Many heroes of war come with stories of field tactics and battlefield valor; Alan Turing was not one of them. Winston Churchill credited Turing with the single biggest contribution to the Allied victory in World War II, yet Turing never fought or even fired a gun. Turing became a hero for cracking the seemingly impossible German encryption machine, the Enigma, with his machine, The Bombe. Many historians credit Turing with ending WWII years early, saving millions. Turing was, in a way, one of the earliest cyber threat analysts.
Today, intelligence (and the ability to decrypt it) plays a crucial role in the world of cybersecurity. Without intelligence on active and potential threats, hunt analysts and security engineers have no way to target their efforts, thus rendering them ineffective.
This is where the threat intel analyst turns intelligence into an extremely potent cyber-defense tool. In the most literal sense, knowledge (and analysis skills) is their power. And they use that power to help full SOC teams of compliance analysts, pen testers, and security consultants defend against security threats.
So, how do you become a cyber threat analyst, anyway? Here’s some super quick context to help better understand what being a cyber threat analyst means. We’ll cover what cyber threat analysts do, the skills they need, salaries, roles, and how you can learn to become one.
What does a cyber threat intelligence analyst do?
A threat analyst specializes in monitoring and analyzing active as well as potential cybersecurity threats, while gathering useful intelligence from an incredibly wide spectrum of sources. Threat analysts work to assess risks, thus helping organizations protect their infrastructure. However, threat analysts have a complex job. These professionals work to uncover intel from various sources including OSINT, industry news, professional publications to identify emerging threats, and by monitoring the internet. In conjunction, these skills allow threat analysts to identify and prioritize threats that may be occurring inside and outside of the network. It is important to note that threats are constantly evolving, and threat analysts are always focused on identifying the next potential threat.
While this career may sound similar to a cybersecurity analyst or a security hunt analyst role, there is a fundamental difference between the two. Cybersecurity analysts and security hunt analysts are experts in identifying active threats and their efforts primarily focus on what is occurring in the present. Hence, the main difference is that these roles are focused on identifying and removing existing threats on the network. In contrast, a threat analyst will also spend time focusing on emerging threats that may, or may not have fully impacted an organization’s network.
If the hunt analyst is a police officer, the threat intel analyst is headquarters. Headquarters use their collected data to advise street units on which neighborhoods they should be patrolling, and what kind of threats are present in those areas. The officers use the information that they’ve been given to guide their efforts and prepare themselves for the potential threats.
The skills you need to be a cyber threat analyst
Cyber Threat Analysts need a variety of skills. These skills range from soft skills to analytical skills. Threat analysts also need to consider the likelihood that a threat will impact an organization or entity.
Threat analysts need to be effective communicators. While communication is often deemed a soft skill, it is extremely important in this role and within the field of cybersecurity. The need to communicate existing, emerging and potential threats and identify impact is critical when working with both technical and leadership. Hence, communication is critical if you want to work as a threat analyst and succeed in the world of cybersecurity.
A threat analyst works to condense endless pages or research and intelligence into a report that an experienced security engineer and a less cyber-savvy account executive can understand. Translating these findings to both audiences is not always easy, but it is essential if you want to pursue a career as a cyber threat analyst. Think of it this way, a threat analyst may understand their findings, but if they cannot communicate them to different audiences, the organization won’t make any changes and will remain vulnerable to the threat. As a result, the intelligence that has been gathered is worthless and the organization remains vulnerable.
Other useful skills include an aptitude for research and the ability to think creatively. Research and creativity don’t typically go together, but this role is the exception to the rule. The cybersecurity threat landscape is rapidly evolving and constantly changing. As a result, providing intel on the present may not be sufficient to protect an organization. Instead, threat analysts may look ahead to emerging threats like AI or quantum, to assess the likelihood an organization will be impacted. Through this assessment, cyber threat analysts are helping prepare organizations to maintain an active defense against existing and emerging threats.
To provide useful intelligence, threat analysts must constantly be thinking both logically and creatively. A threat intel analyst must ask themselves “who would attack our network? How would they attack us? Why would they attack us? And what assets would they take if they were able to breach our network? What emerging threats may be coming and how do we prepare?” For the threat intel analyst, anticipation is the name of the game.
