Threat Intelligence is an elusive conception that attracted a lot of interest from the media since year 2013, when APT1 report was published by Mandiant. Being one of the most concise reports ever published, it is clear that the model used to analytically connect the dots was very robust and at the end of the day, impeccable. This methodology will be referenced in the talk. "Threat Intelligence 101" also builds upon 8 years of working with different incident response teams, tools and analytics they're using and cyber threat intelligence support they get. Following topic areas will be covered: - what threat intelligence is, and most importantly: what threat intelligence isn't - "everything connects to everything else" paradigm - application of graph database - analytic tradecraft and analytic confidence - how to track a threat actor with high analytic confidence The ultimate goal is to encourage the audience to launch their own cyber threat intelligence programs using data they most likely already have, provided that they're running a SOC or incident response practice. I will showcase how standalone CTI program allows to perform intelligence-driven incident response investigations, where IR data fuels intelligence and vice versa.