Most CTI training teaches the lifecycle. That is not enough.
Producing a threat assessment that survives challenge from a client, a regulator or a red team requires a different level of skill. It requires structured analytical tradecraft, defensible reasoning, scenario design grounded in real actor behaviour, and the ability to produce outputs that hold up under scrutiny — not just outputs that look like intelligence.
Built for practitioners, not beginners.
CTI-CRAFT is an advanced programme designed for:
- Security analysts moving from tactical CTI into strategic and regulatory intelligence roles
- Consultants and contractors supporting CBEST, TIBER-EU or DORA TLPT engagements
- Red team leads who need to understand intelligence-led testing from the TI side
- Financial sector security professionals responsible for threat intelligence governance
- CTI practitioners who need to produce outputs that meet regulated standards — not just internal reporting
CTI training curriculum built around real intelligence work.
16+ modules across six content areas. 20+ hours of practitioner-led instruction, live demonstrations and practical exercises.
Core Intelligence Tradecraft
The intelligence lifecycle, collection planning, PIR development, source assessment, legal and ethical boundaries, and decision-ready reporting.
Financial Sector Intelligence
Important Business Services, Critical Important Functions, systemic risk, financial sector threat actors and regulated institution requirements.
Scenario Development for Regulated Testing
Actor profiling, procedure-level ATT&CK mapping, attack path design, plausibility statements and red team handover.
Threat Intelligence Maturity Assessment
Governance, programme planning, operations and functional management assessment using structured evidence, scoring and improvement roadmaps.
Structured Analytic Techniques
ACH, Key Assumptions Check, premortems, alternative futures, bias control, probability language and confidence ratings — applied to real intelligence problems.
Advanced Threat Domains
Geopolitical analysis, OT/ICS threats, insider threat, purple teaming, AI-enabled intelligence and AI-specific attack vectors.
DORA, CBEST and TIBER-EU have raised the bar.
Financial institutions subject to these frameworks require intelligence that meets a precise standard. Generic CTI training — even well-regarded certification programmes — does not routinely address these requirements. CTI-CRAFT does.
- Identifies plausible, evidence-backed threat scenarios for specific business services
- Supports red team targeting with procedure-level actor detail
- Withstands scrutiny from regulators, test managers and external reviewers
- Meets the documentation and handover standards of regulated testing programmes
Work products you can actually use.
CTI-CRAFT is designed around demonstrated capability. Students produce the artefacts used in real intelligence-led engagements — the outputs a CBEST or TIBER-EU intelligence provider is expected to deliver, built to the standard required.
These are not templates to fill in. They are structured work products built through live exercises, walkthroughs and practitioner feedback.
- Threat Intelligence Assessment templates
- PIR and collection planning frameworks
- TIMA scoring worksheets and evidence structures
- Threat scenario development packs
- ATT&CK mapping structures
- Briefing formats for boards, regulators and red teams
Start with the free Cyber Threat Intelligence foundation course.
Not ready for CTI-CRAFT yet? The free CTI Foundation Course at cyberthreatintelligence.info covers the intelligence foundations required before progressing to advanced CBEST, TIBER-EU and DORA TLPT tradecraft. Also accessible through the ThreatInsights Academy.
