Collection is a dominant activity in any Intelligence organisation. This holds true in the realm of Cyber Threat Intelligence (CTI). Effective collection is grounded in fulfilling the Priority Intelligence Requirements (PIRs) of the organisation. As the collection effort unfolds, CTI analysts must be able to interrogate and fully understand their collection sources. As an example, analysts do not have to be malware reverse engineers, but they must at least understand that work and know what data can be sought. This Workshop aims to provide CTI professionals with the appropriate methodologies to design and deliver on their collection effort. We will cover CTI collection best practices, including identifying key collection sources. The nexus between open-source intelligence (OSINT) and CTI will also be covered. Participants will earn to seek and exploit information from domains, external datasets, malware, Transport Layer Security/Secure Sockets Layer (TLS/SSL) Certificates, and more.