Threat intelligence analysts collect network information and employ intelligence analysis to identify threats and safeguard computer networks and systems. This article lists the responsibilities of threat intelligence analysts and the must-have skills to acquire to succeed in this role in 2022.
Role of a Threat Intelligence Analyst: Job Description
Threat intelligence analysts leverage threat intelligence to identify, comprehend, and decipher emerging threats. They closely monitor the indicators of compromise (IOC) and take remedial action in case of a breach.
A threat intelligence analyst (TIA) analyzes and detects cyber threats and malware impacting an enterprise. They investigate the level of threat posed by an attack and consequently enable organizations to take informed cybersecurity-based business decisions. These professionals are aware of the cybersecurity risks of concern for different industry verticals and help secure the critical assets that need protection. Threat intelligence analysts prioritize threats and focus on the most severe ones.
The job of a threat intelligence analyst is not an entry-level post — it requires relevant experience in cybersecurity and computer networking. Although threat intelligence analysts do not work on IT infrastructure directly, previous experience as a network engineer or administrator will give them the cushion to fully understand the entire threat landscape.
The fundamental responsibilities of a threat intelligence analyst include the following:
Threat Intelligence Analyst Role
1. Gathering raw data
Threat intelligence analysts gather raw data from networks under consideration. Keeping a tab on data records is essential as they play a crucial role in data assessment and evaluation. Collecting raw data undermines the historical information that can help analysts identify internal network pathways, track activity logs, and dive into past incidents.
Threat analysts also keep a close watch on external links circulating within the network that associate themselves with the dark web, open web, or other technical sources. Generally, threat data traverses the network through external links found in applications, emails, and messages.
2. Sorting and filtering data
Once the data is collected, the next task for intelligence analysts is to organize, sort, and filter the data. With plenty of information passing through the network and being stored, a single threat can disrupt the entire system. Hence, sorting and filtering all the network data is essential to prevent malware and high-risk data from penetrating the system.
3. Investigating threats
Upon sorting and filtering out the harmful and valuable data, analysts now point out the cause of the problem. They identify its source and determine how it all started. Their eventual goal is to track the company’s network flow and check areas that are vulnerable to potential security problems. This evaluation develops a robust, protective shield against any possible data breaches. It also creates a near-perfect preventive action plan that can counter a similar problem in the future.
4. Analyzing network activity
Threat intelligence analysts have to be proficient at analytics. They analyze current network activity to predict future cybercrime trends. They produce actionable intelligence on current and developing threats by analyzing various threat actors’ tactics, techniques, and procedures (TTPs). These insights streamline the incident response and digital forensic efforts.
5. Propel threat hunting
Apart from identifying threats and gathering intelligence, threat intelligence analysts perform certain routine activities like pushing threat hunting efforts by creating hypotheses. This can be achieved by asking when an attack may have occurred, what the attacker is looking for, and what their target system is?
These questions help understand the attacker’s mindset, how to defend against these threats, and where to look for more threat intelligence. Threat intelligence analysts leverage advanced machine learning tools for statistical analysis to discover new and emerging threats while undertaking threat-hunting.
6. Prioritizing cyber defenses
Threat intelligence analysts need to understand the impact of various political and current affairs on an organization’s security risks. They should also have complete knowledge of several threats types, including advanced persistent threats (APTs) and their infrastructure. This helps prioritize cyber defenses and define an action plan against specific attacks.
7. Generating intelligence reports
Perform threat assessments and generate intelligence reports for the organization’s security operations center (SOC) staff, executives, management, and other stakeholders. This involves communicating the findings to other analysts and subordinates by holding calls, meetings, and briefings.
8. Performing threat research
Perform regular research on threats to unravel additional context and scale of threats. It develops a better understanding of what we know about a threat, why it matters, and what’s unique about it. The role underscores three fundamental tasks: technical research, intelligence research, and the appropriate authority to communicate the research findings.
In the event of a breach, a threat intelligence analyst performs the following tasks:
- Assists with the response: Determines whether to monitor or disrupt the attacks
- Conducts investigations: Supports incident response and contains the breach
- Learns and adapts: Helps the organization adapt and, in turn, avoid the same attack vector from being exploited in future
- Uses adversary tactics: Integrates threat data and newer tactics into security tools
Thus, threat intelligence analysts play a proactive role in addressing potential vulnerabilities in an organization.
According to The U.S. Bureau of Labor Statistics’ Information Security Analyst’s Outlook, the demand for cybersecurity jobs is on the rise and is expected to grow 31% through 2029. This rise in demand comes with a healthy pay package. Payscale reports that the average base salary for a threat intelligence analyst ranges around $75k annually (as of February 02, 2022).
See More: Cyber Threat Analyst: Key Job Skills and Expected Salary
Threat Intelligence Analyst: Key Must-Have Skills for Success in 2022
A willingness to learn is a must-have skill for cybersecurity aspirants. A specialization degree is not always the main criterion for a career in cybersecurity. An individual who understands professionalism, has a passion for this field, and is eager to learn how technology evolves, can excel in this domain.
Threat intelligence analysis is much more than hacking or coding. It involves developing a deep understanding of how people think and function, i.e., understanding the human element. The ability to grasp the changing dynamics of the technology landscape can be a bonus for these professionals.
Let’s look at the must-have skills for a threat intelligence analyst.
