How to Become a Cyber Threat Analyst | Skills, Salaries, and Careers
Cyber Threat Intelligence Analysts are in high demand and growing. Learn what they are, the cyber skills they need, and how to start your cyber threat career.
Many heroes of war come with stories of field tactics and battlefield valor; Alan Turing was not one of them. Winston Churchill credited Turing with the single biggest contribution to the Allied victory in World War II, yet Turing never fought even fired a gun. Turing became a hero for cracking the seemingly impossible German encryption machine, the Enigma, with his machine, The Bombe. Many historians credit Turing with ending WWII years early, saving millions.
Turing was, in a way, one of the earliest cyber threat analysts.
Today, intelligence (and the ability to decrypt it) plays a crucial role in the world of cyber security. Without intelligence on active and potential threats, hunt analysts and security engineers have no way to target their efforts, thus rendering them ineffective.
This is where the threat intel analyst turns intelligence into an extremely potent cyber-defense tool. In the most literal sense, knowledge (and analysis skills)is their power. And they use that power to help full SOC teams of compliance analysts, pen testers, and security consultants defend against security threats.
So, how do you become a cyber threat analyst, anyway? Here’s some super quick context to help better understand what being a cyber threat analyst means. We’ll cover what cyber threat analysts do, the skills they need, salaries, roles, and how you can learn to become one.
What does a cyber threat intelligence analyst do?
A threat analyst specializes in monitoring and analyzing active as well as potential cyber security threats, while gathering useful intelligence from an incredibly wide spectrum of sources. To uncover intel, a threat intel analyst must pay attention to industry news, security threats outside of their network, and the intentions of potentially threatening entities. They must always keep their finger on the pulse of cyber security, while also looking forward to anticipate the next threat.
While this career may sound similar to the security hunt analyst role, there is a fundamental difference between the two. The security hunt analyst is an expert in tracking down active threats and their efforts are primarily focused on what’s happening in the present.
Threat intel analysts have to focus on the present and the future in order to provide hunt analysts with useful intel.
If the hunt analyst is a police officer, the threat intel analyst is headquarters. Headquarters use their collected data to advise street units on which neighborhoods they should be patrolling, and what kind of threats are present in those areas. The officers use the information that they’ve been given to guide their efforts and prepare themselves for the potential threats.
The skills you need to be a cyber threat analyst
Communication, communication, communication. We’ll get to the other skills that a threat intel analyst needs to succeed in their role, but the importance of effective communication skills cannot be overstated. Soft skills are very important in the cyber world.
A threat intel analyst must be able to condense endless pages of gathered intelligence into a report that an experienced security engineer and a less cyber-savvy account executive can understand. A threat intel analyst may discover an impending attack, but if they can’t effectively relay their findings to the rest of their team, the organization won’t make any changes and will remain vulnerable to the threat. The intelligence that has been gathered is worthless.
Other useful skills include an aptitude for research and the ability to think creatively. Research and creativity don’t typically go hand-in-hand, but this role is the exception to the rule. The cyber security threat landscape changes at such a quick rate that providing intel on the present state of the industry isn’t enough to be an effective threat intel analyst.
In order to provide useful intelligence, threat intel analysts must think creatively and anticipate future threats. A threat intel analyst must ask themselves “who would attack our network? How would they attack us? Why would they attack us? And what assets would they take if they were able to breach our network?” For the threat intel analyst, anticipation is the name of the game.
How is the average cyber threat intelligence analyst salary? How much do they make?
Effective intelligence gathering is an incredible tool for security teams and virtually any organization. According to ZipRecruiter, the average salary for a threat intel analyst is around $111,000 a year.
Further, the Bureau of Labor Statistics projects the employment of cyber security and information security analysts to grow by 31%(!) by 2029. There will be plenty of analyst jobs for security professionals now and in the future.
