Cyber Threat Intelligence — Schedule (Fall 2025)

Time: Tuesdays, 5:30–7:15 PM ET Starting week of Sep 1, 2025

Below is the weekly plan. Topics and links may be adjusted; check back before class for the latest readings and assignments.

Date	Subjects to be Reviewed	Reading Materials	Assignments
Tue, Sep 2, 2025	Course intro; CTI scope, stakeholders & outcomes; CTI lifecycle overview	Week 01 readings	A1: Intel Landscape Brief
Tue, Sep 9, 2025	Kill Chain vs. MITRE ATT&CK; intrusion set fundamentals; evidence & confidence	Week 02 readings	A2: ATT&CK Scoping
Tue, Sep 16, 2025	Collection planning & PIRs; sources, bias, and validation	Week 03 readings	A3: Collection Plan
Tue, Sep 23, 2025	STIX/TAXII data models; working with MISP	Week 04 readings	A4: STIX Object Authoring
Tue, Sep 30, 2025	Malware triage for CTI; linking IOCs to behaviors	Week 05 readings	A5: IOC to Behavior Map
Tue, Oct 7, 2025	Pivoting from reporting; clustering, naming, and attribution cautions	Week 06 readings	A6: Campaign Analysis
Tue, Oct 14, 2025	Detection engineering I: ATT&CK → Sigma/YARA	Week 07 readings	A7: Sigma Drafts
Tue, Oct 21, 2025	Detection engineering II: validation, testing, false positive control	Week 08 readings	A8: Detection Validation
Tue, Oct 28, 2025	Threat hunting with intel; hypotheses & success metrics	Week 09 readings	A9: Hunt Plan
Tue, Nov 4, 2025	Intel reporting: structure, estimative language, and briefing skills	Week 10 readings	A10: Written Report
Tue, Nov 11, 2025	Operationalization: SOC integration, ticketing, and feedback loops	Week 11 readings	A11: SOC Playbook Tie‑in
Tue, Nov 18, 2025	Legal & ethical considerations; sharing intel; disclosure	Week 12 readings	A12: Sharing Plan
Tue, Nov 25, 2025	Guest talk / case study (Thanksgiving week; subject to change)	Week 13 readings	A13: Case Reflection
Tue, Dec 2, 2025	Final briefings & course wrap‑up	Week 14 readings	Final: Brief & Report