Aerospace & Defense

Information Technology


Emerging Capabilities

Advanced Intelligence-Driven Defense® (AID2)


The Advanced Intelligence Driven Defense® course is designed to offer individuals who possess intermediate analyst skill-sets or those with long-term field experience with focused training on incorporating the Lockheed Martin Cyber Kill Chain® framework.

This course can be used as a follow-on for I2D2® course graduates. It teaches advanced techniques in scripting and data analysis in long term adversarial tracking and monitoring.

Lockheed Martin’s Computer Incident Response Team has created an intelligence Driven defense process, Lockheed Martin Cyber Kill Chain®, which allows information security professionals to proactively remediate and mitigate advanced threats in the future.

Course Objectives

After successful completion of this course, attendees will be knowledgeable of:

  • Fundamental differences between traditional IT Security Operations and Security Intelligence
  • Advanced Persistent Threat (APT) Tactics, Techniques, and Procedures (TTPs)
  • Lockheed Martin Cyber Kill Chain®” and Why it is Important?
  • Security Intelligence Organization Structure, Mission, and Responsibilities
  • Have an intermediate level of knowledge with which to analyze large data sets, correlate among disparate files, and extract indicators
  • Understand advanced forensics and incident response concepts critical to the Security Intelligence Process
  • Differentiate between traditional forensics, incident response basics and APT-based triage from an “Intelligence Driven” perspective
  • Demonstrate preliminary analysis techniques of suspect malware
  • Demonstrate analysis of memory artifacts, registry and host -based logs
  • Discuss considerations pertinent to advanced acquisition techniques
  • Understand the implications and impacts of both adversary attacks and the potential mitigations upon the enterprise architecture

Major Topics

  • Security Intelligence Core Concepts: Understand fundamental differences between traditional IT Security Operations and Security Intelligence as well as learn about how APTs operate.
  • Advanced Command-Line Analysis Techniques: Focus on extracting indicators from large datasets using command-line techniques.
  • APT-based Incident Response: Focus on host-based incident response domains specific to APT- incidents and dynamic malware analysis techniques.
  • Advanced Network Forensics:  Focus on key network protocols DNS, SMTP, Encoded/Encrypted C2 and analysis of large packet captures.
  • Defensible Enterprise Architectures: Reinforce learning by providing students with hands-on experience and focusing on understanding the implications and impacts of adversary attacks and the potential mitigations upon the enterprise network architecture, with a review of the mitigation matrix.
Excite logo



EXCITE® Course Management:
703-339-6201 x367, Sarah Sadowski

Business Development:
703-339-6201 x334, Eric Reeves