diff --git a/README.md b/README.md
index ef1d831..c4276db 100644
--- a/README.md
+++ b/README.md
@@ -23,8 +23,9 @@ A collection of essential resources related to cyber threat intelligence theory.
 | [International Journal of Intelligence and CounterIntelligence](https://www.tandfonline.com/journals/ujic20) | An argument that CTI is a product without a process, which has several underlying causes and consequences for the CTI practice. It is also argues that the field needs to implement traditional intelligence analysis and methodology, rather than add more technology | [Cyber Threat Intelligence: A Product Without a Process?](https://www.tandfonline.com/doi/full/10.1080/08850607.2020.1780062) |
 | [mxm0z](https://github.com/mxm0z/)|This is a collection of useful resources concerning intelligence writing such as manuals/guides, standards, books, and articles|[Awesome Intelligence Writing](https://github.com/mxm0z/awesome-intelligence-writing) |
 | [threat-intelligence.eu](https://threat-intelligence.eu) | Technical standards related to threat intelligence | [Standards related to Threat Intelligence](https://threat-intelligence.eu/standards/) |
-| Joe Slowik | Threat Intelligence and the Limitations of Malware Analysis | [dragos.com](https://www.dragos.com/wp-content/uploads/Threat-Intelligence-and-the-Limits-of-Malware-Analysis.pdf) |
-| Joe Slowik | Analyzing Network Infrastructure as Composite Objects: While network infrastructure indicators and observables are typically viewed as atomic objects, seeing these items as composites enables powerful analysis able to keep pace with adversary evolution | [domaintools.com](https://www.domaintools.com/resources/blog/analyzing-network-infrastructure-as-composite-objects/) |
+| [Joe Slowik](https://twitter.com/jfslowik) | Threat Intelligence and the Limitations of Malware Analysis | [dragos.com](https://www.dragos.com/wp-content/uploads/Threat-Intelligence-and-the-Limits-of-Malware-Analysis.pdf) |
+| [Joe Slowik](https://twitter.com/jfslowik) | Analyzing Network Infrastructure as Composite Objects: While network infrastructure indicators and observables are typically viewed as atomic objects, seeing these items as composites enables powerful analysis able to keep pace with adversary evolution | [domaintools.com](https://www.domaintools.com/resources/blog/analyzing-network-infrastructure-as-composite-objects/) |
+| US Government | Analytic Tradecraft Primer on Structured Analytic Techniques | [stat.berkeley.edu](https://www.stat.berkeley.edu/~aldous/157/Papers/Tradecraft%20Primer-apr09.pdf) |
 
 ### `CTI Frameworks`