Cyber Intelligence Analysis

Course Group: 
Cyber Security


Cyber intelligence analysis is an exciting investigative specialisation that requires technical knowledge, excellent communication and analytical skills to do well.  This course covers the foundational knowledge and skills needed by aspiring cyber analysts wanting to identify adversaries most effectively by applying appropriate cyber tradecraft to produce actionable intelligence.

Students role play as cyber criminals, issue motivated groups and state-based actors to steal, damage or destroy data from staged targets. As ‘bad guys’ students learn to use cyber tradecraft to hide their activity and deceive their targets.  They also experience the challenges of maintaining covert infrastructure, fake identities and minimising the evidence left behind.  As ‘good guys’ they leverage this experience to spot mistakes, laziness or apathy in tradecraft and reveal cyber actors inside networks they must defend.

Students participate in hands-on exercises using burner phones, covert laptops and virtual private networks to reinforce the theory covered.  They perform dynamic malware analysis using Cuckoo sandbox and deploy a honeypot to collect various types of indicators they will leverage in analysis.

Who Should Attend

Course Outline

Presenter Background

Further Information

Dates & Registration

Duration: 5 days

Delivery mode: Classroom


Advertised: Canberra

In-house: Contact the  for more information and to arrange a quote. Recommended for groups of 10 or more.

What you will receive:

  • Comprehensive notes with all slide handouts.
  • Access to an online Training Portal.
  • UNSW certificate of attendance.
  • A Cyber-Intelligence Analyst (CA+1) silver dog tag upon completion.
  • Morning tea, lunch and afternoon tea.




This course is well suited to experienced IT professionals who wish to further specialise in ‘cyber’ investigative roles in mature commercial Security Operations Centres (SOC) or National Security CERT/CIRT teams.  




The following topics will be covered:

What is a cyber intelligence analyst?
Why the world needs more cyber intelligence analysts.
What makes a good cyber analyst?
History of cyber espionage and cyber crime
Impact of cyber threats
Effectiveness of security controls
Taxonomy of cyber attacks
The Intelligence Life Cycle
Revealing capability and intent
What is cyber tradecraft?
Capitalising on poor cyber tradecraft
Using online personas
Assessing counterintelligence risks and choosing your OSINT strategy
Maintaining covert infrastructure and personas
Social media challenges
Investigate target personas using covert infrastructure
Spear Phishing
Malware Analysis
Dynamic malware analysis
Cyber security defences that work?
Capability maturity models for cyber teams
Evidence left behind by threat actors
DNS, logs, PCAPs and PasteBin
Beacon patterns and C2
Covert communications for bad guys
Where to capture for maximum effect?
How to find APTs most easily?
Using your persona for OSINT against different targets




Paul Nevin is a career IT security professional having worked in forensics and investigative roles for more than twenty years.  He has worked in incident response in industry, Defence and the Federal Government chasing down all kinds of bad guys by studying network traffic to find things that ‘just don’t look right’.  In 2004 Paul identified his first ‘APT’ and has been researching ways to more easily identify and degrade the efforts of these cyber actors ever since.  This course is the culmination of Paul’s experience investigating sophisticated cyber actors in high-value networks all over the world. 


The Australian Centre for Cyber Security (ACCS) is a focal point for the research of some 60 scholars from various faculties across UNSW who conduct research work on different aspects of cyber security. The Centre is based in Canberra at the Defence Force Academy that provides both advanced research as well as undergraduate and graduate education on cyber security. ACCS brings together the biggest concentration of research and tertiary education for the multi-disciplinary study of cyber security in any single university in the Southern hemisphere. A number of ACCS scholars, in areas ranging from information technology and engineering to law and politics, have significant international reputations for their work.  




Luke Garner 
Centre Manager
Centre for Australia Cyber Security
UNSW Canberra
M: +61 438 229 323
No dates? Or unable to attend dates shown? Submit an Expression of Interest below to be notified of upcoming courses.