A Cyber Threat Intelligence Analyst detects, reports and proposes measures to mitigate cyber threats. The job of the Threat Intelligence Analyst is vital to today’s large companies, especially those that may be vulnerable to cybercriminals. What is Threat Intelligence? What does a Cyber Threat Intelligence Analyst do on a daily basis? Keep reading to find it out!
What is Cyber Threat Intelligence?
Cyber Threat Intelligence (CTI) or simply Threat Intelligence is a discipline that uses concrete evidence and context analysis to mitigate cyber threats. In other words, cyber threat intelligence produces information about computer threats that allows them to be prevented or mitigated.
This approach is different from that of cybersecurity and far from replacing it – it essentially complements it.
Cybercriminals are becoming more sophisticated. Sometimes, their interests are not merely economic, but political. For this reason, Cyber Intelligence is a very relevant discipline for both public and private sectors.
Cyber Intelligence is based on data collection and information analysis but it goes much further than that. It uses threat information to identify patterns and trends. Based on threat intelligence, the company makes decisions and defines mitigation and prevention plans.
With the data collected with Threat intelligence, companies can make more informed security decisions and be proactive to avoid potential cyber threats.
Types of Threat Intelligence
There are essentially four types of cyber threat intelligence:
- Strategic intelligence: This pertains to information regarding cyber security threats and details and is collected for high-level executives and management of an organisation. To collect strategic threat intelligence data, CTI analysts use ISAO reports, open source intelligence (OSINT) and external CTI providers, among others.
- Tactical intelligence: This provides information on the tactics, techniques and procedures (TTP) used by cybercriminals and is aimed at people who are in charge of computer resources and data protection
- Operational intelligence: This intelligence contains info about the nature and timing of future attacks and is collected from a variety of sources, such as social networks, antivirus logs, chats, etc.
- Technical intelligence: This info is based on the signs that an attack is starting and is often associated with operational threat intelligence
The importance of Cyber Threat Intelligence
So how does cyber threat intelligence help companies? As it turns out, in quite a few ways! For starters, threat intelligence allows IT security analysts to make better decisions which in turn helps strengthen a company’s defenses.
It helps professionals in the security department better understand the threats they face and the ones responsible for them and it also helps them mitigate attacks that are in progress.
Threat intelligence also allows professionals to prioritise incidents based on the impact they could cause and allows both cybersecurity and business stakeholders to feel more confident in their decisions.
Responsibilities of a Cyber Intelligence Analyst
Cyber intelligence experts are responsible for collecting data and information from various sources in order to identify, monitor, measure and counter cyber threats.
These professionals do this by using open sources and private reports, such as technical reports and third-party data sources. Threat intelligence analysts then use the information collected to prepare intelligence reports for clients or companies.
In addition to collecting information about the context and related potential threats, a cyber intelligence expert is responsible for investigating specific threats.
Depending on the exact role of the expert and the clients they work for, the analyst will be in charge of defining, preparing and coordinating responses to threats, as well as monitoring the results.
In more advanced cybersecurity and cyberintelligence teams, response actions are coordinated with the cybersecurity team and then executed.
What are cyber intelligence analysts responsible for?
- Collect data and information about from different sources, both open and private
- Investigate specific cyber threats
- Scan networks for suspicious activity, anomalies, and potential threats
- Assess potential threats
- Assess the latest threats to customer networks and data, as well as tips and recommendations for countering said threats
- Identify risks and TTP of attackers
- Analysis of the company context and related risks
- Prepare and explain cyber intelligence reports
- Coordinate the definition and execution of response to threats
> Find expert Cyber Threat Intelligence Analysts <
Skills of Threat Intelligence Analysts
Threat intelligence analysts have strong knowledge when it comes to different operating systems and concepts related to information security.
They also have an understanding of different programming languages, cybersecurity operations, security information and event management (SIEM) tools.
These professionals know about the different Threat Intelligence tools available and know how to exploit them. These tools are as follows:
- Threat intelligence communities: These communities share collaborative research and actionable advice to prevent threats.