What is the average salary of cyber threat intelligence analyst? How much do they make?
Effective intelligence gathering is an incredible tool for security teams and virtually any organization. According to ZipRecruiter, the average salary for a threat intel analyst is around $112,871 a year. The Bureau of Labor Statistics projects jobs as a threat analyst will grow at a rate of 33% between 2023-2033, which is significantly faster than other jobs. These findings suggest that there will be plenty of available jobs for threat analysts and cybersecurity professionals in the near future.
As with most cybersecurity positions, the salary of a threat intel analyst can depend on their years of experience and their job location. Drive and work ethic play a large role in determining the level of success that a threat intel analyst can reach. There are also plenty of job titles cyber intelligence analysts can have, ranging from cybersecurity analysts to simply intelligence analysts.
Cybersecurity intelligence gathering plays a crucial role in a wide spectrum of organizations. While private sectors can use intel to more efficiently protect their assets from threats, federal organizations such as the CIA and NSA have an even greater demand for efficient information gathering. Regardless of whether it’s the private or public sector, virtually all organizations benefit from cybersecurity threat intelligence.
How does a cyber threat intelligence analyst fit into a cyber security team?
The advancement of cyber threats has led many organizations to develop their own Security Operations Center (SOC). A SOC consists of a cohesive cyber-team made of security engineers, pen testers, security analysts, compliance analysts, and data scientists. Each member of the team brings a unique skillset that assists in the efforts of preventing, detecting, analyzing, and responding to security threats. While each member of the team has their own specializations, they work together to protect the organization from cyber incidents.
In exploring the roles of Security Operations Center (SOC) teams, engineers are the technical experts that build and secure the networks and the detection tools of the company. Analysts use these discoveries to actively search for anomalies in their network that might indicate malicious activity. When anomalies are spotted, analysts work with the engineers to set traps and contain threats. Threat analysts may also focus on future threats and how they impact the organization. Additionally, threat analysts frequently work with various SOC team members to identify and mitigate the impending threats the analyst has discovered. While every team member on a Security Operations Center (SOC) team plays a different role, it is important to determine “which team member do you want to be?”
Threat intel analysts give the SOC a strategic advantage against cyber-threats through their curation, interpretation, and sharing of the information around them.
A SOC may have all the tools necessary to bolster network security or hunt advanced threats, but without accurate intelligence guiding them, their efforts may prove ineffective. It is also important to consider how fast threats evolve. Without threat intelligence, it is difficult for existing SOC teams to determine the likelihood that the threat will occur, and the potential risks associated with the threat. Additionally, it should be noted that threat hunting analysts and threat intel analysts can function in a symbiotic relationship. The research that threat intel analysts provide can help threat hunt analysts track down threats, thus expediting their process.
The results from a hunt analyst’s infiltration operations can provide threat intel analysts with useful in-field information that can help target their future intelligence-gathering efforts.
How to become a cyber threat analyst
Flatiron School provides one of the most complete, immersive, and compressed cyber security programs out there. Our Cybersecurity Bootcamp program teaches the technical and analytical skills necessary to be an effective threat intel analyst. Our programs are a balance of classroom theory and hands-on lab time. This ensures that our students graduate with the level of skill and confidence needed to leave our academy job ready.
The evolution from general IT to cyber security analyst can take many years, but our program can teach you the skills you need in as little as 15 weeks.
Are you ready to decode cyber sec?
During World War II, one of Germany’s most infamous pieces of technology was a machine that resembled an old wooden typewriter. Enigma couldn’t directly impact lives with firepower or explosives, but its presence was felt by every nation involved in the war. The effects Enigma had on the war, before and after it was cracked, are a prime example of the sheer power of information.
Knowledge and victory often go hand in hand, and the world of cybersecurity is no different. While a threat analyst does not always hunt down or catch threats, their work on gathering intelligence and communicating their findings plays a critical role in defending against advanced threats.
If you are a curious person, with a passion for research, intelligence, and communication skills, becoming a threat intel analyst role may be your calling.
Cyber threat intel analyst not exactly for you? Learn how to become to compliance analyst or how to become a cybersecurity analyst.
