Last week at WB3C, we wrapped up a four-day training on Cyber Threat Intelligence (CTI) focused on the energy sector and government infrastructure, led by Ljuban Petrovic.

Working with SOC, CSIRT and CERT teams from across the region, the training reinforced a simple point: CTI only matters when it informs decisions. When it helps prioritise. When it changes how teams prepare and respond.
The sectoral focus proved its value. Energy infrastructure comes with its own risk landscape, and the discussions reflected that reality—specific, operational, and directly relevant.

We are continuing this work in September, building on what started here.
Because strengthening resilience is not a one-off effort. It is something that develops over time, through practice, exchange, and trust. 

Simply put, CTI is about turning information into insight, before a threat happens.

Not just collecting data on threats, but understanding who is behind them, how they operate, and what that means for your own systems.
Without that understanding, cybersecurity remains reactive. With it, organisations can anticipate, prioritise and respond with purpose.

Next week at WB3C, we will be running a four-day regional training on Cyber Threat Intelligence (CTI).
The training is designed for SOC, CSIRT and CERT teams, as well as IT professionals working within critical entities—specifically the energy sector. The choice is deliberate.

We are taking a sectoral approach to cybersecurity capacity building. Because threats are not abstract—they target specific systems, infrastructures and vulnerabilities. And the energy sector, as a backbone of economic and societal stability, requires tailored, operationally relevant skills that reflect its real risk landscape.
Over four days, participants will cover:
💡 understanding CTI in the context of critical infrastructure
💡 analysing threats and assessing their impact
💡 translating intelligence into actionable outputs

All week, we will be working closely with cybersecurity professionals from across the region’s energy sector—moving from concepts to application, and building capabilities that can directly support operational decision-making.
This is where CTI becomes operational. Protecting our energy infrastructure means protecting our economy, our security and our livelihood.

Image: Patrick https://lnkd.in/diYnZEgB

Day 3 was dedicated to direct engagement with industry.
The WB3C delegation attended presentations by leading cybersecurity companies, including Alcyconie, Sekoia.io and GATEWATCHER, gaining insight into practical solutions and operational approaches to current cyber threats.
The day continued with a hands-on workshop by Alcyconie focused on crisis management, built around a real-life scenario. Members of the delegation took part in the exercise, working through response coordination and decision-making in a simulated incident environment. There was a number of informal meetings with numerous industry representatives around the event venue.

Today, the Western Balkans Cyber Capacity Centre (WB3C) team also met with the organisers of the Forum INCYBER (FIC) to advance discussions on bringing a similar event to Podgorica this June. The meeting focused on shaping the concept, format and partnerships of what would become the first cybersecurity industry forum of this kind in the Western Balkans, formally linked to the InCyber network.

A highly productive and valuable study visit to Lille.