structured-analytic-techniques

Structured Analytic Techniques (SATs)

A family of systematic methods designed to improve analysis by making reasoning processes explicit, challenging assumptions, stimulating creativity, and managing uncertainty. Core tool of modern intelligence analysis and increasingly applied in cybersecurity.

---

Definition

From CIA Tradecraft Primer (2009): techniques that help analysts “challenge judgments, identify mental mindsets, stimulate creativity, and manage uncertainty.”

From Riley: SATs in Cybersecurity (2024): “systematic methods designed to improve analysis by reducing cognitive biases, challenging assumptions, and promoting clarity and creativity in reasoning.”

---

The Problem SATs Solve

The three perennial problems in intelligence analysis (CIA Tradecraft Primer (2009)):

1. Complexity of international developments
2. Incomplete and ambiguous information
3. Inherent limitations of the human mind ← SATs directly address this

The human limitations problem: analysts process information through mental models that filter incoming information in ways that can lead to systematic cognitive biases.

---

The 12 CIA-Defined Techniques (3 Categories)

From the CIA Tradecraft Primer (2009). Note: the full Heuer/Pherson book (Heuer & Pherson (book)) includes additional techniques — see below.

Diagnostic Techniques

(Make analytic arguments, assumptions, or intelligence gaps transparent)

• Key assumptions check
• Quality of information check
• Indicators or signposts of change
• Analysis of competing hypotheses (ach)

Contrarian Techniques

(Explicitly challenge current thinking)

• Devil’s advocacy
• team b
• High Impact low Probability analysis
• What if? analysis

Imaginative Thinking Techniques

(Develop new insights, perspectives, and alternative outcomes)

• Brainstorming
• Outside In thinking
• Red team analysis
• Alternative futures analysis

---

Additional Techniques (Heuer/Pherson Book)

The full Structured Analytic Techniques for Intelligence Analysis (Heuer & Pherson (book)) covers a broader taxonomy than the CIA Primer’s 12:

• Starbursting — Idea Generation; 5W question-scoping pre-analysis technique; confirmed in LLM implementation by Roberts: LLM SATs FTW (2025)

Book not yet directly ingested — known through Roberts: LLM SATs FTW (2025). See entity page for status.

---

Application in Cybersecurity (per Riley: SATs in Cybersecurity (2024))

SATs are role-agnostic within cybersecurity — applicable across all roles because the underlying challenges (complexity, ambiguity, uncertainty) are universal. Key roles where SATs are applied:

• Threat Intelligence Analysts (ACH, Indicators, Red Team)
• Incident Responders (Key Assumptions Check, What If?, Brainstorming)
• Risk Analysts (Alternative Futures, High-Impact/Low-Probability)
• Forensic Investigators (ACH, Devil’s Advocacy)
• SOC Analysts (Brainstorming, Red Team, Key Assumptions Check)

---

Sources

• CIA Tradecraft Primer (2009) — definitive government reference (CIA, 2009)
• Riley: SATs in Cybersecurity (2024) — cybersecurity application overview
• Roberts: LLM SATs FTW (2025) — LLM implementation (Starbursting + ACH + KAC); introduces Heuer/Pherson book reference