Scroll Top

CTI + DE&TH: Intelligence Driven Detection Engineering and Threat Hunting

Course Description

The Paralus Technical Cyber Threat Intelligence (CTI) plus Detection Engineering and Threat Hunting (DE&TH) training is designed to be an intensive and technical introduction to these security concepts. By working through topics in a rapid, focused nature, students will quickly gain familiarity with core principles behind CTI work and how this applies to and informs subsequent DE&TH operations.

This course is designed to be highly interactive and conversational, with opportunities to test out and explore concepts within the material to ensure the greatest possible immersion into critical CTI and DE&TH ideas. Building on a foundation of core CTI concepts, attendees will then work towards immediate applications of CTI research across DE&TH deliverables, including proper development mechanisms within detection engineering and hypothesis development and testing for threat hunting.

Course contents

The training is broken into four sections covering the following topics:
  • Session One: Intelligence Fundamentals
    • Meaning & Purpose of Intelligence
    • CTI & Outcomes ●
  • Session Two: Technical Intelligence & Operational Applications
    • Understanding Intelligence Artifacts & Observables
    • Indicators & Indicators of Compromise
    • CTI Purpose & Alignment with Operations
  • Session Three: Intelligence-Driven Detection Engineering
    • Understanding Detection Engineering
    • Intelligence Support to Detection Engineering Functions
    • Evaluating Efficacy, Coverage, & Gaps
  • Session Four: Intelligence-Driven Threat Hunting
    • Understanding Threat Hunting
    • Threat Hunting Hypothesis Formulation & Development
    • Internal & External Threat Hunting
    • Threat Hunting Outcomes & Deliverables

Who should take this course?

This extended training is suitable for intelligence professionals trying to become more operations-focused, individuals wanting to transition to detection engineering or threat hunting, or individuals looking to build CTI or DE&TH programs.


Attendees should have foundational knowledge in network security operations and general familiarity with recent, high profile incidents.

Hardware/Software Requirements

Students should bring:

  • Computer for following along with materials and taking notes is preferable.
  • Computer with capability of running virtualized environments for sample analysis is possible, but not necessary.
  • Access to any of the following tools is preferable, but not necessary: VirusTotal, DomainTools, SilentPush,,, URLScan, or similar

Trainer Biography

Joe Slowik has over 15 years of experience across multiple domains of information security and cyber operations. Joe currently leads threat intelligence functions for the MITRE ATT&CK project while also performing critical infrastructure threat analysis and research for the MITRE Corporation. Previously, Joe has worked in various roles in threat intelligence, detection engineering, threat hunting, and incident response across organizations such as Dragos, DomainTools, Huntress, Los Alamos National Laboratory, and the US Navy. In addition to the above, Joe also maintains an active training and consulting practice through his organization, Paralus LLC, focusing on applied threat intelligence, operational technology security, and threat-focused security planning.

Twitter: @jfslowik

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.