The following resources are those that have influenced my perspectives on threat intelligence, from analytic tradecraft to broader threat intelligence program development. While there is an increasing corpus of publications on threat intelligence, I view these resources as the best-of-the-best; over time, I’ve found my self continually referring back to these. So, I’ve put them in one place for my personal reference (especially when training new analysts), and for others to enjoy, of course.

I’ll continue to update this page as I come across new resources. And if I have missed anything that you think belongs here please let me know!

Traditional Intelligence Tradecraft

Words of Estimative Probability (1964)

CIA’s Compendium of Analytic Tradecraft Notes (1997)

15 Axioms for Intelligence Analysts (1997)

Psychology of Intelligence Analysis (1999)

Analytic Thinking and Presentation for Intelligence Producers (2000)

A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis (March 2009)

Structured Analytic Techniques for Intelligence Analysis (March 2010)

What I Learned in 40 Years of Doing Intelligence Analysis for US Foreign Policymakers (March 2011)

Joint Publication 2-0 (October 2013)

Intelligence Community Directive 203: Analytic Standards (January 2015)

Threat Intelligence Program Development and Best Practices

Verisign Establishing a Formal Cyber Intelligence Capability (June 2011)

INSA Cyber Intelligence: Setting the Stage for An Emerging Discipline (September 2011)

Carnegie Mellon Cyber Intelligence Tradecraft Project (January 2013)

INSA Operational Levels of Cyber Intelligence (September 2013)

Ten Strategies of  World-Class SOC, Chapter 11: Be a Sophisticated Consumer and Producer of Cyber Threat Intelligence (2014)

Threat Intelligence: Collecting, Analyzing, Evaluating (March 2015)

Building a Threat Intelligence Program (May 2016)

Threat Intelligence Program Checklist (September 2016)

MITRE Finding Cyber Threats With ATT&CK-Based Analytics (June 2017)

Threat Intelligence and Intrusion Analysis Tradecraft

Lockheed Martin’s Cyber Kill Chain (2011)

Sandia National Laboratory Cyber Threat Metrics (March 2012)

15 Knowledge Areas and Skills for Cyber Analysts and Operators (September 2012)

The Diamond Model of Intrusion Analysis (2013)

The Pyramid of Pain (January 2014)

15 Things Wrong With Today’s Threat Intelligence Reporting (February 2014)

On TTPs (April 2014)

The Cost of Bad Threat Intelligence (May 2015)

PassiveTotal’s Know Your Foe Series (2015)

13 Principles of Threat Intelligence Communication (March 2016)

Talks & Webinars 

Ryan Stillions, Taming Your Indicator Consumption Pipeline (February 2015) (talk begins at approximate 47:00)

Coleman Kane, Cyber Intelligence: Concrete Analysis in a Fluid World (July 2015)

Other Great Intelligence Reading Lists & Resources 

SANS CTI Summit Materials

Sergio Caltagirone’s Intelligence Reading Room

Herman Slatman’s Awesome Threat Intelligence List


  1. Hey Jay,

    Glad you find the resources helpful! And thanks for pointing out the dead link. Now updated.


Leave a Reply