Threat intelligence researcher: Is it the career for you?
No one is immune to a cyberattack. For this reason, it pays to have a playbook of offensive and defensive strategies.
If you think of your defense as recovery, or remediation steps to take after you’ve been hit with a breach, then your offense is prevention. This might include basic block-and-tackle tools like anti-virus and encryption, but it can also mean taking a deeper dive into emerging threats and the attackers who perform them. This is cyber threat intelligence and it’s carried out by threat intelligence researchers.
For Amyn Gilani, vice president of product at threat intelligence company, 4iQ, the work is about disrupting adversaries by unmasking them. “How can we understand the people that are attacking us and how can we disrupt them so we can reduce the losses associated with fraud within our organization?”
FREE role-guided training plans
What is cyber threat intelligence?
The basic premise behind threat intelligence is the best way to stop a threat is to know it. This can be applied to malware — understanding its origin and impact so it can be quickly stopped or, as is the case with Gilani and his company, understanding the attackers themselves so effective stops can be put in place.
“It’s not about finding the bad person and attacking them,” Gilani says. “It’s about knowing how this bad person impacts your network. How do they disrupt your operations?”
Gartner defines threat intelligence as evidence-based knowledge — including context, mechanisms, indicators, implications and actionable advice — about an existing or emerging menace or hazard to IT or information assets. It can be used to inform decisions regarding the subject's response to that menace or hazard.
Often, the practice of threat hunting is used as a supplement to other cyber defenses to shore up loose ends and ensure a fortified security posture for your data and your users. For Gilani and his company, the mission is larger. “Not many organizations choose to go after these criminal groups and that makes it a lot easier for their business to continue. As long as there’s no action, it’s going to continue to grow. We want to make sure there is responsibility behind these attacks.”
What does a threat intelligence researcher do?
Charles DeBeck is a strategic cyber threat expert for IBM’s X-Force Incident Response and Intelligence Services, and he describes threat intelligence as looking outside your walls to see where attackers are coming from and how they are trying to get in. With that knowledge, you can fortify your defenses (and spend your budget) at the point they are most often trying to get in.
Threat intelligence researchers will start by looking at indicators of compromise associated with threat actor activity. You may even do a deep dive into a few actors for a greater understanding of what is happening today. According to DeBeck, this knowledge can then be considered alongside an understanding of macro-level trends — what’s the trend this year? What have we been seeing over the last six months? Has ransomware become more prevalent, for example.
Combining these two things gives you ideas of what may be happening to your network, but then researchers will test out their theories. DeBeck looks at open-source data, internal data and dark web sources to find out if the ransomware spike is imminent. “Do we see people posting on forums for dark web marketplaces, ‘Hey, my ransomware-as-a-service is on sale now,’ or am I seeing more YouTube tutorials about how to use these sorts of products?”
“At the end of the day, threat intelligence is sort of science and an art,” DeBeck says. “There’s only so much the data can tell you because we don’t have perfect data.”
Threat intelligence researchers can be employed by government agencies or companies that ask that you hunt threats specific to them. These companies are usually large with already robust security teams and the budgets to support them. Researchers can also work for consulting firms that, very often, are commissioned by several different companies to compile threat intelligence.
Threat intelligence technology vendors are another option and researchers at these companies often split their time between threat hunting, product development and customer support. Freelance opportunities are another option.
What does it take to be a threat intelligence researcher?
While threat intelligence researcher employer types vary, the overall job market is smaller than many other cybersecurity positions. To land one of these roles, a strong cyber background is key. Certifications, along with other training and experience, will help you demonstrate your technical know-how, such as:
- Certifications are available at a variety of skill levels, such as the EC-Council Certified Ethical Hacker (CEH), CertNexus CyberSec First Responder and CompTIA CySA+
- On-demand training, such as Network Traffic Analysis and Advanced Intrusion Detection
- Hands-on cyber ranges and labs, including red and blue team exercises so you can understand both how attackers operate and how to defend against them
What should you learn next?
