CREST Practitioner
Threat Intelligence Analyst, CPTIA

The CPTIA is an entry-level qualification aimed at individuals who are seeking to establish themselves within the Threat Intelligence industry.
This course will give attendees a solid understanding of the theory and practice of cyber threat intelligence operations and is competent to undertake operational Threat Intelligence activities under the supervision of a CREST

Cyber Skills Training - Image of a woman

Course Style

Live Instructor Led. Face-to-face or attend from anywhere.

Skill up and get certified, guaranteed

What is included?

  • 5 days of training
  • Course material/Slides
  • 95.8% Certification Success in First Attempt
  • Classroom training Or Attend-From-Any-Where
  • Training delivered by Professionals with enormous industry experience 
  • Total comprehensive exam preparation

What you will Learn?

  • An understanding of the key phases of intelligence generation, cyber specific information sources and common approaches to collection and analysis.
  • The ability to demonstrate a high level of competence in the collection, analysis, and dissemination of intelligence to a consistently high standard and in accordance with legal and ethical guidelines.

Who should attend?

  • A Practitioner Threat Intelligence Analyst (PTIA) may be a comparatively junior member of a threat intelligence team, working under the direction of more senior colleagues (CRTIA, CCTIM qualified personnel).
  • PTIA is a role responsible for the collection and analysis of data, information, and intelligence in order to generate threat intelligence outputs. Analysts are expected to be familiar with both contextual analysis (focussing on social, cultural, and geopolitical elements) and technical analysis (analysis of data relating to Indicators of Compromise). 
  • A PTIA is also expected to understand the legal and ethical frameworks governing threat intelligence work.

Course Dates

3 – 7 Jun, 2024
12 – 16 Aug, 2024
7 – 11 Oct, 2024
9 – 13 Dec, 2024

Course Outline

A – Key Concepts
A1 Objectives of Threat Intelligence
A2 Terminology
A3 Threat Actor Types / Definitions
A4 Threat Vector & Vulnerability Types
A5 The Intelligence Cycle
A6 Analytic Models
A7 Attack Lifecycle
A8 Understanding Risk

B – Direction and Review
B1 Developing Terms of Reference
B2 Importance of Project Review
B3 Dealing with Intelligence Gaps

C – Data Collection
C1 Function & Use of a Collection Plan
C2 Use of a Collection Worksheet
C3 Types of Sources
C4 Source Reliability and Grading
C5 Specific Sources
C6 Boolean Search Strings
C7 Basic Source Analysis
C8 Operational Security (OPSEC)


D Data Analysis
D1 Hypothesis Testing
D2 Facts, Assumptions, Premises & Inferences
D3 Expressing Likelihood / Certainty
D4 Circular Reporting
D5 Cognitive Biases
D6 Analytical Techniques

E – Product Dissemination
E1 Structured / Machine Readable TI
E2 Unstructured / Human Readable TI
E3 Intelligence Sharing

F – Legal and Ethical
F1 Understanding Requirement for Adherence to Legal / Ethical Standards
F2 Handling of Classified Material
F3 Key Legislation Pertaining to Intelligence Collection in the UK
F4 Dealing With Legal / Ethical Uncertainty.
F5 CREST Code of Conduct


  1. There is no specific pre-requisite.
  2. CompTIA Network+ and/or Security+ training/qualification will be helpful together with skills/understanding of:
    1. Using virtual private network devices and its encryption
    2. Effectively recognise and categorise types of vulnerabilities and associated attacks
    3. Using network analysis tools to identify vulnerabilities
    4. Applying security models
    5. Recognise vulnerabilities in security systems

Are you ready to get started?