Certified Threat Intelligence Analyst (C|TIA) is a training and credentialing program designed and developed in collaboration with cybersecurity and threat intelligence experts across the globe to help organizations identify and mitigate business risks by converting unknown internal and external threats into known threats. It is a comprehensive specialistlevel program that teaches a structured approach for building effective threat intelligence.
The program was based on a rigorous Job Task Analysis (JTA) of the job roles involved in the field of threat intelligence. This program differentiates threat intelligence professionals from other information security professionals. It is a highly interactive, comprehensive, standards-based, intensive 3-day training
program that teaches information security professionals to build professional threat intelligence.
In the ever-changing threat landscape, C|TIA is an highly essential program for those who deal with cyber threats on a daily basis. Organizations today demand a professional level cybersecurity threat intelligence analyst who can extract the intelligence from data by implementing various advanced strategies. Such professional level programs can only be achieved when the core of the curricula maps with and is compliant to government and industry published threat
intelligence frameworks.
C|TIA is a method-driven program that uses a holistic approach, covering concepts from planning the threat intelligence project to building a report to disseminating threat intelligence. These concepts are highly essential while building effective threat intelligence and, when used properly, can secure organizations from future threats or attacks. This program addresses all the stages involved in the Threat Intelligence Life Cycle, with This attention to a realistic and futuristic approach makes C|TIA one of the most comprehensive threat intelligence certifications on the market today. This program provides the solid,
professional knowledge that is required for a career in threat intelligence, and enhances your skills as a Threat Intelligence Analyst, increasing your employability. It is desired by most cybersecurity engineers, analysts, and professions from around the world and is respected by hiring authorities.
Target Audience
  • Ethical Hackers
  • Security Practitioners, Engineers, Analysts, Specialist, Architects, Managers
  • Threat Intelligence Analysts, Associates, Researchers, Consultants
  • Threat Hunters
  • SOC Professionals
  • Digital Forensic and Malware Analysts
  • Incident Response Team Members
  • Any mid-level to high-level cybersecurity professionals with a minimum of 2 years of experience.
  • Individuals from the information security profession and who want to enrich their skills and knowledge in the field of cyber threat intelligence.
  • Individuals interested in preventing cyber threats.


The C|TIA exam can be challenged after the completion of the complete, official C|TIA training program. Candidates that successfully pass the exam will receive their C|TIA certificate and membership privileges. Members are required to adhere to the policies of EC-Council’s Continuing Education Policy.

Eligibility Criteria

To be eligible to challenge the C|TIA Exam, the candidate must either:
  • Attend official EC-Council C|TIA training through an accredited EC-Council Partner (Accredited Training Center, iWeek, iLearn) (All candidates are required to pay the USD100 application fee unless your training fee already includes this)
  • Submit an application showing a minimum of 2 years working experience in information security (All candidates are required to pay USD 100 as a non-refundable application fee)
Read more +

