Learn the Skills of a Threat Intelligence Analyst
After completing this unit, you’ll be able to:
- Describe the responsibilities of a threat intelligence analyst.
- List key skills needed to become a threat intelligence analyst.
Have You Considered a Career in Cybersecurity?
Do you like to play detective and research challenging questions? Do you want to be involved in a career at the intersection of policy, current affairs, technology, financial crimes, computational propaganda, and geopolitical conflict? Are you a strategic thinker and expert crisis manager? Then threat intelligence may be the career for you.
Threat Intelligence Analyst Responsibilities
Threat intelligence analysts safeguard computer networks and systems by identifying threats through information collection and intelligence analysis. They can work in the government or the private sector. Let’s meet Juliana. She’s a threat intelligence analyst at a financial corporation that provides personal and business banking services to customers. Each day, she analyzes tactics, techniques, and procedures (TTPs) of threat actors. She produces written, actionable intelligence on current and developing threats, and supports incident response, red team, and forensic efforts.
As a threat intelligence analyst, Juliana is responsible for gathering intelligence and identifying threats. Here is more detail on what actions she performs.
- Creates hypotheses to drive threat hunting efforts by asking questions about who may be interested in compromising her organization’s employees or data, when an attack may have occurred, what the attacker is after, and where attackers may be found. This is paramount to understanding how to defend and where to look for more threat intelligence.
- Gains an understanding of political and current affairs and their impact on security risks. She also understands advanced persistent threats (APTs), and their infrastructure. She seeks to understand the threat landscape and identifies emerging threats to help her organization prioritize its cyberdefenses and protect against sophisticated attacks.
- Produces intelligence reports and threat assessments for the organization’s security operations center (SOC) staff, management, and other stakeholders.
- Communicates findings to stakeholders by writing reports, holding calls with other analysts, and giving briefings.
- Performs research into threats to uncover additional context and scale to better understand what we know about a threat, why it matters, and what’s unique about it.
- Uncovers new threats while threat-hunting and leveraging tools like statistical analysis and machine learning when necessary.
In the event of a breach, Juliana does the following.
- Assists with the response to a breach (should this occur) and determines whether to monitor or disrupt attacks.
- Conducts investigations to support the incident response and contain the breach.
- Helps the organization adapt so that the same attack vector cannot be exploited again in the future.
- Integrates new adversary tactics and threat data into security tools.
Threat Intelligence Analyst Skills
Like Juliana, you’re excited by the tasks of collecting and analyzing information in order to find out who may be interested in compromising your data. So, what education and skills do you need to pursue this career?
In many cases, a bachelor’s degree is required for entry level jobs. Degrees in information systems, or another field that requires critical thinking, research, and communication, such as international relations, journalism, economics, or political science are often a good fit for the role.
Employers seek candidates who have 3 to 5 years of experience in threat analysis, and report writing. Experience in data analysis, information technology (IT), security, incident response, vulnerability management, penetration testing, ethical hacking, and blue teaming are all valuable.
However, cybersecurity professionals don’t fit into a fixed mold. Strong technologists are not necessarily the best threat analysts. Employers look for experience in strategy, research, and writing, and skills in presenting threat information tailored to audiences at various levels of seniority and technical expertise. Many threat intelligence analysts have backgrounds in fields such as law, law enforcement, economics, accounting, or military intelligence.
To help you skill up or get your foot in the door, pursuing a certification is a great idea. Some common certifications for threat intelligence analysts include the Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCIH), GIAC Cyber Threat Intelligence (GCTI), GIAC Reverse Engineering Malware (GREM), and Certified Incident Handler Engineer (CIHE).
As a threat intelligence analyst, having a good understanding of the basics such as different operating systems and information security concepts is also key. You should also have strong familiarity with strategic, operational, and tactical threat intelligence. It’s also helpful to have knowledge of data collection and acquisition techniques. You should have prior knowledge of security operations, programming languages, and security and information event management (SIEM) tools. You should also know about the analysis of competing hypothesis (ACH) technique, the Courses of Action matrix, and various threat intelligence frameworks such as the Diamond Model, MITRE ATT&CK, and Cyber Kill Chain.
In addition to these technical skills, it’s just as important to hone your business skills. A huge part of being successful as a threat intelligence analyst is being able to think strategically and manage crises. Threat intelligence analysts are creative problem solvers. They like to research, communicate, write, and collaborate as part of a team. They are curious and persistent in asking questions and digging through information to help mitigate risk. They love working on big problems and learning new things.
Threat intelligence analysts can work in a variety of fields because the subject matter is relevant to everything from business services, to application security, to technology adoption. There’s always something new to learn, and threat intelligence analysts have a direct impact on preventing and minimizing the effects of cyberattacks. What’s more, this job is in demand; you won’t have a problem finding a vacancy to fill. Sounds pretty great, right?
Sum It Up
In this module, you’ve been introduced to the goals of threat intelligence, learned more about the importance of analyzing threats and producing actionable intelligence, and discovered the responsibilities and skills of a threat intelligence analyst.
In the next module, Threat Intelligence Analyst Responsibilities, you learn how to identify threats by gathering intelligence and creating hypotheses, and how to protect the business by investigating threats using intelligence feeds and IOCs. You also learn more about your role in detecting malicious activity and responding and recovering from incidents.
Interested in learning more about cybersecurity roles and getting to know security professionals? Hop on over to the Cybersecurity Learning Hub on Trailhead.