UP TO 50% OFF on Combo Courses!

Getting To Know CTIA (Certified Threat Intelligence Analyst)

About Certified Threat Intelligence Analyst (CTIA)

Certified Threat Intelligence Analyst (CTIA) is a combination of cybersecurity and threat intelligence to help identify and reduce business risks and  unknown threats into known threats. It allows cybersecurity professionals to increase their skills in building cyber threat intelligence. It is a comprehensive and specialist-level program.

Getting to know CTIA

Importance of Cyber Threat Intelligence

Cyber Threat Intelligence is used to gather details of old and new threats from various sources. The collected data will be analyzed by the threat intelligence feed and reports will be generated for making security decisions of the company. There are some reasons why the organization needs a good Cyber Threat Intelligence team:

  • CTIA helps to reduce the overall cybersecurity expenses and it also saves business capital.
  • It helps to lower the risks of cyberattacks from cybercriminals.
  • Cyber Threat Intelligence team helps other security professionals in making strategic decisions related to information security.
  • It helps other security professionals to strengthen the security posture of the organization.
  • It improves the efficiency of security teams in an organization.

Skills of Cyber Threat Intelligence Analyst

Nowadays because of increasing Cyber Threats, the demand for Cyber Threat Intelligence Analyst is rising due to which organization is facing difficulty in choosing the best candidates. Here are some skills that CTIA should acquire:

  • Know in detail about different types of threat intelligence: A CTIA must have detailed knowledge about various types of threat intelligence strategies such as strategic threat intelligence, operational threat intelligence, technical threat intelligence, and tactical threat intelligence.
  • Should have detailed knowledge about numerous different tools and platforms: A CTIA should have in-depth knowledge about various tools and platforms that are used in identifying cybersecurity threats. These tools include threat intelligence tools (IBM X-Force Exchange, SolarWinds, FireEye iSIGHT, Palo Alto Networks AutoFocus, AlienVault USM, LogRhythm), statistical tools, threat modelling tools (htMM, T-MAP,Attack trees, Cairis, IriusRisk, Kenna.VM, Microsoft Threat Modeling Tool, and OWASP Threat Dragon), malware analysis tools (Cuckoo Sandbox, and Google Rapid Response (GRR), Wireshark, ProcDot, and Fiddler).
  • Knowledge about numerous data collections and acquisition techniques: It is necessary for CTIA to have in-depth knowledge about various ways to gather data. This is because there are multiple sources from which data can be gathered like search engines, websites footprinting, etc. With all these techniques it is easy to gather the data.
  • Knowledge of various data analysis approach: It is important for CTIA to have data analysis skills. Some of the data analysis techniques that CTIA adopt are Statistical Data Analysis, Analysis of Competing Hypotheses (ACH) and Structured Analysis of Competing Hypothesis (SACH).
  • Detailed knowledge about Threat Intelligence Tools and its applications: CTIA needs to have detailed knowledge about the Threat Intelligence Tools and its application. Some of the tools that are used in Threat Intelligence are AlienVault USM Anywhere, Threat Connect and many more.
  • Good report writing skills: CTIA’s job is not only about creative working, analytical skills, and technical know-how but they should also have good report writing skills and formulate the report in well structured manner. They should also be able to structure short and long-term reports in an efficient manner.
  • Have a hands-on experience: CTIA should have theoretical knowledge about the concepts as well as good hands-on experience with the skills that they possess. Having practical knowledge is an indication that the trial phase is passed and they are capable of putting knowledge into practice.

About CTIA Certification

CTIA certification course is mainly designed for cybersecurity professionals that deals with Cyber Threats regularly. People having full-fledged knowledge about the information security field and also for those who want to improve their knowledge about Cyber Threats can take advantage of this training program. To appear for CTIA certification exam, candidates must fulfill any one of the following criteria:

  • Candidates appearing for CTIA certification exam should have two years of experience in the cybersecurity field
  • Candidates must attend EC-Council CTIA training from EC-Council partners


About CTIA Certification Training and Certification exam

CTIA training mainly focuses on the skills to implement different threat intelligence techniques that are adopted by the organization such as strategic, operational, tactical, and technical threats. The tools that are used for CTIA practical implementation can successfully be implemented on operating systems like Windows 10 and Kali Linux OS for planning, collecting, analyzing, evaluating, and disseminating threat intelligence.

