Training

Paralus currently offers multiple courses across threat intelligence, industrial control system security, threat hunting, and strategic defense planning. The classes are in-pertypically son training events taught on client premises or location determined by client, while the workshop can be conducted virtually for interested organizations. Online options for clients are available with discussion on timing and delivery format.

While other entities provide cyber threat intelligence (CTI) training, examination of content and concepts indicate a theoretical, abstract focus – great for a burgeoning government intelligence agency junior analyst, but divorced from the realities of cyber threat assessment, planning, and operations. The Paralus difference is not to focus on frameworks, theory, and high-level concepts but to provide guidance and examples specifically tuned to inform security operations.

Please contact joe[AT]paralus[.]co for scheduling, pricing, and other details.


Applied Threat Intelligence

Course Length: 2-3 days, in-person

Attendees: Preferred Maximum of 20

Intended Audience: Security Operation Center, Incident Response, and new Cyber Threat Intelligence personnel. With slight modifications, this course can also be adapted for researchers, journalists, and similar roles with a desire to learn technical analysis of observables for enrichment and linking.

Description:

When used properly, cyber threat intelligence allows an organization to use another’s breach or incident to their own benefit. Yet while many cyber threat intelligence courses and guides exist, these are primarily designed for developing long-range, in-depth intelligence products for strategic or similar overview. Operational threat intelligence instead supports a different audience: day to day security work and network defense. While cyber threat intelligence must always meet standards for accuracy, relevancy, and timeliness, SOC watch-standers and IR personnel need enriched information now in order to execute their jobs.

This course fills a critical role that other training does not address: how to successfully embed cyber threat intelligence operations into the daily rhythm of security to support everyday tasks, and extraordinary incidents. Toward that end, while this course will briefly touch on theoretical concepts such as analysis of competing hypotheses, kill chain methodology, and other ideas, the real focus will be on what efforts make operational threat intelligence possible and sustainable:

  1. Establishing roles, responsibilities, and service agreements in advance.
  2. Determining priorities, intelligence requirements, and customer threat landscape.
  3. Molding threat intelligence information to security tools to make enriched information useful and actionable.

The course then emphasizes the nature of pivoting, data and observable enrichment, and quick analysis reporting to close out instruction. A condensed version of this final section is provided in the Threat Hunting and Practical Intelligence Workshop, described below.


Strategic Network Defense Planning

Course Length: 2 days, in-person

Attendees: Preferred maximum of 10

Intended Audience: Leadership and organizational management; suitable for audiences from department or work-unit managers through CISOs and CIOs.

Description:

Network defense is informed by knowing the network, and knowing the adversary – but few practitioners have the fortune of possessing this knowledge before a major breach. This class aims to correct this gap by providing a focused walkthrough of resource analysis, risk and threat assessment, and mitigation planning aimed at managerial and executive audiences.

Starting with an overview of strategy and applying strategic concepts to network defense, attendees will formulate a comprehensive, adversary-oriented network defense plan oriented to the client’s business environment. Following additional overview and critique of planning, attendees will then have an opportunity to test plans through a guided walkthrough of a threat scenario appropriate to the contracting organization’s business.

This course is designed for specific, per-organization offerings with customization to include references to industry-specific needs and regulations, as well as covering industry-relevant threats. More general versions of this course can be delivered on demand to diversified audiences.


Threat Hunting and Practical Intelligence Workshop

Course Length: 2-4 hours, in person or virtual, can be extended to multiple days.

Attendees: 5 – 20 attendees per workshop

Intended Audience: SOC and Incident Response personnel; individuals working toward integrating threat intelligence into operations.

Description:

Organizations need to identify and disposition new threats to ensure active, adaptive defense. This workshop will walk through open source resources and freely-available techniques to identify new threats and attack trends, and how to then formulate defensive strategies for enterprise protection.

Even small organizations must identify mechanisms to ingest threat intelligence to inform detections, enable response, and allow for potential preventive action by identifying threats before they strike. This workshop is designed to provide a quick – but useful – overview of techniques, resources, and methodologies leveraging freely available sources and tools to build out an actionable threat intelligence-threat hunting operation suitable for organizations of almost any size. The workshop will start with 1-1.5 hours of discussion and lecture, then lead in to a 1-1.5 hour exercise/demonstration. Although possible, attendees are strongly encouraged to bring a computer able to access the Internet and run virtual machines. Any tools or other items needed (or recommended) will be provided or hosted for attendees.


