Cyber defense is very important for all cloud environment and threat intelligence analyst is there to help you with it. Especially since There are thousands of cyber-attacks happened each day. So, it is important to make sure that your system is safe and secure.
What is Threat Intelligence Analyst?
Threat Intelligence Analyst also known as CTI analyst is someone that use information from cyber threat intelligence program to create defense mechanism plan. Then the plan will be used by the company’s defense team to address various risk holes and vulnerabilities within the environment.
That is why you are very important as you can help to keep your company’s personnel, infrastructure and assets safe from any cyber-attack. To do it, you need to do identification, tracking, analyzing, and countering various cyber-attack by local or global player.
The Importance of CTI analyst
In cyber community, human is still an important factor. Even though AI technology, defense strategies, or defense tool can help to stop cyber-attacks but human is still needed. The reason is because only human with security background and emotional intelligence that can help to understand the motivation of the hacker that causing the cyber-attack.
That is why, CTI analyst is very important for all company as you are the only one that can use the security tools to understand the hackers. Some of the security tools that you can use are:
- SIEM tools
These tools can help you to monitor the company’s cloud environment in real time. Then you can analyze different kinds of unusual behavior that happened within it.
- Cybersecurity communities
You will find various collaborative research and different actionable advice shared by the community member which usually are CTI expert to prevent threats that happened in your company.
- Network traffic analyst tool
These tools can be used to record various activities that happened inside the company’s network to collect different information so you can detect intrusion faster and easier.
- Malware disabler tools
These tools can be used to do reverse engineer to malware that you find so you can understand how the malware work and create protection to prevent similar attack from happening again.
Types of Threat Intelligence
- Operational intelligence
This intelligence is done by collecting the timing and nature of cyber-attack from various resource such as chats, antivirus logs, social networks and many other.
- Tactical intelligence
This intelligence is done by providing TTP information used by hackers to department that handle data protection and computer resources.
- Strategic intelligence
This intelligence is done by collecting information and details of cyber-attack for management and executives of the company. You can use OSINT, external provider, ISAO reports and many other.
- Technical intelligence
This intelligence is using information that a cyber-attack currently happens and usually associated with operational intelligence.
Job Responsibilities and Duties
As threat intelligence analyst, you will track the hackers by finding their post on dark web, forums and social media. You need to know what they are talking and writing about. You should also see their reaction on various incidents to be able to understand them better.
The reason why this method is important is because you need to understand the hacker’s way of thinking so you can predict the procedure, tactics and techniques that they might use. That way, it will be easier for you to expect what they going to do during the attack. Furthermore, by understanding their intention you will be able to decide the method used to respond the attack accordingly and minimize the effect.
Your job is to analyze various cyber-attack that the company faces then make an accurate report for it. You have to be able to find the IoC then go even deeper on your investigation. Then you will present your analyst result to other department so the company can make better decision to protect the company’s data while doing their daily business.
To be more specific, your responsibilities as CTI analyst include:
- Collect cyber-attack data and analyze it to help the executive making better decision
- Identify the company intelligence requirements
- Making sure that the requirement and qualification of the company’s cyber security are met
- Identify, monitor and assess various cyber-attack potential and weakness to help reduce the cost and lost.
- Making report that will highlight important finding to be address by the security department to reduce the risk
- Making presentation of the finding to different department and making proposal of the method used to counterattack the threats and strengthen the company’s security status.
To be able to work as threat intelligence analyst there are a few qualifications that you need fulfill such as:
To enter the field, you need to have at least bachelor degree in related field such as information system, computer engineering, computer science as well as any other degree with research, critical thinking and communication background.
You may also enter the field with degree in law, accounting, international relations, law enforcement, journalism, military intelligence, political science, or economics if you have enough experience in related field.
Having the right certification in related skill can also help to increase your potential as CTI analyst. Especially certification in IT which includes:
- ISSEP certification
- CIHE certification
- GREM certification
- GCTI certification
- GIA certification
- GCIH certification
- Security+ certification
- CISSP certification
Usually, you need to have 3 to 5 years of experience in report writing and threat analysis. You should also have experience in various field such as research, strategy, data analyst, security, incident response, penetration testing, ethical hacking, and vulnerability management.
To become better as threat intelligence analyst, you need to possess various skill that can help you work efficiently in this field. Some of the skill required for this job includes:
- Diverse knowledge in cyber related field
You are expected to understand various OSs and concepts that are related to the cyber security. You should understand the operation, tactic and strategy used on cyber-attack. you should also have knowledge in security tools, security operation, programming languages, and intelligence frameworks.
- Technical ability
You must understand the system administration, coding as well as how to detect and prevent intrusion on the system. CTI analyst should have ability to manage different technique, tools, and methodologies.
You should have the know-how on related field such as security operation, incidence response and network system. It is also important to be proficient in different areas such as computer forensics, network monitoring, technical execution, etc.
- Communication skill
You should have good communication so you can collaborate with other departments better. That way, you can address various cyber-attack and reveal threat more efficiently.
Threat intelligence analyst should be able to handle situation where rapid response is required. Furthermore, you should be able to present and evaluate your finding then assess the right respond to another member clearly and effectively.
You need to be able to break down technical information into a more complex detail and present it to stakeholders in an easier form for them to understand. That way, different department can understand and become more aware of the risk from the information that you present to them.
- Problem-solving skills
Since more and more cyber-attack happened each day, company are looking for someone that can handle complex challenge by providing creative solution. You should be able to handle the situation in a calm and stable mind which is a soft skill that is very important on this job. Furthermore, as cyber-attack continues to evolve and become more complex you should be able to create simple and innovative solution to address the problem.
- Great Threat Awareness
It is important for an CTI analyst to know the source and the beginning of a cyber-attack. Thus, you need to be more aware so you can identify threat to decode the pattern and trend so you can get into the source.
You should also have foundation in tools, technology, and method used by hackers to prevent the attack. You will also use different types of threat intelligence to address various issue that happened in the cloud environment.
- Expertise in specific field
If you want to be successful as CTI analyst in specific field then you should also have expertise in that specific field. The expertise that you gain when working in that specific field will affect the report quality that you create. So, you need to stay up-to-date on that specific field if you are interested working there.
Furthermore, if you want to work in different region or country that means you also need to have knowledge on various issues that happen in that area. You also need to learn their language so you can understand the issue that happened in the local area which will be the intelligence resource that you use for the company you work with.
Threat intelligence analyst is a very challenging job as you are dealing with cyber-attack that happen nonstop. If you are interested to work in this field as should also have knowledge in cyber security and cloud environment. You also need to have the right skill to be able to address the attack effectively and efficiently.