By: Nihad Hassan
July 8, 2021
What Skills A Threat Intelligence Analyst Needs To Have
By: Nihad Hassan
July 8, 2021
The number of cyberattacks is increasing rapidly; every day, we hear about a data breach or security incident. The accelerated digitalization of our society has led to an equal increase in cyberattacks. To protect precious data assets, organizations of all sizes and across all industries deploy various security solutions such as Firewalls and IPS/IDS. However, the human element remains the most crucial factor in protecting organizations’ computer systems and networks from potential adversaries.
According to Cyber Security Ventures, the global cost of cybercrime is projected to reach $10.05 trillion by 2025 annually. The continual gap in skilled cybersecurity professionals worldwide remains a significant obstacle by preventing most companies from exploiting their technological defenses to the maximum level. The (ISC) Cybersecurity Workforce Study concluded that 64% of responding security professionals face skills shortages within their organizations. The skills gap is not only seen in the number of qualified professionals - but the type of needed expertise is also considered a central issue when selecting a security professional from a pool of candidates.
To counter the increased numbers of cyberattacks, deploying security solutions is not enough alone; having a proactive security defense becomes essential to counter adversaries before advancing their attack and reaching an organization’s gate. This makes the Cyber Threat Intelligence Analyst a vital job role in any organization.
This article will shed light on the most prominent skills a cybersecurity analyst should play an effective role in fighting the increasing number of cyberattacks. Before we begin, it is helpful to understand the importance of cyber threat intelligence in any organization utilizing IT technologies in its work processes.
Why organizations need cyber threat intelligence (CTI)?
In a world where digital technologies are rushing to occupy all areas of life and business, a significant amount of sensitive data is transferred or stored in digital systems. Protecting such assets becomes a top priority for any organization to survive in today’s information age. CTI allows an organization to develop an early warning mechanism to warn it about future cyberattacks before they occur. For example, by monitoring darknet forums, an organization may reveal the adversaries’ plan to launch an attack against it and act promptly.
CTI brings numerous benefits for organizations. The following are the most prominent ones:
- Lower overall cybersecurity expenses. For example, we always hear in the news about organizations who suffered from a data breach and were subject to paying considerable fines to regulatory bodies such as HIPAA and PCI DSS. By mitigating cyber risks, an organization can avoid such costs.
- Enable organizations to make better-informed decisions regarding their cybersecurity defense strategy based on collected threat data.
- Prevent data breaches by countering cyber risks before they knock on organization doors.
- Improve organizational security posture.
- Enhance collaboration between different organizations, both from public and private sectors, by sharing threat data, which results in enhanced defense.
Now that we know the importance of CTI and its offer for organizations, let us discover the main skills and education requirements that a CTI analyst should have.
It is suitable for the CTI analyst to have a bachelor’s degree in Computer Science, Mathematics, General Engineering, Computer Engineering, Systems Engineering, Security Studies, Intelligence Studies, Computer Forensics, Cyber Security, Information Technology, Information Assurance, etc. However, it is not always necessary and is replaceable with relevant work experience. Having an academic degree helps analysts develop technical writing skills for security reports and communicating their findings. It also helps the analyst gain solid presentation skills and systematically process large amounts of threat data.
Several professional certifications that enhance the cyber analyst CV’s significantly similar to having an academic background are:
- Certified Information Systems Security Professional (CISSP)
- GIAC (Global Information Assurance Certification)
- Systems Security Certified Practitioner (SSCP)
- Certified Threat Intelligence Analyst (C|TIA)
- GIAC Cyber Threat Intelligence (GCTI)
- CREST Registered Threat Intelligence Analyst
- Certified Cyber Threat Intelligence Analyst (NICCS)
Key technical skills
The cyber threat analyst should be competent with the following technical skills.
- Utilizing different cyber defense tools such as antivirus, firewalls, and IDS/IPS
- Networking skills (understanding how network architecture works)
- Solid security background – understanding cyber threat types
- Cyberattack tools and techniques
- Strong OSINTgathering skills
- Reporting and documentation skills
- Incident response and handling
- Understanding scripting languages
- Understanding how cloud computing works
Based on the skills mentioned above, we can note that a cyber threat analyst role is not an entry-level job. It takes at least two years of experience before engaging in such a role.
Other critical skills
In addition to academic and professional skills, a CTI analyst should possess soft skills, including:
- Research and analytical skills
- Technical writing skills
- Organizational skills
- Ability to work in a team and collaborate efficiently with the threat team members to stop any cyberattack.
- Ability to work with external partners (when required) such as law enforcement officials and other government agencies.
- A clean criminal history due to handling highly classified information.
- Social and communication skills to expand one’s knowledge base with other researchers and team members.
- A passion for working in this field.
A cyber threat analyst role requires extensive technical experience with various cyber-attacks and defense tools, techniques, and methodologies. Cyber Threat Analysts are responsible for protecting the most critical assets of organizations, which is data. Having solid technical and soft skills is essential for any candidate to land a job in a field considered the most demanding, both now and in the future.