Introduction to Cyber Threat Intelligence 

From the basis of intelligence analysis to creating actionable insight into adversaries and their malicious activities.

Event language: English

CTI provides actionable intelligence that can identify attackers and their methodologies, and can translate these threats into business risks. For instance, in written reports with terms that are meaningful for both technical and non-technical executives. Cyber Threat Intelligence is an essential force multiplier for decision making- as well as identifying, detecting and preventing targeted attack of your adversaries.

Interested? Send us an email

Course Objectives 

During the 3 days of training you will learn what cyber threat intelligence is and how to use it as a force multiplier – You will learn how to perform qualitative analysis focusing on how to interpret and understand data within the right context, writing and selecting data for different audiences (strategic, operational, tactical) and the difference between data, information and intelligence, as well as intelligence frameworks, attribution, intrusion sets and indicators. The course is filled with practical exercises to introduce you to the world of cyber threat intelligence and to bring you quickly up to speed or to refresh existing knowledge.

Target Group

The course is designed for professionals in the Cyber and/or Risk practice that are looking to develop themselves forward in the expertise of Cyber Threat Intelligence. Emphasis in this course is given to the challenges of how Cyber Threat Intelligence can be utilized in an effective manner while in a corporate environment.

Participants will be required to participate actively in all sessions and to provide useful feedback to their peers. No strong technical background is required.

Participants should have affinity with Cyber Security and a clear desire to understand how to incorporate CTI in their daily efforts or their organisation.

Participants need a laptop with an internet connection and a possibility to install (open source) software.


  • Defining Cyber Threat Intelligence
  • Deep dive into how to apply the intelligence cycle for Cyber Threat Intelligence
  • Setting up the Cyber Threat Intelligence program
  • Setting up intelligence requirements
  • Analytical techniques and relevant frameworks & knowledgebases
  • Creation of Intelligence products, language and writing
  • Dissemination and sharing mechanisms & metrics
  • Setting up your Cyber Threat Intelligence team
  • Taking the first steps in an actual hands-on Cyber Threat Intelligence investigation using freely available tooling
  • And many more fun stuff..

The course will be given in English or Dutch, depending on the participants preferred language. The course material is in English.

New dates are coming soon!
  • Intrusion Analysis: 2 day course providing you a thorough introduction to how to perform intrusion analysis effectively. Our 3 day introduction course does not contain detailed modules regarding intrusion analysis, these are delivered separately and together with our international team. This training module emphasizes how to effectively analyze intrusions, integrate them in your workflow and share our tips and tricks.
  • Data link analysis with Maltego: 2 day course providing you a thorough introduction with this powerful open-source intelligence tool to easily gather data and perform link analysis. This training module will focus on the basics of this tool, tips, tricks as well as some practical exercises.
  • Custom training programs: Obviously no intelligence team is the same. Each team is unique in terms of what specific knowledge they poses and want to improve on. We get that. To enable this, we also provide tailored training programs fitting your exact needs. Please contact Martijn Docters van Leeuwen or Karel de Zoete for more information.
The costs are € 2000 ex VAT. Catering (lunch) and course materials are included in the price.

Until four weeks before the start of the course you may cancel your participation by email free of charge. Should you cancel within four weeks before the start of the course you will have to pay the full course fee.

Deloitte reserves the right to cancel a course if circumstances dictate. You will be informed of this as soon as possible.

For more information about our Terms and Conditions, please refer to our FAQ page.

We provide a safe learning environment in close collaboration with the locations. We carry out our services in accordance with the applicable advice and measures as determined by the RIVM. Participants in the training are requested to observe the prescribed hygiene measures and to stay at home if you have a cold or if you have inmates with a fever.

For further information, please refer to the CoronaCheck website of the central government.

Do you have any complaints? Please contact us and have yourself tested. Via Deloitte we can provide a voucher with which you can have an antigen test (a rapid test) taken at 70 locations in the Netherlands, free of charge.

If you have any questions, please contact Linda Otte  


Sijmen Schenk

Sijmen Schenk

I am a senior threat intelligence professional with a background in incident response and forensic investigation. I have spent several years helping defend enterprise level international organizations against sophisticated cyber-attacks, both from the cyber-criminal and the cyber-espionage vertical. My main research activities are performing proactive investigations on malware, malicious infrastructure and adversary tracking. I am a blue teamer by heart and prioritize my spare time to perform academic research, investigate datasets and stay updated on adversary developments.

Karel de Zoete

Karel de Zoete

Senior Consultant

Within Deloitte Cyber Risk Services I’m focusing on Strategy, Risk Management and Transformations. I have a previous background in the banking and financial services industry, as well as public sector. My personal interest within Deloitte lies within the more “covert side” of security, red teaming exercises, social engineering, phishing and finding innovative ways how to increase resilience through targeted awareness campaigns. I’m experienced in extensive and complex multi-tiered security engagements, resilience assessments and cyber threat intelligence.

Share Share event on social
Interested? Send us an email