Key Skills for Threat Intelligence Analysts
1. Formal degree in a related field
A bachelor’s degree is inevitable for entry into cybersecurity in most cases. A degree in computer science, computer engineering, information systems, or another field that substantiates critical thinking, research, and communication is mandatory for this role. A bachelor’s degree in international relations, journalism, law, law enforcement, economics, accounting, military intelligence, or even political science can also help you get into cybersecurity.
Potential employers look for candidates with relevant experience of around three to five years in threat analysis and report writing. Additionally, possessing some work experience in information technology (IT), security, data analysis, incident response, vulnerability management, penetration testing, and ethical hacking can benefit a threat intelligence professional.
Some employers may also demand experience in strategy, research, and writing and seek candidates with good presentation skills. These analysts are expected to present threat information to a wider audience which includes a mix of seniority levels with different technical expertise.
3. IT certifications
The right degree, experience, and relevant certification can help you upskill and grab the attention of employers. Some standard IT certifications that can prove beneficial for aspiring threat intelligence analysts include:
- Certified Information Systems Security Professional (CISSP)
- GIAC Certified Incident Handler (GCIH)
- GIAC Cyber Threat Intelligence (GCTI)
- GIAC Reverse Engineering Malware (GREM)
- Certified Incident Handler Engineer (CIHE)
- Information Systems Security Engineering Professional (ISSEP)
4. Knowledge in diverse disciplines
Threat intelligence analysts are expected to have a fundamental understanding of different operating systems and concepts related to information security. They should have a good understanding of strategic, operational, and tactical threat intelligence. Additionally, analysts should know programming languages, security operations, and SIEM tools. They also need to be well-versed with various threat intelligence frameworks such as the Diamond Model, MITRE ATT&CK, and Cyber Kill Chain.
5. Technical proficiency
A threat intelligence analyst should have a sound understanding of coding, system administration, and intrusion detection and prevention systems. Additionally, they should manage attack methodologies, techniques, and tools. The proper technical know-how of concepts related to network or operating system security, security operations, and incident response can be beneficial. Technical proficiency is also required in areas such as network monitoring, computer forensics, technical executions, and more.
6. Interpersonal communication skills
Threat intelligence analysts should balance their technical capabilities with strong communication skills. Security teams prefer professionals who can collaborate with each other, as this can reveal newer threats and address new challenges more effectively.
Analysts must handle rapid response situations and detail their findings, evaluations, and risk assessments to other teams effectively and clearly. This requires the ability to break down complex technical information and convey it to various stakeholders in a digestible form. This way, each team can be made aware of the security risks, and they can better understand the information being presented.
7. Innovative problem-solving capabilities
As cyber threats continue to rise, employers are looking for candidates who can take up complex challenges and provide creative solutions. Handling critical situations with a stable and calm mind is viewed as a soft skill of high importance. With the increased sophistication and continued evolution of cyberattacks, these analysts should provide simple yet innovative solutions for intricate security problems.
8. Strategic, operational, and tactical awareness
Knowing the origin of an attack and how it began its journey is crucial. First, you need to identify the emerging threats and then decode their trends and patterns to get to the source. A threat intelligence analyst should have a strong foundation in technology, tools, and the methods various threat actors employ to counter them and prevent their actions from damaging the system. This can be broken down into three main categories: strategic, operational, and tactical acumen.
Strategic intelligence offers a holistic view of various threats as it recognizes the purpose and capabilities of the threat. This information is, in turn, used to inform the stakeholders and also provide timely alerts. Operational intelligence is often observed in forensic reporting. It aids in providing appropriate responses or actions against the identified threats. Lastly, tactical intelligence leverages intelligence to provide a network overview, verify events, and track foreign entities entering the security operations center by monitoring IOCs or TTPs used by threat actors.
9. Subject matter expertise
To have a successful career as a threat intelligence analyst, at some point in time, one needs to become a subject matter expert, especially for a specific geographic region. The expertise you gain when serving as a regional SME reflects the quality of threat reports you produce. The bare minimum requirement is to stay up to date on the geopolitical issues plaguing your region of expertise.
Moreover, the ability to grasp foreign/regional languages can help you scan relevant publications in their original form. Expertise in learning foreign languages enables you to understand the regional sentiments on geopolitical issues, which can complement the news sources you are familiar with.
10. Business skills
In addition to technical skills, a threat intelligence analyst should be equipped with essential business skills. The analyst is responsible for managing crises and making critical strategic decisions in collaboration with the stakeholders to help mitigate risks. These analysts should have a curious mind and a strong inclination towards research. They should be persistent in asking tough questions to dig through the information and resolve security matters efficiently.
As the subject matter relates to several fields, threat intelligence analysts are required across various business services and tech industries. Thus, threat intelligence analysts play a crucial role in preventing and minimizing the impact of cyberattacks on organizations.
See More: Career Path in Cybersecurity: How to Enter, Key Skills, Salary, and Job Description
Since the onset of the COVID-19 pandemic, the cybersecurity field has witnessed a significant boom. Cybersecurity professionals are routinely challenged, thereby echoing the need for actionable threat intelligence. As cybercrimes pick up and malicious attacks evolve, threat actors grow in sophistication by adopting newer skills and technologies.
Consequently, the potential defenders for the attacks are in high demand constantly. So, the future looks bright for individuals who have an investigative mind and want to pursue a career in threat intelligence.
MORE ON CYBERSECURITY CAREERS