Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training
Can't find what you are looking for?

Let us help.

Contact us
Resources
SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

CISO Network

Engage, challenge, and network with fellow CISOs in this exclusive community of security leaders

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations
Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk with an expert
Talk with an expert

NEW DFIR COURSE DEVELPOMENT SURVEY | FOR478

We are seeking input on level of interest, topical coverage, & course duration with an emphasis on the underpinning elements of cyber threat analysis

Authored byViviana Ross

Hello SANS Community! In an effort to continue to improve our training offerings, we authored this blog to gauge interest in a potential foundations of cyber threat intelligence course as a bridge course that would set students up for the more advanced FOR578 course. Recently, SANS received anecdotal feedback that mid-career professionals and aspirant cyber threat intelligence analysts would benefit from taking an introduction course before moving into the advanced, faster pace FOR578.

While some FOR578 instructors have created additional boot camps outside of course hours or primers describing how to and use cases for various tools, this introductory course would codify these knowledge, skills, and ability gaps using presentation, interactive discussion, and real world stories.

Within the survey, we would like to seek input on level of interest, topical coverage, and course duration with an emphasis on the underpinning elements of cyber threat analysis and analytic tradecraft to include:

  • Foundational IT concepts surrounding enterprise networks and operating systems;
  • The evolution of operating system and application cyber security measures;
  • Internal data sources on computer systems, digital forensics principles, and artifacts of attacker activity;
  • Cyber security frameworks, best practices, and discipline favorite tools;
  • Organizational integration, business acumen, and alignment to drivers of cyber security investment;
  • The composition of nation-state and criminal hacking programs;
  • How cyber operations are used as a tool of statecraft to support national level strategic and tactical priorities;
  • Conceptualizing industry-specific threats and organizational crown jewels;
  • Effective ways to construct written intelligence products and briefings to deliver high impact messages to senior leaders and operational and technical audiences;
  • Cyber threat intelligence analysts types—strategic, operational, and tactical—and the skills needed for each.

We encourage survey participants to review the FOR578 course page and recent SANS blog post by one of our FOR578 instructors, John Doyle, that maps out FOR578 course coverage juxtaposed against knowledge, skills, and abilities required within the cyber threat intelligence field. We welcome any and all participation from FOR578 alumni and other practitioners alike. Many thanks in advance for taking the time to fill out the short survey.

Descarga_la_Carta_(5).png

Meet the expert

Viviana Ross

Viviana has over 15 years in the Digital Forensics and Incident Response (DFIR) industry and started her career as a Director of Marketing at some of the top digital forensic hardware acquisition and evidence analysis companies.

Read more about Viviana Ross