Trainings/Learning
Curated Intelligence Repo Free - Beginner friendly to advanced
Really a one stop shop for all things Threat Intelligence. Their Fundamentals repo has links to various frameworks, theory, and research. The Research Guide will teach you how to research and use various types of intelligence and how to curate your collection. Their Actor Profile Guide provides a GREAT blueprint for creating your own actor profiles! This repo is truly an invaluable resource!
Alt Funktion Free - Beginner friendly to advanced
I found Jennifer through TikTok! Alt Funktion is truly creating fantastic resources to learn CTI and cybersecurity through whatever medium is best for you. They have TikTok, they have YouTube, they have a blog, and they just keep growing!
macOS Malware Knowledge Database Free - Intermediate
Repository of OSINT for several macOS focused malware families maintained by security researcher at Huntress Labs, Stuart Ashenbrenner. (LinkedIn, Twitter)
Cybrary $$ - Beginner friendly, skill building
I really like that they break up their trainings into various career and skill paths. They do not have a CTI path, but they do have an Intro to CTI course. Only the first 13 minutes are free of the 4 hour course. The rest is only available to the $50USD/month+ subscription. Their Threat Actor Campaign section, which would also be worthwhile for the CTI-curious, is also paid subscription only. The skill path training titled “Reconnaissance and Enumeration” is geared toward pen testers, but could be beneficial for CTI. That is free!
They do offer courses for security fundamentals, SOC analysts and engineers, and pen testers as career paths and those are still free. Their skill path trainings, such as host-based detection or network fundamentals are also free.
Udemy $$ - Beginner friendly, has some cert prep
Wonderful for learning really anything under the sun. I have not taken any CTI courses, so proceed with caution. They offer several prep courses for certifications like Security+. I would recommend not doing any course with fewer than 1000 reviews.
Udemy usually has wild discounts like “70-90%” off sales. Sign up for an account and show interest in the courses you want and they may send you a discount.
SANS From free > $$$$ - Beginner resources, advanced options
The premiere cybersecurity learning standard. SANS offers several free resources, like their blog, all the way up to ~$10,000USD for an on-demand CTI course with the CTI certification attempt included.
Pluralsight 10 Day free trial/Paid subscription - Beginner - Intermediate
The linked course above was the only CTI course that seemed worthwhile. They have a course that is specifically Volt Typhoon and Sandworm. It looks to be a good deep dive into actor profiling and methodologies, but would be for a more advanced audience
MITRE - Free - Intermediate
The MITRE ATT&CK framework is going to be your best friend. Not only are they the standard for all characterizing all tactics, techniques, and procedures, but they offer intel on actors, their campaigns, and the tools/software they use. While this is not a structured course, I would spend some time here and make some flash cards!
SANS Cyber Academy Free - Intermediate - Not CTI exclusive, broad cybersecurity training
From their website:
“A career-building cybersecurity training program designed to help individuals from outside the industry launch their cybersecurity careers. Open to U.S. citizens and legal permanent residents. […]
The SANS Cyber Academy equips individuals from under-resourced communities with hands-on cybersecurity training and industry-recognized GIAC certifications.
This is a highly competitive aptitude-based scholarship program. Selection is based on aptitude, and participation must be earned.”
Cybersecurity vendor trainings - I do not receive any form of compensation from the below companies, I just like their products
Mandiant $2-3K USD Beginner to advanced
I took their Threat Intelligence Production course and it was phenomenal. If you can snag one of these trainings, I definitely say do it. The Mandiant name carries a lot of weight in the community. Google bought them for a reason and the reason was not because they suck.