Certification Exam and its Format:

Certification Name Certified Threat Intelligence Analyst
Exam Code Exam code 312-85
Test Format Multiple choice questions
Number of Questions 50
Test Duration 2 hours
Passing Score 70%


CTIA Exam Modules

The following modules are included in CTIA Certification Exam:

Module 01: Introduction to Threat Intelligence

This domain carries about 14% weightage in CTIA examination. It gives an overall view of introduction to Threat Intelligence and its life cycle. Cyber Threat Intelligence is defined as collecting information about threats and analyzing those threats to minimize the business risks. This domain also gives an overview of six phases of Threat Intelligence which are:

  • Direction
  • Collection
  • Processing
  • Analysis
  • Dissemination
  • Feedback

Module 02: Cyberthreats and Kill Chain Methodology

This domain also carries about 14% weightage in CTIA examination. This module mainly focuses on Cyber Threats, Advanced Persistent Threats (APTs), and Indicators of Compromise (IoCs). It also focuses on cyber attacks which mainly include computer viruses, data breaches, and Denial of Service (DoS) attacks.

Module 03: Requirements, Planning, Direction, and Review

This domain carries 16% weightage in the examination. In this domain, you will mainly learn things that are necessary for a Threat Intelligence Analyst. The topics that are covered in this domain are:

  • Understanding the organization’s current
  • Knowledge about Threat Landscape
  • Understanding Requirements Analysis
  • Planning Threat Intelligence Program
  • Establishing Management Support
  • Building a Threat Intelligence Team
  • Overview of Threat Intelligence Sharing
  • Reviewing Threat Intelligence Program

Module 04: Data Collection and Processing

This domain carries about 24% of weightage in the examination. This domain explains about how the data is collected and processed in Threat Intelligence procedure. It also checks whether the data is legitimate or not and if the data is not legitimate and is not obtained from a known source then Threat Intelligence is of no use. This domain covers the following topics:

  • Overall view of Threat Intelligence Data Collection
  • Information about Threat Intelligence Collection Management
  • Overall view of Threat Intelligence Feeds and Sources
  • Understanding the concepts of Threat Intelligence Data Collection and Acquisition
  • Understanding Bulk Data Collection
  • Understanding Data Processing and Exploitation

Module 05: Data Analysis

This domain covers about 18% of the topics for the CTIA examination. This domain mainly focuses on combining the information from various sources and analyzing them to perform intelligence and obtaining end results from it. By performing analysis, it can be derived whether the information is accurate and is obtained from a known source. This domain covers the following topic:

  • Overview of Data Analysis
  • Understanding various Data Analysis Techniques
  • Overview of Threat Analysis
  • Understanding in-depth about Threat Analysis Process
  • Overview of Fine-Tuning Threat Analysis
  • Understanding Threat Intelligence Evaluation
  • Overview of Threat Intelligence Tools


Module 06: Intelligence Reporting and Dissemination

This domain covers about 14% of the syllabus for CTIA examination. This domain mainly gives an overview about how to prepare Threat Intelligence Reports. The topics make up  this domain are:

  • Overview of Threat Intelligence Reports
  • Introduction to Dissemination participating in Sharing Relationships
  • Overall view of Sharing Threat Intelligence
  • Understanding Delivery Mechanisms
  • Understanding Threat Intelligence Sharing Platforms

Certified Threat Intelligence Analyst (CTIA) training course

Certified Threat Intelligence Analyst (CTIA) is a highly career-oriented certification and training program provided by EC-Council. This training program delivers standard-based, intensive practical skills for the most required threat intelligence across information security. The target audience for CTIA Online Course are:

  • Ethical Hackers
  • Security Practitioners, Engineers, Analysts, Specialist, Architects, Managers
  • Threat Intelligence Analysts, Associates, Researchers, Consultants
  • SOC Analysts
  • Digital Forensic and Malware Analysis Team
  • Incident Response Team
  • Any mid-level to high-level Cybersecurity professionals with a minimum of 3-5 years of experience
  • Individuals interested in preventing Cyber Threats

Why go for Infosec Train’s Cyber Security Training

InfosecTrain is a leading security training provider offering various security related certifications. They are partnered with EC-Council, Microsoft, CompTIA, PECB, and CertNexus. It offers training programs for globally reputed certifications in the information security domain, including CISSP, CCSP, CEH, CCISO, and CompTIA Security+. Infosec Train has many expertise professionals in cybersecurity, they are also well-versed with all the concepts related to security. They can also provide full-fledged preparation materials for various security exams. So Infosec Train is better for security related concepts as they have good trainers with good experience. If you want to prepare for CTIA Certification exam, you can check the following link:


Hemant Kulkarni ( )
Infosec Train
Hemant Kulkarni has completed his Master's degree in Information Technology. He is a keen learner and works with full dedication. He enjoys working on technical blogs. Currently, Hemant is working as a content writer at Infosec Train.
Cultivating a CISSP Mindset 10 Questions to Elevate Your Expertise