“The problem is not that analysts lack information. The problem is how they think about the information they already have.” — Richards J. Heuer Jr., CIA
That quote has sat with me for years. I first read Heuer’s Psychology of Intelligence Analysis early in my career in law enforcement intelligence, and it crystallised something I had been struggling to articulate: most people doing OSINT work aren’t failing because they can’t find information. They’re failing because they don’t have a disciplined framework for what to do with it once they have it.
That gap is exactly what Intelligence Analysis 101 is designed to close.
What This Course Is
Intelligence Analysis 101 is a 16-hour self-paced online course for cyber security professionals, investigators, and practitioners who want to move beyond ad hoc OSINT and work to a professional standard.
It covers the full pipeline — from structured collection across surface web, deep web, social media, corporate registers, and geospatial sources, through to writing finished intelligence products with calibrated confidence levels and professional estimative language.
No prior intelligence training required.
Who It’s For
I built this primarily for people working in Australian government, law enforcement, defence, or private-sector intelligence roles who deal with open source information regularly but have never had formal tradecraft training. That’s a surprisingly large cohort.
Cyber security professionals who do threat intelligence are a natural fit. So are investigators who have been running down leads on social media without a structured methodology, and compliance professionals who need to build profiles of entities or individuals from open sources.
If you have ever written a report that said “subject was found to be associated with X” without explaining how you got there, how you weighted the source, or what confidence you attached to that assessment — this course is for you.
What You’ll Actually Learn
The course runs across four days of approximately four hours each:
Day 1 — Foundations. The intelligence cycle, OSINT principles, the cognitive biases identified by Heuer that routinely corrupt analysis, and where the Australian Intelligence Community sits structurally. This day is about building the mental model before touching any tools.
Day 2 — Collection. Source types, Google Dorking and search tradecraft, operational security for the analyst, the 4×4 Admiralty source evaluation framework, and social network and link analysis. By the end of this day you’ll be running structured collections against real targets and documenting them properly.
Day 3 — Structured Analytic Techniques. This is the heart of the course. Key Assumptions Check, hypothesis generation, Analysis of Competing Hypotheses, deception detection, and chronologies. These are the techniques that separate intelligence analysis from journalism or informed guesswork.
Day 4 — Advanced Topics and Capstone. Dark web OSINT, geospatial intelligence, cryptocurrency tracing, and writing finished intelligence products. The day closes with the capstone assessment — Operation Saltmarsh — a realistic scenario where you apply everything across a complete intelligence problem and submit a finished assessment.
Why I Used Only Free and Open Source Tools
Partly it’s accessibility — I wanted the course to be completable by anyone regardless of their organisation’s tool budget. But the more important reason is that proprietary tools create a false sense of capability. If you can only do OSINT through a commercial platform, you don’t really understand what you’re doing. You’re operating a product, not practising a discipline.
Every technique in this course can be done with free tools. Once you have the tradecraft, the commercial tools become multipliers rather than crutches.
A Note on the Legal Framework
All collection in this course is conducted within the Australian legal and ethical framework for OSINT. This isn’t a compliance checkbox — it’s a core competency. Intelligence collected through methods that can’t withstand legal scrutiny is worse than useless in law enforcement and regulatory contexts, and it creates significant personal and organisational exposure in private-sector settings.
We cover the relevant legislation, what constitutes lawful open source collection in Australia, and how to document your methodology so that your work holds up if it ever needs to.
How to Access the Course
Intelligence Analysis 101 is available now through Study Sessions with Butchy. Head to the Courses page for enrolment details.
If you have questions about whether this course suits your background or role, get in touch via LinkedIn.
Steve Bartimote is a cyber security professional with 32 years of experience across IT and cyber security, including 17 years in intelligence operations in law enforcement. His specialist background spans child sexual abuse material investigations, human trafficking, and extremist groups.