Cyber Threat Intelligence (CTI) is the new kid on the block when it comes down to roles both within cyber security and within the wider practice of threat intelligence research. CTI is different from conventional “bomb and bullet” research both in terms of the skills that you use and the career path that you follow. This blog is intended to give a brief snapshot of the day-to-day of a typical CTI role and some of its key features.
The role of a Cyber Threat Intelligence analyst varies hugely.. Some of us spend our days analysing the technical infrastructure of cyber threats at a tactical level, others spend their days considering geostrategic developments at the strategic level. There are however common strands that unite all CTI analysts regardless of the organisation or technical specialism that they work within.
So, what can you expect from a day-to-day CTI analyst role if you aspire to this career path? Outlined below are some of the most common aspects of the CTI role.
The intelligence cycle with its four steps (direction, collection, analysis, dissemination) is the core of the intelligence analyst role, and the job is a constant flow across the four stages that never ends. Within the context of cyber threat intelligence numerous unique aspects apply, going into more depth on these phases:
Gaining access to data is critical to the success of the CTI enterprise. Although not all of us develop sources, many of us are involved in developing new sources of data. These sources can be divided down into two broad categories
The trick with sources is getting just the right “blend” that match up to your intelligence requirements. This is where the art of CTI comes into play as there is not much point in having a load of primary sources gathered from the dark web if the majority of your intelligence requirements are around nation state espionage activity.
Cyber threat intelligence training never really ends for the professional CTI analyst. As the threat evolves, our skills and knowledge must continuously develop to be able to identify and analyse it. Training takes many forms from informal research to study towards more formal qualifications such as the CREST CTI analyst and management qualifications.
No one person knows everything about the threat landscape and there are always different viewpoints that can be taken towards the often highly subjective issues that surround CTI practice. While client confidentiality is always paramount, there is a very strong cross industry CTI community with many formal and informal gatherings on both the local and global levels. For many, this community is not only an invaluable source of data on new cyber threats but is a key contributor to the community spirit of CTI.
This blog has intended to give a brief taster of some of the key points of being a CTI analyst and touches on the essentials of what is a fascinating role and a genuine career path into infosec. There are, of course, more technical roles in information security but being a CTI analyst presents you with a unique opportunity to engage with the cutting edge of security issues as well as getting privileged security insights into issues that most people are unaware of.