Cyber Threat Intelligence
Cyber Threat Intelligence Career Overview
Cyber Threat Intelligence (often shortened to CTI) enables organisations to gain valuable knowledge about cyber threats and build important defence mechanisms against them. The key role of a Cyber Threat Intelligence professional is to research and pre-empt attacks by cybercriminals. This is most often done by processing, analysing, and monitoring threat data. Threat data refers to a known list of malicious and blacklisted IPs, URLs, and domains. Studying this data, allows CTI professionals to stay one step ahead of cybercrime, mitigating the risk of damage to their organisation.
Although attack data will be an important part of the role, it is also important to research via other mediums. To be an effective CTI professional, it is beneficial to keep up to date with cyber security news, including new reports of attacks, and curate your own research on social media. Some CTI professionals also find it beneficial to study successful breaches, and examine why? who? and most importantly: how?
Threat intelligence is a challenging pathway because threats are ever-evolving, necessitating swift adaptation and prompt responses on the part of professionals, but equally rewarding when done right. The role of threat intelligence is one that is always looking to the future – it is dependent on professionals who are able to accurately predict attacks and can use their threat data to tailor defences against attackers’ motives, targets, and attack behaviours.
What are the roles and responsibilities of a Cyber Threat Intelligence Practitioner?
The tasks likely included in this role are as follows:
- Provide technical, management, and executive level stakeholders with cyber security evaluations and recommend action.
- Support Threat Hunting, Signature Development, and Threat Intelligence Platform (TIP) activities, threat actors' tactics, techniques, and procedures (TTPs) are being studied.
- Provide operational cyber intelligence assistance for active occurrences and participate as a member of the incident response team where appropriate.
- Keep the vulnerability management team informed of the newest risks by collaborating closely with them.
- Assess and improve technical intelligence inputs to get the most value.
- Build comprehensive threat actor profiles on target opponents, covering their strategies, tactics, and processes as well as their motives and strategic aims.
What is the salary of a Cyber Threat Intelligence Practitioner?
As of September 2022, the median salary for a Cyber Threat Intelligence Practitioner is £60,000, although salaries upwards of £120,000 for senior practitioners have been reported. Apprentice wages for this role are around £22,000 a year. Most of the higher salaries are based in the UK’s larger cities, so it is expected that roles elsewhere may offer lower wages.
Data has been taken from ITJobsWatch (IT Jobs Watch | Real-Time Digital & IT Job Market Trends & Actionable Insights), which calculates the median from job vacancies published online within the last 6 months.
What are the knowledge, skills, and behaviours required in Cyber Threat Intelligence?
- Integrate various and diverse types of data/information to produce simple and understandable analyses.
- Analytical thinking skills with an interest in research.
- Utilise formal techniques when managing open-source intelligence (OSINT).
- Continually assesses a course of action's likely social, commercial, cultural, ethical, and environmental repercussions.
- The utilisation of formal methods and techniques (for example Kill Chain, MITRE ATT&CK, Diamond Model)
- Creative thinking in anticipation of future threats.
- Strong communication and teamwork skills.
What are the career paths in Cyber Threat Intelligence?
Cyber Threat Intelligence positions will often be a part of the Security Operations Centre in most organisations. There are two levels of duty.
Cyber Threat Intelligence practitioner:
- Identifies the strategies, methods, and practices utilised by threat actors through researching and understanding the present and potential threats.
- Typically take part in projects for scenario-based testing and provide support for incident management.
Cyber Threat Intelligence senior practitioner:
- This role will be charged with extra duties such as high-level briefings, influencing others, and situational awareness of the existing and potential future cyber threats.
- Depending on the size of the organisation, this person might be the only cyber threat intelligence professional the organisation employs, or they might be the team leader.