A cybersecurity threat intelligence (CTI) analyst is responsible for collecting, analyzing, and disseminating information about potential and current cyber threats to an organization. The work of a CTI analyst typically consists of the following tasks:
- Collecting threat intelligence: This involves gathering information about known and emerging cyber threats from a variety of sources, such as security vendors, government agencies, and other organizations. This information can be in the form of raw data, such as log files, or more structured data, such as threat reports.
- Analyzing threat intelligence: Once the data is collected, the CTI analyst will analyze it to identify patterns and trends that can help to understand the nature of the threat, such as the type of attack, the tools and techniques used, and the motivations of the attackers.
- Disseminating threat intelligence: The CTI analyst will then share the information with relevant parties within the organization, such as the incident response team, the security operations center, and other departments that may be affected by the threat.
- Creating threat intelligence reports: CTI analysts may also be responsible for creating reports that summarize the threat intelligence and provide recommendations for how to respond to the threats.
- Monitoring and tracking threats: CTI analysts will also be responsible for monitoring the threat landscape and keeping track of the status of known threats, and updating the relevant parties accordingly.
- Continual learning: CTI analysts are also responsible for staying up to date with the latest developments in the field of threat intelligence and cyber security, attending relevant conferences, and participating in relevant communities.
The corresponding image is a screenshot from the Cyber Intel Matrix (CIM) threat intelligence platform showing correlations of real-time attacks by nation state actors logged in the Blackpot Honeynet, CIM’s industrial honeynet.
Overall, the work of a CTI analyst is focused on providing the organization with the information it needs to understand and defend against cyber threats. They play a critical role in helping organizations to identify potential vulnerabilities, understand the risks they face, and take appropriate measures to protect themselves.