BruCON 0x0E

The cyber threat intelligence (CTI) analyst role is arguably the most recent entrant to emerge under the cyber security career tracks with the job role, responsibilities, and skill requirements wide ranging and not well understood by organization leadership or cyber security peers. During this talk, we use the newly developed, open sourced, Mandiant Cyber Threat Intelligence (CTI) Analyst Core Competencies Framework, which outlines the predicate knowledge, skills, and abilities requirements for analysts to aptly support organizational risk exposure reduction initiatives.

We unpack the significant overlaps that exist between those in a cyber threat analyst's role and the other cyber security disciplines defined by NIST SP 800-181 to provide the groundwork for threat hunters, incident responders, red teamers, and others to understand how to optimize collaboration and support received from cyber threat intelligence analysts. We highlight the overlaps by examining the Framework's identifies 4 underpinning pillars--Problem Solving, Professional Effectiveness, Technical Literacy, and Cyber Threat Proficiency--with a distinct focus on how acute knowledge of cyber adversary operations can empower hunters and red teams to properly perform adversary emulation when testing the security posture of an organization.

We conclude by discussing how organizations can use this framework as a guidepost to grow and shape their CTI programs; ensure proper knowledge, skills, and ability coverage commensurate to support organizational cyber security elements; and to inform future training and hiring decisions.