Navigation
AboutExperienceBlogResourcesMerchContact

inquiries@ctijen.com

CTIJen Resources

People, Orgs
& Communities

This isn't a database pull — it's a curated list of practitioners, organizations, and communities that I have learned from, worked alongside, or recommend without hesitation.🙌

01 — People02 — Organizations03 — Communities04 — Newsletters
01 — People

People to Follow

These are the practitioners I'd point any CTI analyst toward on day one — educators, builders, and community leaders who consistently put out work worth your attention.

KN
Katie Nickels
Director of Intelligence, Red Canary

SANS instructor, CTI advocate, and supporter of Cyberjutsu Girls Academy. Katie has a rare ability to make complex intelligence concepts genuinely accessible without dumbing them down.

If you follow one person in CTI, make it Katie.

LinkedIn
WT
Will Thomas
Senior TI Advisor, Team Cymru · aka Bushido

SANS co-author and founder of BushidoToken Threat Intel and Curated Intelligence. Will produces some of the most consistently rigorous open-source threat research in the field.

Follow for deep technical tracking of threat actor infrastructure.

LinkedInWebsiteTwitter
JS
Joe Slowik
CTI Consultant, Paralus LLC

MITRE ATT&CK lead with former roles at Dragos, DomainTools, Huntress, and Gigamon. Joe brings a level of analytical rigor to threat intelligence that is genuinely rare.

Essential reading for anyone doing ICS/OT or attribution work.

LinkedInTwitter
BT
Brett Tolbert
Principal CTI Analyst, Exelon

Community educator and Cyversity mentor who gives back to the field in ways that go well beyond his day job.

A model for what community-minded CTI practice looks like.

LinkedIn
JF
Jennifer Funk
CTI Analyst · aka Alt Funktion

Content creator sharing CTI education through TikTok and her website. Background in military and marketing — she brings an angle on communication that most analysts never develop.

Proof that CTI education doesn't have to be dry.

LinkedInWebsite
MJ
Matt Johansen
Security Educator · Creator of Vulnerable U

Speaker and infosec community advocate who has built one of the most genuinely useful security newsletters out there.

Vulnerable U is required reading. Full stop.

LinkedInTwitterVulnerable U
JE
Jen Easterly
Former Director, CISA

Cybersecurity leader focused on public-private partnerships and cyber resilience. Helped shape the modern US cyber posture during a pivotal era.

For the big picture on how policy and intelligence intersect.

LinkedIn
CL
Christopher Luft
Co-founder, LimaCharlie

Organizer of the Cybersecurity Cares annual charity telethon and one of the most quietly impactful people in the security community.

Building tools and community in equal measure.

LinkedIn
GC
Grace C
Cofounder & COO, Pulsedive

CTI platform builder and community extraordinaire. Grace brings both technical depth and genuine warmth to everything she does in this space.

An incredible human being and CTI extraordinaire.

LinkedIn
02 — Organizations

Groups & Orgs to Know

Organizations producing valuable CTI research, frameworks, and tooling that I regularly reference and recommend.

The Citizen Lab
ResearchHuman Rights
Interdisciplinary research hub at the University of Toronto investigating the intersection of technology, human rights, and global security. Some of the most important surveillance and spyware research comes out of here.
WebsiteBluesky
Curated Intelligence
CommunityThreat Tracking
A collective of CTI professionals sharing intelligence, insights, and collaboratively tracking threats. The collective model means the output is consistently broader than any single vendor can produce.
WebsiteTwitter
Tracking Ransomware
RansomwareNonprofit
Nonprofit watchdog monitoring ransomware actors and leak sites in near real-time. An invaluable free resource for anyone tracking financially motivated threat actors.
WebsiteBluesky
DFIR Report
Incident ResponseTTPs
Detailed, technical breakdowns of real-world intrusions by incident responders. If you want to stay current on how threat actors actually operate inside networks, this is your primary source.
Website
MITRE ATT&CK
FrameworkFoundational
The globally used framework for describing and categorizing adversary behavior. If you work in CTI and aren't fluent in ATT&CK, start here. MITRE's research and tooling are foundational to the entire field.
Website
03 & 04 — Communities & Newsletters

Where to Gather

Places to hang out, stay informed, and find your people in the CTI and broader security community.

CommunityPlaces to gather
LimaCharlie Community

Security-focused Slack group for detection engineers and CTI professionals. Great conversations, genuinely good people, no noise.

Join the Slack
CYA Security

Cyber security awareness in plain language. Daily news, tips, and career guidance for those breaking into cyber. Welcoming to newcomers in a way not every corner of this field is.

Visit
NewslettersWorth your inbox
CyberThreat.Cafe

Written for CTI professionals and researchers. Stays focused, stays practical, respects your time. Exactly what a good newsletter should do.

Subscribe
Thomas Roccia — Security Break

Books, trainings, coaching, and a newsletter from a seasoned CTI practitioner. Thomas brings a thoughtful, practitioner-first perspective that's worth your inbox space.

Subscribe

Know someone or something that should be on this list? I'm always looking to expand it! Reach out and make the case.

Suggest someone →