Operational Cyber Threat Intelligence

This online course aims to fill the gap between the technical level and the operational level that is responsible for planning cyber activity. To provide a clear comprehension of the main data you need to plan cyber events, using real samples that are well documented in open source. Based on this analysis, applying the Intel Cycle to the cyber domain, you will identify the gaps you need to fill and drive the collection phase, tasking the correct sources to gather needed information. Merging indications, analysing and sharing these data, you will transform them into a possible cyber threat situation by using a sharing platform environment.


Due to the current travel restrictions to Estonia (from many countries the travelers have to spend a 10 days self-isolation period when they enter the country), this course will be held as an online course and the confirmed students DON’T HAVE TO TRAVEL to Estonia. Therefore they don’t have to buy flight tickets and don’t have to book accommodation in Tallinn.

All of the technical details to join the course will be shared with the confirmed participants until 26th  of April, 2021.

Learning Objectives

  • To acquire the essential elements of understanding the cyber domain for Intelligence purposes, identifying data useful for planning cyber activities and gaining a better understanding of the enemy’s cyber capability.
  • To gain confidence with the main technical data available through the network, understanding which sources could be used to collect this information, and performing a general analysis and data correlation (filter, analyse, correlate data collected).
  • To gain confidence with the main data available through social networks and social media, understanding which sources could be used to collect this information, performing a general analysis and data correlation (filter, analyse, correlate data collected).
  • To practise differentiating, merging, analysing and sharing collected data.
  • To practise the theoretical knowledge acquired during the week, produce, assess and share data and become more confident with events, simulating real-life conditions.

Target Audience

J2, J3, J5, J6 staff members, branch heads, RRT/CERT members, Cyber Threat Analysts, mediators between Tech Level and Operational level.


  • Intel cycle applied to the cyber domain
  • Cyber Defence Threat Assessment
  • Intelligence Support to Cyber Operations
  • Technical data gathering Information
  • Social media gathering information
  • Information sharing
  • Transforming technical data into Threat Intelligence
  • Exercises


  • The Integration of Cyber Considerations into Operational Planning e-Learning course (ADL 375, see the details in the “Online training” chapter) that can be accessed through the NATO e-Learning Joint Advanced Distributed Learning portal is recommended for the students of the course. Once registered, users may access the course by navigating to the ‘Centres of Excellence’ -> ‘COE Cyber Defence’ -> ADL 375 ‘Integration of Cyber Considerations into Operational Planning’ course listing.
  • English language skill comparable to STANAG 6001,
  • Basic knowledge of Windows and Linux, TCP/IP stack, social media, virtualisation product and good understanding of technical cyber vocabulary and means.


Registration opens on 1st of February, 2021. Applicants from CCDCOE member nations should use the registration code provided by their national Point of Contact. An email confirming the participation will be sent only after the registration has closed.

If you have any questions or issues with registration, please contact [email protected]