Delegates will learn how to

100% compliance to NICE 2.0 and CREST frameworks
C|TIA maps 100 percent to the National Initiative for Cybersecurity Education (NICE) in the category “Analyze” and specialty area
“Threat/Warning Analyst (TWA)”, as well as the “CREST Certified Threat Intelligence Manager (CC TIM).”
Focus on developing skills for performing various types of threat intelligence
It focuses on developing the skills to perform different types of threat intelligence including strategic, operational, tactical, and technical threat intelligence for a particular organization.
Emphasis on various data collection techniques from multiple sources and feeds
It emphasizes various data collection techniques from various sources and feeds. It allows students to employ different data collection strategies to collect relevant threat information.
Emphasis on collection, creation, and dissemination of Indicators of Compromise (IoCs) in various formats
C|TIA discusses Indicators of Compromise (IoCs) indetail, including internal and external IoCs. It illustrates how to acquire these IoCs from various sources. IoCs are a good source of information about cyber threats and an organization can easily detect cyberattacks and respond in time by monitoring IoCs. C|TIA elaborately explains how to create and disseminate these IoCs.
Focus on intense malware analysis to collect adversary data and pivot off of it
It explains in detail how to reverse engineer malware and pivot off of it in order to determine the origin, functionality, and potential impact of malware as well as determine the threat actor. This is a crucial skill required for threat intelligence analyst.
Focus on a structured approach for performing threat analysis and threat intelligence evaluation
Analyzing the collected threat data and evaluating the required threat intelligence from the analysis process is one of the crucial steps for extracting threat intelligence. C|TIA discusses a structured approach that can be employed by an analyst for performing threat analysis and also threat modeling. This program also illustrates how to fine-tune the analysis process in order to filter out unnecessary information and extract effective intelligence. C|TIA also discuss different types of threat intelligence evaluation techniques for acquiring desired intelligence.
Focus on various techniques for threat intelligence reporting and dissemination
C|TIA emphasizes the creation of efficient threat intelligence reports. It describes building blocks for threat intelligence sharing along with different sharing rules and models. It explains the best practices for sharing TI and also discuss different intelligence sharing acts and regulations.
Hands-on program
More than 40 percent of class time is dedicated to the learning of practical skills, and this is achieved through EC-Council labs.
Theory to practice ratio for C|TIA program is 60:40, providing students with a hands-on experience of the latest threat intelligence tools, techniques, methodologies, frameworks, scripts, etc. C|TIA comes integrated with labs to emphasize the learning objectives.
Lab environment simulates a real-time environment
The C|TIA lab environment consists of the latest operating systems including Windows 10 and Kali Linux for planning, collecting, analyzing, evaluating, and disseminating threat intelligence.
Covers latest threat intelligence tools, platforms, and frameworks
The C|TIA course includes a library of tools, platforms, and frameworks across different operation platforms that are required by security professionals to extract effective organizational threat intelligence. This provides a wider option to students than any other program on the market.
Read more +


Module 1
Introduction to Threat Intelligence
Module 2
Cyber Threats and Kill Chain Methodology
Module 3
Requirements, Planning, Direction, and Review
Module 4
Data Collection and Processing
Module 5
Data Analysis
Module 6
Intelligence Reporting and Dissemination
Read more +

QA awarded EC-Council ATC of the Year 2023


Click here to see all our EC Council courses

Need to know

Frequently asked questions

How can I create an account on myQA.com?

There are a number of ways to create an account. If you are a self-funder, simply select the "Create account" option on the login page.

If you have been booked onto a course by your company, you will receive a confirmation email. From this email, select "Sign into myQA" and you will be taken to the "Create account" page. Complete all of the details and select "Create account".

If you have the booking number you can also go here and select the "I have a booking number" option. Enter the booking reference and your surname. If the details match, you will be taken to the "Create account" page from where you can enter your details and confirm your account.

Find more answers to frequently asked questions in our FAQs: Bookings & Cancellations page.

How do QA’s virtual classroom courses work?

Our virtual classroom courses allow you to access award-winning classroom training, without leaving your home or office. Our learning professionals are specially trained on how to interact with remote attendees and our remote labs ensure all participants can take part in hands-on exercises wherever they are.

We use the WebEx video conferencing platform by Cisco. Before you book, check that you meet the WebEx system requirements and run a test meeting (more details in the link below) to ensure the software is compatible with your firewall settings. If it doesn’t work, try adjusting your settings or contact your IT department about permitting the website.

How do QA’s online courses work?

QA online courses, also commonly known as distance learning courses or elearning courses, take the form of interactive software designed for individual learning, but you will also have access to full support from our subject-matter experts for the duration of your course. When you book a QA online learning course you will receive immediate access to it through our e-learning platform and you can start to learn straight away, from any compatible device. Access to the online learning platform is valid for one year from the booking date.

All courses are built around case studies and presented in an engaging format, which includes storytelling elements, video, audio and humour. Every case study is supported by sample documents and a collection of Knowledge Nuggets that provide more in-depth detail on the wider processes.

When will I receive my joining instructions?

Joining instructions for QA courses are sent two weeks prior to the course start date, or immediately if the booking is confirmed within this timeframe. For course bookings made via QA but delivered by a third-party supplier, joining instructions are sent to attendees prior to the training course, but timescales vary depending on each supplier’s terms. Read more FAQs.

When will I receive my certificate?

Certificates of Achievement are issued at the end the course, either as a hard copy or via email. Read more here.

Let's talk

By submitting this form, you agree to QA processing your data in accordance with our Privacy Policy and Terms & Conditions. You can unsubscribe at any time by clicking the link in our emails or contacting us directly.