Reading:
The Role of Cyber Threat Intelligence Analyst

The Role of Cyber Threat Intelligence Analyst

by rootsun
October 29, 2020

Who are CTI analysts?

Cyber threat analysts are specialists in cyber threat, who use their analytical and technological skills to address complex cyber threat challenge issues, generate detailed reports, and brief the company on short and long-term security concerns. This work involves effort, creativity, research, and technical skills.

Cyber threat intelligence analysts perform an all-source analysis of an attacker that is aimed to exploit against an organization’s data networks, sensitive infrastructure, and cyber-related interests to identify, track, analyze and counter threats posed by global or local cyber players.

Why are CTI analysts important?

The cyber-world is very unstable and the human factor is of great importance. Because cyber defense strategies, products, or artificial intelligence technologies can stop adversaries up to one point. Understanding the hacker’s world and their motivations, doing research on the causes of cyber-attacks can only be achieved through people with emotional intelligence and technical security background. That’s why CTI analysts are critically important for all kinds of organizations.

CTI analysts usually, track hackers via posts on social media, on websites/forums, and/or on the dark web to look at what they are writing, talking, and how they are reacting to incidents to understand a little more about them. Analysts need to do this to have an idea about adversaries’ tactics, techniques, and procedures. Understanding the threat actors’ tactics, techniques and procedures allow for their activity to be expected. Furthermore, an understanding of threat actors’ intent and potential enables CTI analysts to respond accordingly and to minimize its effect in the event of an attack.

A major part of their work includes analyzing the threats the organization faces and writing a report accurately. They have to pay attention to find out any indicator of compromise (IoC) and go further and deeper for their investigation. Based on their analysis, CTI analysts feed the other teams at the organization so they can make better business decisions to protect the organization and day to day business operations.

In a nutshell, CTI analysts play an important role in any organization for the following reasons.

  • The identification of cyber vulnerabilities aims to reduce total cybersecurity costs and preserve company money.
  • It helps to reduce the risk of cyber-attacks.
  • Intelligence on cyber threats enables executives to make informed decisions on security
  • Helps the security team to analyze and strengthen the organization’s general security status.
  • It helps to make security teams in an entity more successful.

What kind of technical skills are needed for being a CTI analyst?

You should be professional and solid with your expertise when looking for a position as a cyber threat analysis analyst. CTI analysts are expected to have deep knowledge and hands-on experience, on the following technical subjects:

  • Network security
  • Digital forensics
  • Intrusion detection/prevention systems
  • Expert understanding of cybersecurity principles
  • Cyber threat intelligence
  • Attack methodologies and tools
  • Security operations and incident response technologies and methodologies
  • Common frameworks such as MITRE ATT&CK, MITRE PRE ATT&CK diamond method cyber kill chain, and others
  • A strong understanding and familiarity with the intelligence cycle
  • Experience tracking APTs and criminal actor groups

What other essential skills are needed for being a CTI analyst?

Other than their technical skills CTI analysts are prefered to have following social:

  • Research and analytical skills
  • Ability to think creatively
  • Excellent writing/communication skills
  • Attention to details
  • Strong verbal presentation
  • Teamwork skills

What are the challenges for CTI analysts?

Technical knowledge and experience

The cyber threat intelligence collection is often very demanding from a technical point of view if carried out correctly. A good analyst should be nearly instantaneously able to assess what is clearly right or obviously wrong, which needs intense technical knowledge and cybersecurity knowledge.

Language skills

The enormous volume of intel in the surface and dark web comes in a number of languages. This language, terminology and the slang used by adversaries must be known to the analyst. Unfortunately, automatic translation services are not good enough, because the analyst needs to know with whom to speak, and how to fit into the virtual environment without being suspicious.

Financial knowledge

Since CTI is a major client for financial organizations, the analyst needs to understand the financial fields a little bit such as how the SWIFT networks operate, where credit card fraud can be detected, how cybercriminals monetize them, etc.

Correlation and classification skills

A large number of information is required to be analyzed by the CTI Analyst, who needs outstanding experience in the quick and efficient analysis, correlation, interaction, and classification of data sets.

Geo-political knowledge

The geopolitical situation has a strong influence on the Internet domain. Sometimes, analysts need to consider relations between nations, current agenda, global history, and more in order to understand, analyze, and evaluate the information.

Reporting skills

CTI analysts are able to share their findings, recommendations, and action items in a report that simplifies the results to enable even non-technical personnel to understand and appreciate it.

Although a lot of people feel they are competent enough to begin a life as an intelligence analyst for cyber threats, the work is undoubtedly very challenging. Since it needs a mixture of good programming and language ability plus outstanding observational capabilities, individuals with the correct combination can also be challenging to find.

What are the job opportunities and demand for cyber threat intelligence analysts?

Solutions and services for the threat intelligence market have been applied through numerous vertical sectors, such as government and defense, banking, financial services, insurance, IT, telecommunications, health care, retail, transportation, electricity, utility, manufacturing, educational services and etc. The threat intelligence market is expected to rise from USD 5.3 billion in 2018 to USD 12.9 billion by 2023. The demand for threat intelligence analysts gathers steam as threat intelligence strategies proactively provide for protection against emerging cyber threats. All these statistics show how much they need for cyber threat analysts will be in the near future.

What is the EC council’s certified threat intelligence analyst (C|TIA)?

Certified threat intelligence analyst (C|TIA) is designed and developed in collaboration with cybersecurity and threat intelligence experts across the globe to help organizations identify and mitigate business risks by converting unknown internal and external threats into known threats. It is a comprehensive, specialist-level program that teaches a structured approach for building effective threat intelligence.

It is the one and only specific and well-recognized certification for CTI analysts. Earning a certification like certified threat intelligence analyst (C|TIA) will definitely help prepare you for this job but won’t be enough by itself.

SOCRadar’s qualified and certified analysts always ready to help

SOCRadar also offers certified analyst support who are passionate about solving dedicated complex cases to give their customers the best support. Analysts increase their theoretical and particulate knowledge in the best way by obtaining certificates recognized in international platforms. They take the fastest action and support customers by making the best analysis against comparative problems.