Updated April 8th, 2020
What Does It Mean To Be A Threat Intel Analyst?
Across the country, there is likely not a large number of kids who respond to the question, “What do you want to be when you grow up?” with the response, “Threat Intel Analyst.” However, if those kids knew more about the opportunities available in the threat intel space, maybe they would consider setting aside their life-saving, fire-fighting, or galaxy-exploring aspirations to enter the cybersecurity field.
So what does a Threat Intel Analyst do? Think about it this way: Threat Intel Analysts are the puzzle solvers or detectives in cybersecurity and primarily spend their time analyzing data on potential threats that could negatively impact organizations. Cyber threat intelligence is centered on the interaction of threat actors (both criminals and competitors), their motives, and the tools and tactics they use to cause trouble.
You tell us: does a Threat Intelligence Analyst sound like a job you’d put on your radar?
A Day In The Life
Threat intelligence is often referred to as a collection of indicators of compromise (IOCs). To understand what could be considered an IOC, Threat Intel Analysts need to understand protocols and system behavior.
A Threat Intel Analyst is a proactive role, so these analysts often sift through logs and search for systematic patterns of behavior in order to pinpoint anomalies. According to Cybersecurity Insiders, Threat Intel Analysts have a role to play in predicting – and preventing – attacks before they occur. “If an organization does not first understand its assets, infrastructure, personnel and business operations, then it cannot understand it’s presenting opportunities to malicious actors. Cyber threat intelligence can help us identify and address potential vulnerabilities in our operations and prepare accordingly.”
Threat Intel Analysts carry the responsibility to produce relevant, timely, and accurate intelligence about cyber threats. Analysts hone in on the “who, what, when, where, why, and how” of cyber threats. Analysts usually work in small teams to spread out work and create a squad with diverse skills. Three common roles or perspectives of Threat Intel Analysts fall into these three categories:
- Tactical Intelligence – Threat Intel Analysts spend a lot of time “on-the-network”, verifying events and foreign entities coming into the Security Operations Center.
- Operational Intelligence – Operational Intelligence focuses on neutralizing the attack. These analysts spend a lot of their time concentrating on the organization’s operating environment and any internal and external information that affects it.
- Strategic Intelligence – This type of intel bridges the gap between Threat Intel Analysts and senior management. Analysts generate findings with solutions in mind, advising senior management about risk management decisions and potential investments in network defense.
Every analyst needs to possess a combination of technical knowledge and analytical dexterity. Performing as a Threat Intel Analyst requires more than mentally sporting a trench coat and magnifying glass; he or she needs to be comfortable collecting evidence and drawing conclusions. When Threat Intel Analysts are not on the hot on the trail of malicious actors, they’re also responsible for drafting and submitting reports, often in plain language. In other words, they’re expected to provide reports to both non-technical stakeholders, as well as technical team members.
Most Valued Skills
- Information Security
- Project Management
- Business Process
No matter which way you look at it, the future is bright for individuals who want to pursue a career in threat intelligence. The U.S. Bureau of Labor Statistics reports that the demand for analysts in threat intelligence is projected to grow 22 percent through 2020, compared to an average of 14% growth for all occupations. Plus, Cyberseek reports that the average salary for Threat Intel lands at $80k/year and Glassdoor lists current positions boasting salaries ranging from $69k to 129k/year. According to LinkedIn, there are over 5,400 jobs pertaining to threat intelligence.
- Security Analyst
- Security Engineer
- Counterintelligence Analyst
Doesn’t Sound Like You?
If a career in threat intelligence doesn’t sound like a good fit for you, be sure to circle back for our next post in the Cybersecurity Roles blog series.
- Cybersecurity Architect
- Incident Responder
- Malware Analyst
- Penetration Tester
- Cybersecurity Auditor
- SOC Analyst
- Threat Hunter
- Vulnerability Management Analyst
- Network Administrator