Research organization.
Not a training company.

IVOTRA was built by practitioners who believe the gap between real-world threat research and available practitioner education is far too wide. We exist to close it.

What IVOTRA stands for

The name is a deliberate statement of purpose. Every word reflects something we actively do — not an aspiration or a marketing position, but a description of the work.

Intelligence is the output. Operations are the method. Tradecraft is the discipline. Research is the foundation. Analysis is how it all connects.

I Intelligence The actionable output of our work — finished, consumable intelligence for defenders.
V Via Through — the method matters as much as the output.
O Operational Grounded in real operations, not theoretical frameworks.
T Tradecraft The disciplined practice of intelligence collection and analysis.
R Research Original investigation that generates new knowledge, not recycled content.
A Analysis Structured analytical process that turns raw data into understanding.

Mission & Vision

Mission

To advance the practice of cybersecurity through original practitioner-led research, technically rigorous knowledge transfer, and an open community built on shared expertise — without vendor influence, marketing agendas, or the dilution of technical depth.

Vision

To become one of the world's most respected cybersecurity research organizations — recognized not for certifications or brand presence, but for the quality of our research, the depth of our tradecraft, and the practitioners we help develop.

What we are building toward

Training is the first offering. The organization's long-term scope is significantly broader — spanning research, community, tools, and services.

Original Research

Investigative research into adversary behavior, malware, infrastructure, and emerging threats.

Training

Practitioner-led courses at top security conferences and privately for organizations.

Community

An open practitioner community built on trust, technical depth, and knowledge sharing.

Intelligence Services

Applied intelligence services for organizations requiring specialist threat analysis capability.

Products & Plugins

Purpose-built tooling and integrations designed around real analyst workflows.

Open Source

Open-source projects and shared tooling contributed back to the practitioner community.

Conference Talks

Public presentations of original research at DEF CON, Black Hat, and peer conferences.

Publications

Technical publications, threat reports, and long-form research for the broader community.

Operating principles

These are not values statements written for a website. They describe how IVOTRA actually operates and what we hold ourselves to.

Practitioner-first

Every decision — what to research, what to teach, what to build — is made from the perspective of working practitioners. Not executives. Not compliance teams. Not marketing.

Research-driven

Everything starts with research. Training content comes from real investigations. Tools are built from real operational needs. We don't teach what we don't know from first-hand experience.

Vendor-neutral

IVOTRA takes no money from vendors and carries no vendor influence in its research, training, or recommendations. We tell the truth about what works, not what we're paid to say works.

Evidence-based

Claims are sourced. Analysis is qualified. Confidence levels are stated. We apply intelligence tradecraft standards to our own work — no unsupported assertions, no manufactured urgency.

Community-focused

We believe the strongest security posture for the industry comes from open knowledge sharing, not hoarded expertise. We contribute back, share freely, and build in public where possible.

Technical depth over breadth

We go deep. Survey-level content exists in abundance. IVOTRA produces and teaches work that requires real technical engagement — because depth is what actually changes practitioner capability.

How we got here

IVOTRA emerged from the recognition that the gap between practitioner-level threat research and available public education was widening — not closing. The knowledge was being generated in siloed teams and never making it to the broader community.

The founding team had been doing this work professionally for years. Teaching it was the natural next step — but doing it right meant building an organization with the right foundations, not just spinning up another training company.

2024

IVOTRA Founded

Organization established by practitioners with backgrounds in threat intelligence, malware analysis, and adversary research. Research-first mandate set from day one.

Early 2025

First Research Published

Initial body of research published covering adversary infrastructure hunting, C2 analysis, and CTI methodology — establishing the technical foundation for training content.

Mid 2025

First Public Trainings

Training program launched at DEF CON 33 and Black Hat USA 2025 — four courses across threat intelligence, infrastructure hunting, OSINT, and malware analysis.

2025 →

Building Toward the Vision

Expanding research output, growing the community, developing open-source tooling, and laying the foundation for intelligence services and long-form publications.

Get involved with IVOTRA

Whether you're a practitioner, researcher, or organization — we'd like to hear from you.

Get in Touch Read Research