Industrial Cyber Threat Intelligence Theory and Practice

Course Length: Two days in person instruction, or negotiated online offering.

Attendees: 5 – 20 attendees per class.

Intended Audience: SOC and Incident Response personnel; individuals new to industrial security with IT backgrounds, or OT personnel learning CTI and similar disciplines.

Description:
The field of cyber threat intelligence (CTI) is increasingly popular in both presentations and vendor offerings, but rarely includes an industrial-specific focus of interest to industrial control system (ICS) functions and operational technology (OT) environments. Yet digital convergence, rapid adoption of distributed or cloud capabilities, and increased adversary interest in ICS environments combine to make ICS-specific CTI a relevant topic for industrial asset owners, operators, and defenders.

This course provides a roadmap to educate asset owners and operators, or traditional information technology (IT) personnel, in the specific requirements and concerns of ICS-related CTI. While traditional IT concepts are addressed, overall this training seeks to build an ICS-specific understanding of threat intelligence to enable stakeholders to better understand their operational environments, the current threat landscape, and how the interaction between these two views influences operational security and resiliency.


Intelligence Driven Threat Hunting

Course Length: One to Two days in person instruction, or negotiated online offering.

Attendees: 5 – 20 attendees per class.

Intended Audience: SOC and Incident Response personnel; CTI personnel seeking more hands-on roles.

Description:

Designed as a follow-on to the Paralus Applied Threat Intelligence Course, organizations that have already incorporated cyber threat intelligence (CTI) into security operations can move from a reactive posture to an active hunt stance against attackers. With the foundations of CTI in place, organizations can work to train, engage, and empower security personnel to leverage knowledge and adversary operational profiles to build robust, intelligence-driven hunt programs.
This course addresses the following items:

  • The fundamentals of threat hunting within security operations.
  • Hypothesis development, testing, and evaluation as part of a knowledge and intelligence-driven hunting program.
  • Differentiating between internal and external hunting operations, including production of internal threat intelligence for operational consumption.
  • Reporting and recording fundamentals and the critical aspect of knowledge maintenance and longevity for sustainable hunting activity.
  • Building threat hunt teams within the context of classical security operations center (SOC) and incident response (IR) roles.

Short-Form Workshops

Course Length: 2-3 Hours, In Person or Online

Attendees: Up to 20 attendees

Intended Audience: Various, depending on content.

Paralus offers several short-form workshops based on previous engagements and conference participation. These are designed to be relatively short, impactful training evolutions to highlight specific skills or concepts in an accessible manner, and prepare for more in-depth study. Workshops taught by Paralus include the following:

  • Network Threat Intelligence & Indicator Analysis: This workshop begins with an introduction to indicators and indicators of compromise, then transitions to the nature of network indicators in threat intelligence research. Based upon theoretical lessons, participants then walk through an example of network indicator enrichment, leading to a practical exercise based on current threat activity.
  • Practical Introduciton to Threat Intelligence: Threat intelligence is a popular concept, but seldom well defined for introductory audiences or operational stakeholders who may interact with it. This workshop is designed to introduce core threat intelligence concepts and how they align with security operations work and outcomes, including support to security operations center, incident response, threat hunting, and detection engineering functions.
  • Management Introduction to Threat Intelligence: Managers may find themselves in need of threat intelligence programs to enhance existing security operations, or tasked to build such a program as part of a growing organization. This workshop is designed to introduce core intelligence principles and then identify how these can be implemented in a maturing security program to improve tangible, measurable results.
  • Introduction to Threat Hunting & Hypothesis Development: Threat hunting is an often discussed but rarely defined process to supplement automated detections and alerting. This workshop introduces the idea of threat hunting as an outgrowth of threat intelligence, with an emphasis on developing testable hypotheses to drive hunting actions. Attendees will review completed threat reporting to build hypotheses within either a notional or the contracting organization’s environment.