DeBeck also recommends you be well-versed in global happenings. Read the news, he suggests. This includes big brand consumer publications like CNN but also security trade journals. Great security insight can be gleaned that way, and it shows another important component to being a good threat intelligence researcher — passion.
“You can teach anyone basic technical skills, but you can’t train passion. Ten times out of 10, I will take a passionate candidate.”
To learn more about what it takes to become a threat intelligence researcher, watch our Cyber Work Podcasts, Hunting criminals and stolen identities across the internet with Amyn Gilani and Learn to become a cybersecurity technician with Charles DeBeck.
Sources
- Threat Intelligence, September 2021, Gartner IT Glossary
In this Series
- Threat intelligence researcher: Is it the career for you?
- Top-paying cybersecurity jobs and salary trends for 2024
- The importance of IT certifications in boosting your career
- Understanding the role of a network engineer in IT
- The role of the chief information officer (CIO) in cybersecurity
- What is a network engineer and how to become one?
- What does a system administrator do and how to become one?
- Cyber security hiring: Tips and best practices
- Cybersecurity soft skills: Career benefits of public speaking
- CompTIA Data+ certification: Opening doors to new careers
- Surviving cybersecurity burnout: Tips from industry experts
- How to make a mid-career change to cybersecurity
- 7 top security certifications you should have in 2024
- The Changing Role of the Modern SOC
- Discover the top 5 information security management certifications
- CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
- The best cybersecurity jobs in 2023: Trends, roles and salaries
- Top 10 penetration testing certifications for security professionals (2023)
- How to land an entry-level cybersecurity job: Essential skills and certifications
- 133 cyber security training courses you can take now — for free
- Breaking down barriers: How to make cybersecurity more inclusive and diverse
- Computer forensics interview questions
- The digital security forensic analyst salary guide
- Applying linguistics to cybersecurity: The journey of Jade Brown, a 2022 Infosec Scholarship winner
- The Path to “Career 4.0”: Amy Bonus leverages humanities, FinTech experience to bring Cybersecurity to the layperson
- Security engineer: Degree vs. certification
- Cybersecurity engineer: CyberSeek
- Infosec Accelerate Scholarship winner highlights essential qualities of a successful cybersecurity professional
- Career skills, imposter syndrome and intelligence-led pentesting | From the Cyber Work desk
- Cloud security engineer interview questions and answers
- Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity
- Infosec scholarship winner Kandice Kucharczyk salutes her mentors as she sets her sights high
- Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
- How VetsInTech and Infosec Laid the Path to Gaurav Panta’s New IT Career
- Infosec 2022 scholarship winner Anthony Torres: Bringing the Marine Corps ethos to the cyber domain
- Infosec Scholarship winner Chris Chisholm knows the power of service and diversity in cybersecurity
- Betta Lyon Delsordo, Infosec scholarship 2022 winner, is a true life-long learner
- A veteran transitions from military medical logistics to multi-national security analyst
- An Army National Guard member fast tracks his cybersecurity career transition with VetsinTech
- How a career harnessing Navy nuclear energy can power a transition to a Security+ certification
- What is a cloud administrator? Essential roles and skills
- Security control mapping: Connecting MITRE ATT&CK to NIST 800-53
- Should you take the CCSP/SSCP before the CISSP? [updated 2022]
- (ISC)² certifications: The ultimate guide [updated 2022]
- CCSP vs. Cloud+ [updated 2022]
- Data architect: The ultimate career guide
- The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]
- I failed IAPP’s CIPP/C certification. Here’s how I recovered
- How learning to be "Always Flexible" helped a Marine in earning the Security+ certification
- How to learn and pass your next certification exam
- Mission accomplished: How one army veteran turned neurobiologist moved into cybersecurity
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Professional development
Professional development
Professional development
Professional development
The role of the chief information officer (CIO) in cybersecurity