Five Skills That Make a Great Cyber Threat Intelligence Analyst

We have good news for those looking to break into cybersecurity or continue to build a career as a cyber threat intelligence analyst, as the opportunities are vast and security teams simply can't grow fast enough. The Bureau of Labor Statistics reported employment numbers within the cybersecurity sector are expected to grow by at least 31% between 2019 and 2029. This exponential rate of growth far exceeds the average for most professions.

ZeroFox's report on The Future of Digital Threats shares valuable insights into the chaos that was 2020 and how that may shape the rest of 2021 when it comes to cybersecurity as a whole and the growing need for more threat intelligence analysts. Aaron Kiemele, Chief Information Security Officer at JAMF, put it well when he described "2020 [being] defined by the pandemic, and how that shifted the underlying risks for cybersecurity and businesses at large. Employees all moved home, but this put incredible strain on security professionals. Now the boundary has expanded, the network has grown to house what was always the goal of a zero-trust environment. This [placed] a lot of strain on security teams that were already taxed. New risks were put on [their plates], oftentimes without additional staffing, due to the uncertainties of the COVID world." You can hear more insights from Aaron on the top threat trends from 2020 and how he predicts cybersecurity will evolve in 2021 in the video below: 

As we continue into 2021, believe it or not, there are quite a few reasons to focus on the future in a more positive light. Every industry is beginning to wake up to the challenges at hand, invest in a strong security posture, hire in cyber, and truly focus on building much-needed defenses. Security threats have never been more significant, as we have already seen in incessant attacks and far-reaching impacts of events like SolarWinds and Microsoft Exchange. We will take a closer look at the cyber threat intelligence analyst's growing career opportunities and five essential skills that hold more weight than you might think. 

Security Teams Can't Grow Fast Enough

Security teams are experiencing growing pains like never before, and they simply can't staff at the exponential rate demanded. Reporting indicates that in 2020, 62% of cybersecurity teams were already either somewhat or significantly understaffed. The dire need to level up is not going away anytime soon either. 

Threat actors have demonstrated that remote infrastructure is a viable intrusion vector. Without significant efforts to mitigate the chance of greater vulnerabilities in the system, it will likely become an increasingly attractive intrusion vector throughout 2021. Security programs will face continued challenges as they wrangle the infrastructure that was hastily spun up last year. This is compounded with the return to the office that will likely place even more strain on already-stretched thin security teams, requiring them to maintain oversight of essentially two complicated security architectures. 

The opportunities are vast for those stepping into a cybersecurity career. There is an increasing number of applicants eager to break into the field and a growing industry ready to hire. Most professionals in the field typically earn a median annual salary of up to $100,000 or $50 an hour, if not more. These individuals have the option of specializing in specific areas such as: vulnerability assessment, ethical hacking, information defense, information assurance, information security analysis, cryptography, risk management, source code auditing, penetration testing, and network protection, just to name a few. Let's take a closer look at the cyber threat intelligence analyst specifically.

What is a Threat Intelligence Analyst? 

A typical day for the cyber threat intelligence analyst might involve a combination of both research and investigation. This could range from compiling information on the latest ransomware or malware and the specific groups or individuals behind them. After this is pinned down, the analysis comes in. A good analyst will be able to make predictions as to what is coming next to thwart attacks before they happen and disrupt the entire kill chain of an attack. This might be done either proactively or reactively, depending upon the situation at hand. We rely heavily on our highly skilled analysts and their keen insights, which are then detailed in targeted threat intelligence reports used to communicate the analyses' results to stakeholders.

It's important to note that a few titles pop up when looking into this field. Sometimes you will see a threat intelligence analyst referred to as a cyber intelligence analyst or cyber threat analyst. Regardless, this is essentially an information security professional who can leverage a skill set or experience in areas such as network engineering or administration that serve as tools to counter the various actions of a cybercriminal.

Hiring managers might expect candidates to boast a bachelor's degree in Computer Science, Computer Engineering, Information Systems, or another related field. Still, several years of experience can quickly outweigh any degree requirements. If you cannot come to the table with either, certifications are a great way to prove you have what it takes to get started. Certifications can range from Information Systems Security Engineering Professional (ISSEP), Global Information Assurance Certification (GIAC), Certified Information Systems Security Professional (CISSP), Security+, and more. 

