Aerospace & Defense

Information Technology


Emerging Capabilities

Advanced Intelligence-Driven Defense® (AID2)


The Advanced Intelligence-Driven Defense course is designed to offer individuals who possess intermediate analyst skill-sets or with long-term field experience with focus on incorporating the Lockheed Martin Cyber Kill Chain® framework. This course can be used as a follow-on for I2D2® course graduates. It teaches advanced techniques in scripting and data analysis in long term adversarial tracking and monitoring.

Lockheed Martin’s Computer Incident Response Team has created an intelligence-Driven defense process, Lockheed Martin Cyber Kill Chain®, which allows information security professionals to proactively remediate and mitigate advanced threats in the future.

Course Objectives

After successful completion of this course, attendees will be knowledgeable of:

  • Fundamental differences between traditional IT Security Operations and Security Intelligence
  • Advanced Persistent Threat (APT) Tactics, Techniques, and Procedures (TTPs)
  • Lockheed Martin Cyber Kill Chain®” and Why it is Important?
  • Security Intelligence Organization Structure, Mission, and Responsibilities
  • Have an intermediate level of knowledge with which to analyze large data sets, correlate among disparate files, and extract indicators
  • Understand advanced forensics and incident response concepts critical to the Security Intelligence Process
  • Differentiate between traditional forensics, incident response basics and APT-based triage from an “Intelligence Driven” perspective
  • Demonstrate preliminary analysis techniques of suspect malware
  • Demonstrate analysis of memory artifacts, registry and host -based logs
  • Discuss considerations pertinent to advanced acquisition techniques
  • Understand the implications and impacts of both adversary attacks and the potential mitigations upon the enterprise architecture

Major Topics

Security Intelligence Core Concepts: Understand fundamental differences between traditional IT Security Operations and Security Intelligence as well as learn about how Advanced Persistent Threats operate.

Advanced Command-Line Analysis Techniques: Focus on extracting indicators from large datasets using command-line techniques.

APT-based Incident Response: Focus on host-based incident response domains specific to APT- incidents and dynamic malware analysis techniques.

Advanced Network Forensics:  Focus on key network protocols DNS, SMTP, Encoded/Encrypted C2 and analysis of large packet captures.

Defensible Enterprise Architectures: Reinforce learning by providing students with hands-on experience and focusing on understanding the implications and impacts of adversary attacks and the potential mitigations upon the enterprise network architecture, with a review of the mitigation matrix.

Excite logo



EXCITE® Course Management:
703-339-6201 x367, Sarah Sadowski

Business Development:
703-339-6201 x334, Eric Reeves