Building a Value-Driven CTI Program: Planning, Traceability, and Maturity

Master a methodology to defend your budget and demonstrate your team's direct value to your CISO.

September 23rd, 2026 | 9:00 AM - 1:00 PM EST

Ready to establish consistent analytical traceability and prove the business value of your CTI program? Join us for our free half-day Intel Planning Workshop.

As CTI analysts, your value isn’t measured by raw alert volume, but by the strategic and operational decisions you inform. Led by Intel 471’s SVP of Intelligence Operations, Garrett Carstens, and Senior Director of Customer Engagement, Kevin Williams, we deliver a deep dive into operationalizing the Cyber Threat Intelligence Capability Maturity Model (CTI-CMM), and leverage the results to develop a fully traceable stakeholder-driven intelligence plan.

Building an effective high-caliber threat intelligence capability requires not only effective stakeholder communication but also continuous measurement and self-evaluation. This session gives you a repeatable framework for doing both, enabling the transition from a reactive program to a proactive, intelligence-led one. It’s the foundation you need to make data-backed cases for resources, build cross-functional buy-in and prove Return on Investment (ROI).

What you’ll gain by attending this workshop

Build consistent analytic traceability, replacing gut-reaction assessments with a repeatable framework
Conduct structured stakeholder interviews to extract Priority Intelligence Requirements (PIRs), develop your collection plan, and prioritize your information collection based on your stakeholders TRUE needs.
Prove ROI by connecting daily analysis across the CTI-CMM's 11 stakeholder domains (Threat, Risk, Architecture, and more) to quantified operational improvements
Identify how to efficiently and consistently enable strategic decisions that shape risk posture, justify budget, and guide security investments
Practice in interactive simulations stepping into the role of a CTI lead at a mid-sized enterprise, with each exercise building on the last to bridge theory and operational reality

You’ll leave with a ready-to-deploy analytical toolkit including:

Intelligence planning and CTI-CMM workbooks
Intel 471 Cyber Underground General Intelligence Requirements (CU-GIR) Handbook
Templates for stakeholder interviews, monthly reporting, and intelligence feedback
A certificate of completion.

Building an Intelligence Plan Workshop

Meet Your Instructors

Garrett Carstens

SVP - Intel Operations

Garrett Carstens as the Senior Vice President of Intel Operations at Intel 471 coordinates internal and cross-departmental initiatives focused on optimizing timely and relevant intelligence production and delivery. Prior to joining Intel 471, Garrett spent over 15 years in various roles within the U.S. Department of Defense and the financial sector– always with a primary mission of identifying, analyzing and mitigating cyber threats.

Kevin Williams

Sr Director, Customer Engagement Management

Kevin joined Intel 471 in March 2021 and brought with him more than 25 years of experience in UK cyber law enforcement and cyber security. He started his career with the Metropolitan Police Service, later joining the National Crime Agency, before working in the cyber security commercial and not-for-profit sectors with Team Cymru, KPMG and Pluralsight. In 2008 Kevin was instrumental in the development of the UK’s national cybercrime capability. He was the lead law enforcement advisor to the UK Government for the creation of the cyber response to the London 2012 Olympic Games, for which he received an Assistant Commissioner's commendation.