When will I have access to the lectures and assignments?

To access the course materials, assignments and to earn a Certificate, you will need to purchase the Certificate experience when you enroll in a course. You can try a Free Trial instead, or apply for Financial Aid. The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.

What will I get if I purchase the Certificate?

When you purchase a Certificate you get access to all course materials, including graded assignments. Upon completing the course, your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile.

Is financial aid available?

Yes. In select learning programs, you can apply for financial aid or a scholarship if you can’t afford the enrollment fee. If fin aid or scholarship is available for your learning program selection, you’ll find a link to apply on the description page.

Advanced Strategic Threat Intelligence Research & Reporting

4 days left! Save on skills that make you shine with 40% off 3 months of Coursera Plus. Save now

Advanced Strategic Threat Intelligence Research & Reporting

Instructors: Monica McIntire

Included with

Learn more

6 modules

Gain insight into a topic and learn the fundamentals.

Intermediate level

Recommended experience

8 hours to complete

Flexible schedule

Learn at your own pace

6 modules

Gain insight into a topic and learn the fundamentals.

Intermediate level

Recommended experience

8 hours to complete

Flexible schedule

Learn at your own pace

What you'll learn

Differentiate between data, intelligence, threats, and threat impacts, and identify reliable sources for threat data collection.
Apply intelligence collection methods to analyze threat infrastructure and correlate malware data for validation.
Evaluate intelligence across multiple sources, conduct risk assessments to identify and prioritize threats to enterprise infrastructure.
Develop strategic intelligence reports for different audiences, clearly communicating findings using data storytelling.

Skills you'll gain

Tools you'll learn

MITRE ATT&CK Framework

Details to know

Shareable certificate

Add to your LinkedIn profile

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

logos of Petrobras, TATA, Danone, Capgemini, P&G and L'Oreal

There are 6 modules in this course

In this course, you will dive into the core aspects of threat intelligence, learning to identify and analyze a wide range of cyber threats such as ransomware, identity theft, and business email compromise. The course is designed for intermediate learners and covers intelligence collection methodologies like OSINT, HUMINT, and SIGINT, helping you gain expertise in understanding the tactics, techniques, and procedures (TTPs) of adversaries. You’ll explore threat actor landscapes and gain insights into advanced persistent threat (APT) campaigns, using frameworks like MITRE ATT&CK and applying NIST 800-53 security controls to protect both business assets and personal data.

Along with technical analysis, you’ll develop key communication skills to present your findings effectively to both technical teams and non-technical stakeholders, including executives and decision-makers. The course emphasizes report-writing and oral presentations, teaching you to communicate complex intelligence clearly and persuasively. You will leave with the skills to transform threat data into actionable intelligence, enabling you to make informed decisions and drive security initiatives that protect organizations from evolving cyber risks. This course is ideal for IT and cybersecurity professionals looking to elevate their skills in threat detection, incident response, and security architecture. It also caters to Chief Information Security Officers (CISOs) and security leaders aiming to update their strategies for managing evolving threats. Business executives, including CEOs and other senior leaders, will benefit from understanding cybersecurity risks and compliance, while cybersecurity analysts seeking advanced investigative and analytical techniques will find this course essential for career growth. To get the most out of this course, participants should have a beginner-level understanding of IT or cybersecurity, along with familiarity in basic networking and security concepts. While certifications like A+, Network+, or Security+ are helpful, they are not mandatory for enrollment. The course is designed to build on foundational knowledge, making it accessible to those with some prior experience in the field. By the end of this course, learners will be able to differentiate between data, intelligence, and threats, and identify reliable sources for threat data collection. They will also learn to apply intelligence collection methodologies to analyze and correlate threat data, evaluate threats across multiple sources, and conduct risk assessments. Additionally, learners will be able to craft strategic intelligence reports tailored to different audiences, effectively communicating complex findings through data storytelling techniques.

Module details

In this course, you’ll learn how to identify, analyze, and respond to evolving cyber threats. You’ll focus on advanced threat intelligence techniques, including data collection, analysis of threat actors, and malware correlation, using frameworks like MITRE ATT&CK and NIST 800-53. Through expert instruction, real-world case studies, and hands-on exercises, you’ll gain the skills to interpret intelligence from multiple sources, assess risks, and develop strategic reports. By the end of this course, you’ll be equipped to protect your organization from cyber threats, effectively communicate findings, and lead proactive defense initiatives across your business.

What's included

1 video1 reading

In this module, you’ll learn how to embed security directly into your applications and development processes. You’ll explore Secure by Design principles, secure coding techniques, and secure configuration practices to prevent critical vulnerabilities. Through practical demonstrations, static and dynamic application security testing, and runtime protection strategies, you’ll develop the skills to identify, mitigate, and manage vulnerabilities throughout the software development lifecycle. This module emphasizes proactive security practices aligned with industry standards such as OWASP Top 10 and SANS Top 25 to ensure robust, production-ready applications.