As with most cyber security positions, the salary of a threat intel analyst can depend on their years of experience and their job location. Drive and work ethic play a large role in determining the level of success that a threat intel analyst can reach. There are also plenty of job titles cyber intelligence analysts can have, ranging from cyber security analyst to simply intelligence analyst.
Cyber security intelligence gathering plays a crucial role in a wide spectrum of organizations. While private sectors can use intel to more efficiently protect their assets from threats, federal organizations such as the CIA and NSA have an even greater demand for efficient information gathering. Virtually all organizations benefit from cyber-threat intelligence, where you will work is only limited by your imagination.
How does a cyber threat intelligence analyst fit into a cyber security team?
The advancement of cyber threats has led many organizations to develop their own Security Operations Center (SOC). A SOC consists of a cohesive cyber-team made of security engineers, pen Testers, security analysts, compliance analysts, and data scientists. Each member of the team brings a unique skillset that assists in the efforts of preventing, detecting, analyzing, and responding to security threats.
The engineers are the technical experts that build and secure the networks and the detection tools of the company. The data scientists analyze the mass data that a company produces, in an effort to discover network insights. Analysts use these discoveries to actively search for anomalies in their network that might indicate malicious activity. When anomalies are spotted, analysts work with the engineers to set traps and contain threats.
These traps can also be set preemptively in what’s known as “active defense.” Pen testers are white-hat hackers who simulate cyber attacks on their own network to discover its vulnerabilities. They report their findings to the team so that, together, they can fill the network’s security gaps.
Every team member in the SOC is an essential piece of the ongoing battle against cyber threats. The question is “which team member do you want to be?”
Threat intel analysts give the SOC a strategic advantage against cyber-threats through their curation, interpretation, and sharing of the information around them.
A SOC may have all of the tools necessary to bolster network security or hunt advanced threats, but without accurate intelligence guiding them, their efforts may prove ineffective. It should also be noted that hunt analysts and threat intel analysts can function in a symbiotic relationship. The research that threat intel analysts provide can help hunt analysts track down threats, thus expediting their process.
The results from a hunt analyst’s infiltration operations can provide threat intel analysts with useful in-field information that can help target their future intelligence-gathering efforts.
How to become a cyber threat analyst
Flatiron School provides one of the most complete, immersive, and compressed cyber security programs out there. Our Cybersecurity Analytics program teaches the technical and analytical skills necessary to be an effective threat intel analyst. Our programs are a balance of classroom theory and hands-on lab time. This ensures that our students graduate with the level of skill and confidence needed to leave our academy job-ready.
The evolution from general IT to cyber security analyst can take many years, but our program can teach you the skills you need in as little as 12 weeks.
We also offer an introductory cyber course to see if a cyber career is something that’s right for you and your goals. You’ll get the introduction that you’ll need, to Systems, Networking, and Python, to be a rockstar in our programs.
Other high-quality cyber bootcamps include Evolve Security Academy and NexGenT, if those locations are better suited for you.
These courses and the many certifications available for information technology experts prove you don’t need a bachelor’s degree in computer science to become a cyber analyst.
Are you ready to decode cyber sec?
During World War II, one of Germany’s most infamous pieces of technology was a machine that resembled an old wooden typewriter. Enigma couldn’t directly impact lives with firepower or explosives, but its presence was felt by every nation involved in the war. The effects Enigma had on the war, before and after it was cracked, are a prime example of the sheer power of information.
Knowledge and victory often go hand in hand, and the world of cyber security is no different. The threat intel analyst doesn’t directly hunt down and catch threats, but the intelligence they gather and their ability to effectively share these discoveries play a critical role in defending against advanced threats.
If you have a passion for research and you’d like to secure the future, then the threat intel analyst role may be your calling.
Cyber threat intel analyst not exactly for you? Learn how to become to pen tester, compliance analyst, or how to become a cyber security analyst.
Or explore our guide to cyber security careers.
Disclaimer: The information in this blog is current as of February 1, 2021. Current policies, offerings, procedures, and programs may differ.
