About this Course

Time Commitment: Approximately 12-14 hours

The Diamond Model of Intrusion Analysis is a landmark cybersecurity work and recognized by the community as one of the key resources for all cybersecurity analysts to understand.  This course is for all cybersecurity analyst experience levels.

Taught by the primary Diamond Model creator, this is the definitive course on the subject.  Structured as a rigorous graduate course with a significant amount of related readings, thought exercises, practical exercises, and regular quizzes, this course will take an analyst at any level and grow their capabilities and abilities.

After this course analysts will have a fresh and advanced perspective on every analytic problem and task.

  • Understand and gather key analytic requirements
  • Define achievable and testable analytic problems
  • Enrich knowledge and intelligence with external sources
  • Hunt threats using 720 different techniques
  • Integrate the Diamond Model, Cyber Kill Chain, and MITRE ATT&CK framework to understand any cyber threat
  • Correlate malicious events across incidents to identify campaigns
  • Define new threat groups
  • Attribute threat groups using correlation
  • Identify and fill detection gaps
  • Measure detection coverage
  • Create effective detection and mitigation strategies to better protect any organization
  • Disrupt malicious activity using 12 new strategies


The course concludes with a final exam of 30 questions requiring a 70% or better passing grade. A passing grade will result in certifying the student in Diamond Model analysis and an associated certificate.

The course material and exam is available to students for 364 days after purchase.

Reviews

5 star rating

Great course for both beginners and people who are famili...

Sherman Chu

Sergio Caltagirone has not only made what is within the original paper very digestible, but he also further expands upon the key concepts of the diamond mode...

Read More

Sergio Caltagirone has not only made what is within the original paper very digestible, but he also further expands upon the key concepts of the diamond model. I have read the paper a handful of times before this course. Coming out of it, I can confidently say that my understanding of the diamond model has deepened and will be implementing some of the key takeaways that I have gained within our CTI team.

Read Less
5 star rating

Highly recommended course for all interested or working i...

Timo Jobst

I started the course because I was always interested in the Diamond Model but never read the complete paper only the summary document. The combination of sp...

Read More

I started the course because I was always interested in the Diamond Model but never read the complete paper only the summary document. The combination of split reading the document in several sessions, additionally reading other really good and relevant papers and finally explaining everything in between in short videos is a perfect way to teach and learn. Seeing how this model can be used together with the Cyber Kill Chain and the MITRE ATT&CK framework and how they complement each other is really great. Attending this course was fun and boosted my level of knowledge.

Read Less
5 star rating

Sensational

Ricardo Silva

One of the best courses I have ever taken in my career. Totally disruptive !!!

One of the best courses I have ever taken in my career. Totally disruptive !!!

Read Less
5 star rating

Mandatory training for CTI Analysts!

Przemyslaw Skowron

Diamond Model of Intrusion Analysis training is one of the best on my CTI training path so far, and I highly recommend it for all Analysts and Managers in ...

Read More

Diamond Model of Intrusion Analysis training is one of the best on my CTI training path so far, and I highly recommend it for all Analysts and Managers in this field. Regardless of what you are focused on, Requirements, Collection, Analysis or Writing Intel products. It is good training for people from the DFIR field as well - Threat Hunters, Incident Responders. I've read the Diamond Model paper before the course, I even used it with my approach, figuring out how to leverage strong sides of the model, but it has a source in my previous experience, not the training. With Sergio's (trainer) guidance, comments, exercises (+explanation!), which allows settling the Diamond Model in my world, I'm much more familiar and aware of the co-author's philosophy, purposes, powers and limitations of the model. The course is worth much more than the current price. Thank you, Sergio!

Read Less
5 star rating

Diamond Model in depth

Andrea Garavaglia

Who do you want to learn how to master the Diamond Model from if not from one of its creators? I recommend this course to all CTI analysts. Thanks to Sergio...

Read More

Who do you want to learn how to master the Diamond Model from if not from one of its creators? I recommend this course to all CTI analysts. Thanks to Sergio for that.

Read Less

Ready for Free Trial?

Enroll now in a no-obligation trial of the course with access to some of the course lessons.

Course curriculum

    1. Welcome Letter

    1. How to use this course

    1. Read Diamond Model Sections 1-3 pages 1-8

    2. Diamond Model Overview

    3. Test your learning

    1. Prerequisite: Read Section 4 pages 8-19

    2. Diamond Model Event

    3. Diamond Meta-Features

    4. Test your learning

    1. Read Diamond Model Section 5 pages 19-24

    2. Extended Diamond Model Overview and Social-Political Feature

    3. Persistence and Victimology

    4. Technology Diamond Feature

    5. Test your learning

About this course

  • $799.00
  • 80 lessons
  • 6.5 hours of video content

Instructor(s)

Lead Instructor Sergio Caltagirone

Sergio Caltagirone, widely recognized as the "Godfather of Threat Intelligence," is uniquely qualified as the leading expert in the field, having pioneered numerous threat intelligence initiatives in both public and private sectors. His influential contributions, including hundreds of groundbreaking publications and presentations, have significantly advanced global understanding and practice of threat intelligence. Sergio co-created the widely-adopted Diamond Model of Intrusion Analysis, empowering thousands of cybersecurity professionals worldwide to effectively hunt and disrupt adversaries. With nine years of distinguished service as the lead threat intelligence analyst at the US National Security Agency, Sergio expertly tracked and countered the world's most advanced cyber threats. Following his tenure at NSA, he established Microsoft's comprehensive threat intelligence capability, defending over 1 billion global customers while simultaneously integrating intelligence throughout the Microsoft ecosystem and launching both Microsoft Defender and Azure Sentinel products. Subsequently, Sergio founded and led the world's premier industrial control system threat intelligence team at Dragos, protecting critical infrastructures such as electric power grids, water systems, oil and gas facilities, and manufacturing plants worldwide. Currently, Sergio shares his unmatched expertise as a Professor of Practice at the Georgia Institute of Technology, teaching cybersecurity courses in both the School of Public Policy and the College of Computing. He further demonstrates his deep commitment to humanitarian cybersecurity as a member of the International Committee of the Red Cross cybersecurity experts committee. Sergio’s unparalleled experience and industry leadership make him the foremost authority in teaching threat intelligence.

Want to get updates about this course?