Many heroes of war come with stories of superior field tactics and valor on the battlefield; Alan Turing was not one of these heroes. Winston Churchill credited Turing with the single biggest contribution to the Allied victory in World War II, yet Turing never fought in any battles or even fired a gun. Turing became a hero through his completion of the seemingly impossible task of cracking Germany’s message encrypting machine known as Enigma.
Before cracking Enigma, German U-Boats were sinking Allied ships at a detrimental rate in The Battle of the Atlantic. Supply lines to Great Britain were obliterated, causing fear that the country would starve, and the Allies would lose the war. Through Turing’s code-breaking machine, known as The Bombe, Allied forces were able to use German communications to locate and destroy German U-Boats, thus turning the tide of the war.
Many historians credit Alan Turing with ending World War II years early, and saving millions of lives through the classified intelligence that The Bombe was able to decrypt.
Today, intelligence (and the ability to decrypt it) plays a crucial role in the world of cybersecurity. Without intelligence on active and potential threats, hunt analysts and security engineers have no way to target their efforts, thus rendering them ineffective. This is where the threat intel analyst turns intelligence into an extremely potent cyber-defense tool. In the most literal sense, knowledge is their power.
What does a Threat Intel Analyst do?
A threat intel analyst specializes in monitoring and analyzing active as well as potential cybersecurity threats, while gathering useful intelligence from an incredibly wide spectrum of sources. To uncover intel, a threat intel analyst must pay attention to industry news, security threats outside of their network and the intentions of potentially threatening entities. They must always keep their finger on the pulse of cybersecurity, while also looking forward in an effort to anticipate the next threat.
While this career may sound similar to the security hunt analyst role, there is a fundamental difference between the two. The security hunt analyst is an expert in tracking down active threats and there efforts are primarily focused on what’s happening in the present. Threat intel analysts have to focus on the present and the future in order to provide hunt analysts with useful intel. If the hunt analyst is a police officer, the threat intel analyst is headquarters. Headquarters uses their collected data to advise street units on which neighborhoods they should be patrolling, and what kind of threats are present in those areas. The officers use the information that they’ve been given to help guide the direction of their efforts and to prepare themselves for the potential threats that they may encounter.
Skills you’ll need for intel gathering.
Communication, communication, communication. We’ll get to the other skills that a threat intel analyst needs to succeed in their role, but the importance of effective communication skills cannot be overstated. A threat intel analyst must be able to condense endless pages of gathered intelligence into a report that an experienced security engineer and a less cyber-savvy account executive can understand at an equal level. A threat intel analyst may discover an impending wave of advanced cyber-attacks, but if they can’t effectively relay their findings to the rest of their organization, the organization won’t make any changes and will remain vulnerable to the imminent threat. The intelligence that has been gathered is worthless.
Other useful skills include an aptitude for research, and the ability to think creatively. Research and creativity don’t typically go hand-in-hand, but this role is the exception to the rule. The cybersecurity threat landscape changes at such an expeditious rate that providing intel on the present state of the industry isn’t enough to be an effective threat intel analyst. In order to provide useful intelligence, threat intel analysts must think creatively, and anticipate future threats. A threat intel analyst must ask themselves “who would attack our network? How would they attack us? Why would they attack us? And what assets would they take if they were able to breach our network?” For the threat intel analyst, anticipation is the name of the game.
Heroes reap many rewards.
Effective intelligence gathering is an incredible tool for security teams and virtually any organization. According to Payscale, the average salary for a threat intel analyst is around $65,000 a year, with experienced analysts reaching six figures. As with most cybersecurity positions, the salary of a threat intel analyst can depend on their level of experience and their job location. Drive and work ethic play a large role in determining the level of success that a threat intel analyst can reach.
Cybersecurity intelligence gathering plays a crucial role in a wide spectrum of organizations. While private sectors can use intel to more efficiently protect their assets from threats, federal organizations such as the CIA and NSA have an even greater demand for efficient information gathering. Virtually all organizations benefit from cyber-threat intelligence, where you will work is only limited by your imagination.
A complete picture of a security team.
The advancement of cyber threats has led many organizations to develop their own Security Operations Center (SOC). A SOC consists of a cohesive cyber-team made of security engineers, Pen Testers, security analysts and data scientists. Each member of the team brings a unique skill set that assists in the efforts of preventing, detecting, analyzing and responding to security threats.
The engineers are the technical experts that build and secure the networks and the detection tools of the company. The data scientists analyze the mass data that a company produces, in an effort to discover network insights. Analysts use these discoveries to actively search for anomalies in their network that might indicate malicious activity. When anomalies are spotted, analysts work with the engineers to set traps and contain threats. These traps can also be set preemptively in what’s known as “active defense.” Pen testers are white-hat hackers who simulate cyber attacks on their own network to discover its vulnerabilities. They report their findings to the team, so that together, they can fill the network’s security gaps.
Every team member in the SOC is an essential piece to the ongoing battle against cyber threats. The question is “which team member do you want to be?”
Where does the Threat Intel Analyst fit into the team?
Threat intel analysts give the SOC a strategic advantage against cyber-threats through their curation, interpretation and dissemination of the information around them. A SOC may have all of the tools necessary to bolster network security, or hunt advanced threats, but without accurate intelligence guiding them, their efforts may prove ineffective. It should also be noted that hunt analysts and threat intel analysts can function in a symbiotic relationship. The research that threat intel analysts provide can help hunt analysts track down threats, thus expediting their process. The results from a hunt analyst’s infiltration operations can provide threat intel analysts with useful in-field information that can help target their future intelligence gathering efforts.
Here’s How You Get Started
Flatiron School Cybersecurity's, formerly SecureSet (acquired 2019)SecureSet Academy, provides the most complete, immersive and compressed cybersecurity programs out there. Our Cybersecurity Analytics program teaches the technical and analytical skills necessary to be an effective threat intel analyst. Our programs are a balance of classroom theory and hands-on lab time. This ensures that our students graduate with the level of skill and confidence needed to leave our academy job-ready. A majority of our students are hired within a few months of graduation (many before getting their diploma). The evolution from general IT to cybersecurity analyst can take three to seven years.
If you’re feeling overwhelmed and lack technical experience, we’ve got you covered. We offer a preparatory workshop called Hacking 101. You’ll get the introduction that you’ll need, to Systems, Networking and Python, to be a rockstar in our Programs.
Are you ready to decode cybersec?
During World War II, one of Germany’s most infamous pieces of technology was a machine that resembled an old wooden typewriter. Enigma couldn’t directly impact lives with firepower or explosives, but its presence was felt by every nation involved in the war. The effects Enigma had on the war, before and after it was cracked, are a prime example of the sheer power of information. Knowledge and victory often go hand in hand, and the world of cybersecurity is no different. The threat intel analyst doesn’t directly hunt down and catch threats, but the intelligence they gather and their ability to effectively share these discoveries play a critical role in defending against advanced threats.
If you have a passion for research and you’d like to channel this passion toward helping to secure the future, then the threat intel analyst role may be your calling.