Welcome to CRI

Cyber Resilience for the

CRI provides the connection for information exchange to enable national advocacy, knowledge sharing, community organizing, training resources and local activities for the advancement of cyber resilience. Support us with your donations.


02/01/2023 – The Sports-ISAO will be standing up a Pop-up SOC for the U.S. Football event – The Superbowl

11/01/2022 – The Sports-ISAO will be standing up a Pop-up SOC for the FIFA-sponsored Men’s World Cup in Doha, Qatar.

01/09/2022 – The Sports-ISAO is gearing up for the 2022 Beijing Olympics.

09/22/2021 – Webmaster Martin Burrows will be presenting a paper at the 15th International Symposium for Olympic and Paralympic Research’s Committee

08/31/2021 – Wrapped up final reporting on the Tokyo Olympics

06/30/2021 – c-Market Toolkit consolidated on CRI Website. Go to the c-Market dropdown to access Toolkit links.

12/8/2020– CRI Board Member Jane Ginn has been honored by Oasis Open. Click on the following link to learn more Jane’s contributions and Oasis Open.

11/17/2020– The November Cybersecurity and Information Environment webinar is pleased to host the Cyber Resilience Institute’s (CRI) Doug DePeppe and Jane Ginn on November 17th at 3PM MST. Click on this link to register.

8/23/2020– Network Traffic Analysis and the ATT&CK Framework webinar recording available with Stephen H. Campbell.

8/22/2020 – Online content now available for free on cyber threat hunting models.

8/20/2020Enroll now for the upcoming c-Watch Elections2020 training – It starts October 5th, 2020.

6/19/2020– Exciting news as the Cyber Resilience Institute partners with the National Cybersecurity Center on c-Watch Training.

5/26/2020– New posts in our blog section. Go and check it out!!

4/26/2020– Check out our research page for the latest in research concerning COVID-19 and cybersecurity.

Contact us to learn about our educational programs, research and potential partnerships.

c-Watch Course

c-Watch Training

Training is interdisciplinary across the domains of cyber intelligence, social media, and international cyberspace conflict. This enables students to develop cross-disciplinary knowledge and skills. The training is structured so that students with diverse backgrounds can participate in an interdisciplinary team. The course culminates in the Capstone where students concentrate on attaining knowledge along the intelligence continuum: Collection – Analysis – Sharing & Reporting.

Training Overview

Prerequisites:This course is open to college age students, mid-career professionals or anyone who wants to learn Cyber Threat Intelligence. Bring your willingness to learn. You will get more out of it if you have some background in information technology, computer science, international affairs, geography, political science, history, journalism or a related field of study.
Course Length:3 Week Intensive – Plus an Event-Driven Capstone.
Delivery:Online with individual research; Team collaboration and threat hunting occurs on a distributed basis, coached by mentors.
Tools:Each Learner receives a user license and access to a repository of open source tools and is trained on tool usage, tradecraft, and cross-domain hunting using tools like:  threat intelligence platform (TIP), social media tools, analytic frameworks, and collection management resources.
Format:The program includes lectures on foundational knowledge, user training, tool orientation, hands-on scenarios and labs, and a live, experiential collection and analysis operation during the Capstone.  There are three separate areas of focus:  Social Media Threat Hunting, Cyber Observable Threat Hunting, and Cyber Policy.
Schedule:Watch for the next c-Watch training by contacting us.

A sample of our course content is provided here.

This online program allows you to learn at your own pace.  You can join a working cohort of professionals building a world-class cyber defense force. 

“Such an amazing program, I can’t describe how excited I became every day during the month of training on Cyber Threat Hunting….. I ended up loving it; the new tools and techniques we spent days and weeks learning and practicing were fantastic.”

— Marcelle Licciardi – Summer2020 c-Watch Graduate

Contact us if you have questions!

c-Watch Accomplishments

During the summers of 2016 through 2022 the Cyber Resilience Institute ran  Internship programs for graduate and undergraduate students in computer science, information technology, law, and international affairs. In 2020 we expanded to a mixed cohort of mid-career professionals and college students. Our ongoing operations aim to support skills upgrades in cyber threat intelligence.

The Internship is comprised of an intensive training program followed by a live-fire pop-up Security Operations Center (SOC) experience. Training is delivered on a virtual platform and students get hands-on practice with cyber threat hunting best practices on a threat intelligence platform. The pop-up SOC is scheduled around a global sports event like the Olympics or the FIFA World Cup.

2017 Security Operations Center

Program Features in Summary

The c-Watch training

  • Has been organized by the Sports-ISAO program since 2016, and is administered by Cyber Resilience Institute, a 501(c)(3) not-for-profit entity.
  • Is comprised of accomplished undergraduate and graduate students and mid-career selected from leading universities and mid-career professionals to participate in this intensive three-week program. 
  • Provides real world, real time, interdisciplinary cyber threat training across the domains of cyber intelligence, social media, and international cyberspace conflict using a wide spectrum of tools and techniques.
  • Enables students to develop cross-disciplinary knowledge and important critical thinking skills vital to threat hunting, cyber security and information sharing professionals.

Graduates of the c-Watch program are eligible to enter CrowdWatch, a national network of cyber c-Watch interns, whom we make available for a wide range of project work including staff augmentation and outsourced analytics. CrowdWatch provides participants compensation opportunities while they gain valuable real world-work experience. Our ultimate goal is to place CrowdWatch participants into full time paid internships and jobs.