What's included

10 videos1 reading1 assignment1 peer review1 discussion prompt

10 videosTotal 55 minutes

Module Introduction 2 minutes
Threat Actor Landscape4 minutes
Threat Modeling Frameworks 6 minutes
Legal, Ethical, and Policy Considerations 7 minutes
Intelligence Collection Methodologies 6 minutes
Threat Infrastructure Analysis 6 minutes
Malware and Campaign Correlation 6 minutes
Data Enrichment and Validation 7 minutes
Analytical Methodologies 6 minutes
Attribution and Profiling 6 minutes

1 readingTotal 5 minutes

Threat Intelligence Tools: Types, Benefits, and Best Practices 5 minutes

1 assignmentTotal 20 minutes

Introduction to Threat Intelligence 20 minutes

1 peer reviewTotal 10 minutes

Hands-On-Learning: Data Analysis and Validation 10 minutes

1 discussion promptTotal 10 minutes

Automation vs. Analyst Judgment 10 minutes

In this module, you’ll learn how to analyze, attribute, and model cyber threats using structured, evidence-based intelligence techniques. You’ll work with methods like ACH, red teaming, and scenario modeling to evaluate adversary behavior, identify analytical biases, and communicate confidence levels clearly. You’ll also build strategic threat models using frameworks such as STRIDE, ATT&CK, and NIST 800-30, ensuring your assessments align with real organizational risk. By focusing on rigorous analysis and defensible reasoning, this module prepares you to produce reliable intelligence that supports strong, strategic cybersecurity decisions.

What's included

10 videos1 reading1 assignment1 peer review1 discussion prompt

10 videosTotal 51 minutes

Module Introduction3 minutes
Analysis of Competing Hypotheses (ACH) 5 minutes
Red Teaming 5 minutes
Scenario Modelling 5 minutes
Attribution Frameworks 5 minutes
Attribution Challenges 5 minutes
Attribution Case Study Examples 6 minutes
Intelligence Confidence Language 5 minutes
Threat Modelling for Enterprise Risk 5 minutes
Threat Model Design Using NIST 800-30 or STRIDE 6 minutes

1 readingTotal 5 minutes

Five Key Steps to Delivering Intelligence Reports that Your Board Actually Reads 5 minutes

1 assignmentTotal 20 minutes

Strategic Analysis, Attribution & Threat Modelling 20 minutes

1 peer reviewTotal 10 minutes

Hands-On-Learning: Intelligence Confidence and Enterprise Risk Modelling10 minutes

1 discussion promptTotal 10 minutes

Intelligence Confidence Language10 minutes

In this module, you’ll learn how to perform advanced threat research, correlate complex attack indicators, and map adversary infrastructure across multiple data sources. You’ll explore collection planning, OSINT tradecraft, malware analysis workflows, and behavioral fingerprinting techniques to uncover patterns in threat activity. Through hands-on tools, graph analytics, and real-world case studies, you’ll develop the skills to connect campaigns, identify threat actors, and build accurate intelligence assessments that strengthen attribution and support proactive defense.

What's included

9 videos1 reading1 assignment1 peer review1 discussion prompt

9 videosTotal 50 minutes

Module Introduction 3 minutes
Collection Planning & Source Prioritization 6 minutes
Malware, Tooling, and TTP Analysis 5 minutes
Campaign Correlation & Actor Attribution 5 minutes
Structured Analytic Techniques (SATs)5 minutes
Threat Modelling for Strategic Context 6 minutes
Attribution with Intelligence Confidence 8 minutes
Threat Intelligence Tools & Enrichment 5 minutes
Graph Analytics DeepDive 7 minutes

1 readingTotal 5 minutes

DFIR Report Case Studies 5 minutes

1 assignmentTotal 20 minutes

Threat Research, Correlation & Infrastructure Mapping 20 minutes

1 peer reviewTotal 10 minutes

Hands-On-Learning: Use VirusTotal, Any. Run, and Shodan for Malware and Infrastructure Research 10 minutes

1 discussion promptTotal 10 minutes

Impact of Threat Intelligence Platforms in Real-World Threat Analysis10 minutes

In this module, you’ll learn how to turn complex technical threat intelligence into clear, actionable insights tailored for different audiences across an organization. You’ll practice structuring reports, communicating uncertainty with confidence, and presenting intelligence in formats suited for executives, SOC teams, legal stakeholders, and board members. Through hands-on exercises and real-world examples, you’ll develop the skills to write professional intelligence reports, use visual storytelling, and leverage modern reporting tools to support strategic decision-making and drive meaningful security actions.

What's included

10 videos1 reading1 assignment1 peer review1 discussion prompt

10 videosTotal 52 minutes

Module Introduction 3 minutes
Threat Intelligence for Decision-Makers 5 minutes
Tools for Strategic Intelligence Analysis 5 minutes
Intelligence Reporting Structures 6 minutes
Effective Communication Techniques 5 minutes
Stakeholder-Oriented Reporting 5 minutes
Report Examples 6 minutes
Intelligence Writing Principles & Best Practices 5 minutes
Communicating Uncertainty and Confidence 6 minutes
Automation and Collaboration Tools in Reporting 6 minutes

1 readingTotal 5 minutes

Framing Effects in Risk Communication Messages: Hazard Identification vs. Risk Assessment 5 minutes

1 assignmentTotal 30 minutes

Reporting and Communication of Intelligence 30 minutes

1 peer reviewTotal 10 minutes

Hands-On-Learning: Threat Update Presentation10 minutes

1 discussion promptTotal 10 minutes

Adapting Intelligence for Diverse Stakeholders 10 minutes

In this final module, you’ll apply everything you’ve learned by analyzing a simulated threat actor campaign and turning raw intelligence into a clear, stakeholder-ready brief. You’ll correlate indicators across multiple sources, assess risk and confidence levels, and use structured analysis and reporting techniques to deliver actionable insights that support real-world security decision-making.