Certified Threat Intelligence Analyst

EC-Council’s Certified Threat Intelligence Analyst (CITIA) certification is a comprehensive specialist- level professional program focused on the ever- evolving domain of threat intelligence. The program is designed for individuals involved in collecting, analyzing, and disseminating threat intelligence information.

CITIA covers a wide range of topics, including the fundamentals of threat intelligence, the use of threat intelligence tools and techniques, and the development of a threat intelligence program. The cyber threat intelligence course focuses on refining data and information into actionable intelligence that can be used to prevent, detect, and monitor cyber- attacks. The program addresses all the stages involved in the threat intelligence lifecycle, and this attention toward a realistic and futuristic approach makes CITIA one of the most comprehensive threat intelligence certifications in the market today.

The program was based on a rigorous Job Task Analysis (JTA) of the job roles involved in the field of threat intelligence. This program differentiates threat intelligence professionals from other information security professionals. It is a highly interactive, comprehensive, standards-based, intensive 3-day training program that teaches information security professionals to build professional threat intelligence.


Once you have completed this course, you’ll be able to learn:

  • Fundamentals of threat intelligence (Threat intelligence types, lifecycle, strategy, capabilities, maturity model, frameworks, platforms, etc.)
  • Various cybersecurity threats and attack frameworks (Advanced Persistent Threats Cyber Kill Chain Methodology, MITRE ATTACK Framework, Diamond Model of Intrusion Analysis, etc.)
  • Various steps involved in planning a threat intelligence program (Requirements, planning, direction, and review)
  • Different types of threat intelligence feeds, sources, data collection methods
  • Threat intelligence data collection and acquisition through Open-Source Intelligence (OSINT), Human Intelligence (HUMINT), Cyber Counterintelligence (CCI), Indicators of Compromise (loCs), Malware Analysis, and Python Scripting
  • Threat intelligence data processing and exploitation
  • Threat data analysis techniques (Statistical Data Analysis, Analysis of Competing Hypotheses (ACH), Structured Analysis of Competing Hypotheses (SACH), etc.)
  • Complete threat analysis process, which includes threat modeling, fine-tuning, evaluation, and runbook and knowledge base creation
  • How to create and share threat intelligence reports
  • Threat intelligence sharing and collaboration using Python scripting
  • Different platforms, acts, and regulations for sharing intelligence
  • How to perform threat intelligence in a cloud environment
  • Fundamentals of threat hunting (Threat hunting types, process, loop, methodology, etc.)
  • Threat-hunting automation using Python scripting.
  • Threat intelligence in SOC operations, incident response, and risk management


  • As per the EC-Council’s C|TIA program, candidates must have an educational background and at least 2 years of working experience in cyber security, IT, or related fields.
  • Security Analyst
  • Incident Investigators
  • Security Operations Manager
  • Security Architect
  • Security Manager
Length of exam  2 hours
Number of questions 50 questions
Question format Multiple Choice
Passing grade 70%
Exam availability English
Testing center ECC Exam Portal