2016 Summer Olympics 

  • Monitored and reported Anonymous and Fancy Bear attacks
  • A Pop-up SOC hosted at a Colorado National Guard facility
  • Demonstration of public/private partnership operations and coordination with the FBI Field Office
  • Analysis and visualization of Mirai data sets

2017 IAAF World Championships

  • Over 20 Corporate Sponsors
  • College students from over 30 Universities
  • Collaboration via reporting to DHS
  • Fusion of Social Media and cyber attack data
  • Analysis of Grizzly Steppe data

2018 Winter Olympics

  • Discovery and tracking of the Olympic Destroyer Malware
  • Tracking of multiple influence operations
  • Identification of disinformation campaigns

2018 FIFA Men’s World Cup

  • Discovery of significant St. Petersburg-based Internet Research Agency (IRA) activity that has now been made public through indictments of Russian citizens and the recent reports to the US Senate Select Committee on Intelligence on social media influence operations by 28 countries and the IRA’s extensive and well-funded operation.

2019 FIFA Women’s World Cup

  • Ongoing monitoring of APT activities throughout the games; topics that generated attack traffic included gender pay inequality and LGBT rights. 
  • During this operation it became much more clear to us how criminal gangs were using “free” video-streaming sites to lure victims to sites infected with malware.  Once at the infected sites users were subjected to various ad click fraud schemes, botnet recruitment and other maliciousness. 
  • Ad fraud is a multi-billion dollar criminal enterprise; our threat hunting documented the mechanics of several of the criminal gangs involved in this activity.

2020 COVID-19 Hack & Hype

  • The global novel coronavirus pandemic has caused public health and economic upheaval all around the world. Our Summer 2020 cohort focused on the hack and hype from threat actors and fraudsters.
  • Our findings were shared with the Global Health Crisis Coordination Center and other stakeholders.

2021 Tokyo Summer Olympics

  • Observed large-scale botnets deploying various types of malicious traffic targeting fans and spectators of the Olympics
  • Lures are aimed at people that want to watch “free” video streaming of the games
  • Windows and Android OSs targeted

2022 Beijing Winter Olympics

The hallmark of the Beijing Winter Olympics was the tight control of the athletes and participants due to the strict COVID-19 controls of the Chinese government. Mandatory testing, strict controls on physical movement and other measures made this a set of games like no other. Nonetheless, the athletes from around the world participated, as did the CrowdWatch defenders. Threat hunters identified multiple wide-scale fraudulent live streaming schemes with multiple access brokers recruiting vulnerable fans and online viewers directing them to infected websites. Crowdwatch defenders again reported on these observations to the various stakeholders of the Olympics and sports.

2022 Men’s World Cup

The first Men’s World Cup to be held in a middle eastern country was held in November and December of 2022. The Sports-ISAO worked with the Lithuanian-based think tank Debunk.org on this operation. This was groundbreaking in several ways. First, Debunk.org is one of the most accomplished and respected think tanks in the European Union that focuses on foreign information manipulation and influence (FIMI). Second, the two teams were testing the potential for using the DISARM Framework during the operation. Each operation brings the team more experience on deep source checking.

During each of our previous programs a wide range of speakers from many global corporations participated in the lecture series.  This included representatives from Reprivata, Facebook, Target, Chevron, Symantec, TruSTAR, Dunami, InfoCyte and the Cyber Threat Intelligence Network, among others.  Students were trained on the methods and models of cyber threat hunting with the intent of establishing a crowd-sourced cadre of cyber threat hunters skilled in understanding the trade craft and nomenclature.

Sucessful graduates from our programs are eligible to be nominated to our CrowdWatch cadre.

CrowdWatch participants possess superior critical thinking skills vital to threat hunting, cyber security, information sharing, and SOC professionals. Direct access to this highly qualified group offers cost savings to organizations requiring full time cyber professionals with real world work experience, or access to talent for contract-based, or project work. Our ultimate goal is to place CrowdWatch participants into full time paid internships and jobs.


This Toolkit, assembled for information sharing and analysis organizations (ISAOs) when building out their communities and used as a resource for our c-Watch training programs, provides resources for getting started organizing  ISAOs.

  ISAOs are for improving communications among and between key stakeholders and owners of critical infrastructure resources.

Getting Started

Community Building Handbook

Threat Intelligence Resources


Begin the Journey!


The Sports-ISAO is a program of the CRI. It is a member organization aimed at providing a secure, vetted forum for members of the sports community to discuss matters of cybersecurity.  We welcome inquires from leagues, conferences, individual teams, sports team owners, athletes, and others affiliated with the sports community.

  • CRI builds strong cyber communities to protect members from cyber attackers. Like a neighborhood watch, it takes a sharing community and vigilance to thwart attackers.
  • Within the Sports-ISAO CRI engages communities in collective cyber defense.
  • Americans love their sports. By using sport, CRI is rallying communities to protect their athletes, facilities and event sponsors from cyber-attack.
  • The Sports ISAO is a cutting edge Public-Private Partnership that alerts members’ security teams of threats.
  • The Sports ISAO is changing the approach to cybersecurity. We improve cyber resilience one community at a time.