Aside from certifications, there is a wealth of reliable resources to explore as well. One of our top picks is offered by the National Institute of Standards and Technology (NIST). They've put together an extensive list of cybersecurity opportunities boiled down into a framework of specific categories to learn more. SANS is another excellent resource, and they offer a wealth of real-world training curriculum and resources. Better yet, the organization is well-known in the space as a trusted source for cybersecurity training, which will help to highlight you as a potential candidate willing to learn.

Five Skills That Make a Great Cyber Threat Analyst 

A willingness to learn is a crucial skill within the cybersecurity space which is why, interestingly enough, a specialized degree is not a deal-breaker. Present yourself as a dedicated professional with a passion for the field, who continues to learn out of genuine curiosity, and understands how technology continues to evolve. This "willingness to learn" holds more weight than you might think. There's a connotation that cybersecurity is all hacking and coding, but learning how people work and how technology is changing takes priority. Once you develop a deep understanding of how things work, including the human element, the rest tends to fall into place, and a good security team knows this. 

Additionally, four skill categories that should also be taken into consideration include:

• Technical Proficiency: This is a no-brainer and can include coding, system administration, applications, intrusion detection and prevention systems, attack methodologies and tools, network or operating system security, security operations, as well as incident response technology and the methods behind them. Understanding the technological world is obviously a basic, but an important one as assignments often revolve around network monitoring, computer forensics, technical executions, and more.
• Interpersonal Communication: Those with heavily technical leanings must be sure to balance their capabilities with solid communication skills. Security teams demand an environment where everyone can work in tandem to discover new threats and address new challenges. An analyst has to detail their findings and assessments clearly and effectively outside of the team, often in rapid response situations. This also means having the capacity to break down technical information so various stakeholders can easily understand what is being presented and why.
• Innovative Problem Solving: In the world of cyber threats, being able to think through complex challenges and pin-point creative solutions means everything. It's a soft skill that won't be overlooked. As attacks continue to evolve, analysts must be able to constantly come to the table with innovative solutions.
• Strategic, Operational, and Tactical Acumen: Understanding how attacks even begin or where they originate is critical. Identifying trends, patterns, emerging threats is the baseline for that understanding. A threat intelligence analyst must have concrete knowledge of the technology, tools, and methods used by threat actors in order to thwart their actions successfully. This can be broken out into strategic, operational, and tactical knowledge. Strategic intelligence provides a holistic view of a threat's purpose and capabilities to inform others and provide well-timed alerts. Operational intelligence, often seen in forensic reporting, assesses specifics to aid in the appropriate response or actions that should be taken. Lastly, tactical intelligence provides daily oversight and can include indicators of compromise (IOC) or Tactics, Techniques, and Procedures (TTPs) used by threat actors.

Three Categories of Strategic Intelligence

Planning

Intelligence for senior management around physical security, compliance, and cybersecurity risks for well-informed decision-making and policy development.

Context and Correlation

Intelligence focused on adversary TTPs that may indicate future threats or lateral movements across geographies, similar industries, and peer companies.

Operational

Actionable intelligence based on time-sensitive events enabling organizations to make real-time, tactical decisions and increase their situational awareness.

Get Started

We have already witnessed a boom in the cybersecurity field, and it's a safe bet we are only seeing the beginning of what's to come. Watching the daily news alone, it should come as no surprise that the call for cybersecurity professionals isn't dying down anytime soon. Cybersecurity leaders are being challenged like never before, creating a growing need for actionable threat intelligence. The number of cybercriminals continues to grow, and malicious attacks continue to evolve. As long as threat actors are making a hobby of developing their skills and technologies, defenders will be in constant demand. 

ZeroFox provides proactive protection, intelligence, and disruption solutions to identify and thwart external threats across the public attack surface. Recognized as best in class for brand threat intelligence and takedown service in The Forrester Wave™: External Threat Intelligence Services 2021, ZeroFox is proud to protect our customers on public platforms each and every day. Our elite team is comprised of threat analysts, builders, communicators, and innovators working together to make the world safe for people and organizations in the digital age. 

If you are interested in joining a fast-growing team in a rapidly developing market, visit zerofox.wpenginepowered.com/careers today.