What is Cyber Threat Intelligence?
CTI is the practice of collecting, processing, analyzing, and distributing information regarding prioritized threats to relevant stakeholders. In practice, CTI analysts work with people within their org to assess assets, attack surface, and anything that could be a target. We collect information on threats to those components, pass along our assessment of risk and mitigation recommendations to relevant stakeholders in a timely manner, solicit feedback to improve our next product, and restart the cycle.
How do I get into Cyber Threat Intelligence?
There's no single path, but if I had to describe the most common progression: it often starts with a SOC analyst role. From there, a more specialized role follows — maybe IAM engineer or Insider Threat Analyst. CTI roles often come next. Outside of your day job, I highly recommend creating your own content — a Medium blog with posts mapping intrusions to the Diamond Model, or researching an APT and writing your mitigation recommendations. This demonstrates field experience without needing an official title.
What certifications should I get?
The annoying answer is 'it depends.' Certs show a baseline level of knowledge and can definitely help, but no set of certs guarantees a role. If you're brand new to cybersecurity, start with Security+. If you're already seasoned in cyber and ready to go deep on CTI, I'd recommend GCTI right out of the gate. For the full landscape, Paul Jerimy's Security Certification Roadmap is indispensable. Hit me up for a tailored recommendation.
What resources are available to learn more?
Well, well, well. You're never going to believe this… but I happen to have a repository right here.
Have a question that's not answered here? Send it over and I may add it to the list!
Ask a question →