual Instructor Led Training
Learn the facets of intelligence analysis and how to utilize it to perform ongoing cyber operations to scrutinize intrusions and conduct proactive investigations. This class is 5 days of instructor-led training and concludes with a certificate of training.

training solutions

We offer online and instructor led training solutions using our own highly adaptive, tailored platform to optimize student learning and retention.

Threat Intelligence Certification Program

Network and Security Fundamentals Course

Introduction to Purple Team Security Operations

Intel driven Digital Forensics Investigations

Intel led Orchestration and Automation (SOAR)

Custom Cybersecurity Training (Contact)