What is Cyber Threat Intelligence?

CTI is the practice of collecting, processing, analyzing, and distributing information regarding prioritized threats to relevant stakeholders. That’s a mouthful! In the real world, CTI analysts/researchers work with people within their org to assess their assets, attack surface, and anything else that could be a target for cyber threat actors. Then, we collect information regarding threats to those important components. In a timely manner, we pass along that information, our assessment of risk, and our mitigation recommendations to the relevant stakeholders. We always solicit feedback on our delivered intelligence to improve the next product. We then restart the cycle!

How do I get into Cyber Threat Intelligence?

Great question and I love that you want to pursue CTI! CTI is not a function at all organizations. It is a specialized tradecraft typically seen in enterprise institutions. There is no one typical path to a career in CTI, BUT if I had to say the progression I see the most, I would say it starts with a SOC analyst role. Then, depending on what your org offers, the next step is usually a more specialized role. For example, possibly an Identity and Access Management (IAM) engineer or an Inside Threat Analyst. This could be where you look at CTI roles, or it could be the third step in your journey. You really get to choose your own adventure!

Outside of your role, I HIGHLY recommend creating your own content to demonstrate your interest in the field. For example, you could create a Medium blog. One post could be about how you mapped an intrusion to the Diamond Model or the Cyber Kill Chain. Another post could be about your research of an Advanced Persistent Threat (APT) and what you would recommend targeted orgs implement to protect themselves. This shows experience in the field even without having an official title.

What certifications should I get to become a Cyber Threat Intelligence Analyst?

Another somewhat annoying answer, but “it depends.” Certifications serve an important purpose and show a base level of knowledge. While no set of certifications guarantee a role, they definitely can be helpful and often allow you to explore new topics. Now to some helpful answers.

Any time someone mentions certifications, it summons this amazing roadmap by Paul Jerimy. There are not a ton of CTI-specific certifications and those that are are quite expensive. This answer highly revolves around your skill level. The answer may be “start with Security+” or if you’re seasoned in cyber, I may recommend GCTI right out of the gate. Hit me up for a more tailored recommendation!

What resources are available to learn more?

Well, well, well. You’re never going to believe this… but I happened to have a repository right here.