- SIEM tools: Security information and event management tools help IT security experts monitor the network in real-time. They can then analyse unusual behaviours.
- Malware disassemblers: These are tools that reverse engineer malware so that security engineers better understand how it works and can protect themselves to potential similar attacks
- Tools for network traffic analysis: These tools record network activity to gather information that allows an easier detection of an intrusion.
They have experience working with various threat intelligence frameworks such as the Diamond Model and Cyber Kill Chain and are able to understand and tackle complex technical and contextual issues.
Join our IT freelancer community today! Create your freelance profile in just 2 minutes.
Cyber intelligence analysts possess strong analytical, strategic and tactical skills and have a curiosity to learn. They are also able to coordinate, communicate and work well with other teams.
Threat intelligence analyst skills:
- Knowledge of cyber threat intelligence and cyber vulnerability management practices
- Ability to analyse incident reports and follow up on incidents
- Experience identifying and evaluating emerging and persistent threats, trends, TTPs, attribution, or threat hunting
- Solid knowledge of incident management, problem management, and change management best practices
- Experience analysing multiple disparate data sources like Passive DNS, Threat Sources, Vulnerabilities, Attack Surface, etc.
- Experience with threat intelligence frameworks such as the Diamond Model and Cyber Kill Chain
- Knowledge of network security and/or operating systems
- Open source research experience
- Experience with SIEM tools and threat intelligence databases such as Datadog, Solarwinds, LogPoint, Graylog
- Knowledge of industry standard frameworks like NIST, FISMA and FedRAMP
- Valuable experience in forensic analysis of networks and/or hosts
Background and education in the Cyber Intelligence field
To work in the cyberintelligence sector, companies typically require threat intelligence analysts to have a bachelor’s degree in computer/electronic engineering, computing, information technology, or an equivalent field of study.
Additionally, experience in security operations, cybersecurity, first response management, and IT risk management is important for a career in cyber intelligence.
Postgraduate studies and certifications in cyber intelligence (Security+, Cybersecurity Analyst / CySA+, Cyber Threat Intelligence / GCTI) are valued by organisations, as well as specialised certifications and continuing education.
Here are some interesting training programs related to cyber intelligence:
- Cyber Threat Intelligence – IBM in Coursera
- Certified Cyber Intelligence Professional (CCIP) – NICC and McAfee Institute
- FOR578: Cyber Threat Intelligence
- Certified Threat Intelligence Analyst (C|TIA) – EC-Council
- Certified Cyber Threat Intelligence Analyst – Udemy
- Cyber Threat Intelligence (GCTI) – GIAC
Looking for a job in Cyber Threat Intelligence?
Find jobs here:
Salary
Entry-level analysts and beginners can earn approximately $61,000 annually. The average salary for Cyber Threat Intelligence Analysts is $104,000 whereas for senior analysts, the salary can go up to $165,500.
The salary range in Germany for Threat analysts is between €40,000 to €70,000 whereas in the UK, it ranges from £41,000 to £75,000.
Keep in mind that threat intelligence experts can have very different salaries, depending on their responsibilities, experience, company size and the industry they are in.
How much do Cyber Intelligence Analysts make?
| USA | $61,000 – $165,500 |
| Germany | €40,000 – €70,000 |
| UK | £41,000 – £75,000 |
How much do freelance cyber intelligence analysts make?
| Average hourly rate of freelance cyber intelligence analysts | $109/hour |
On average, freelance threat intelligence analysts earn an average of $109/hour (according to the freelancermap rate index in October 2022).
Considering an 8-hour working day, the daily rate for freelance analysts is around $872/day.
Most freelance analysts have an hourly rate between $91 and $330.
Other interesting profiles
- What does a Functional Analyst do?
- What Does An Inventory Analyst Do?
- What does a SOC analyst do?
- What Does An AI Auditor Do?
- What Does A Data Analyst Do?
» More job profiles in Data Science & Analysis
Looking to hire a skilled freelancer? Create your account in just 2 minutes and start connecting with top talent worldwide!
Sign up for free
