Cyber Threat Intelligence is a highly dynamic field, even more so than the typical cyber security realms. There are numerous companies identifying and chasing down specific groups of threat actors, giving these groups names, and categorizing them based on their skill sets, target preference, or other qualifiers. What was particularly interesting about this field of study was to learn about the intelligence gathering cycle, and how it uses scientifically proven and specific methods which are well respected within and outside of the intelligence community. These activities are not hastily thrown together dossiers to be taken lightly by decision makers. For this reason, I provided my Cyber Threat Intelligence Plan (CTIP) as an example in the Cyber Threat Intelligence section. It demonstrates the level of energy and commitment required by analysts to identify threats, vet the likelihood they are a risk, and then provide actionable information to decision-makers to help mitigate or minimize the risks. This is not a process to be taken lightly, and it is continuous rather than done once and forgotten.
Intelligence, and also security, analysts can read the data provided incorrectly, and then may provide the incorrect information to decision makers. This would seem a natural consequence because of the increasing amount noise, or irrelevant information, they must comb through. The amount of data being generated internally on systems and networks and on the Internet is extraordinary. So, it makes sense that sometimes these persons may not get the correct information from an analysis process. However, the filtering of noise into actionable information which can help decision makers make the right call is the ultimate aim of the intelligence gathering lifecycle. I firmly believe that in the immediate future, artificial intelligence, deep learning, and machine learning processes will be required to assist intelligence analysts in this endeavor. But for now, understanding that there is a well vetted cycle, and that when proper methods are employed, we can maximize the value of our CTIP work means a lot given the level of commitment required to create a CTIP.
The CTIP creation processed expanded my respect for the field through my understanding of how information is gathered, reviewed, analyzed, packaged, and passed on to decision makers. This demonstrated to me the level of professionalism I must continue to seek, ensure it is included in every piece of work I produce and ensure that when it comes to protecting my organization from harm by any threat actor, I remember my sworn ethical duty as a certified security professional and as a subject matter expert to my organization.
Intelligence, and also security, analysts can read the data provided incorrectly, and then may provide the incorrect information to decision makers. This would seem a natural consequence because of the increasing amount noise, or irrelevant information, they must comb through. The amount of data being generated internally on systems and networks and on the Internet is extraordinary. So, it makes sense that sometimes these persons may not get the correct information from an analysis process. However, the filtering of noise into actionable information which can help decision makers make the right call is the ultimate aim of the intelligence gathering lifecycle. I firmly believe that in the immediate future, artificial intelligence, deep learning, and machine learning processes will be required to assist intelligence analysts in this endeavor. But for now, understanding that there is a well vetted cycle, and that when proper methods are employed, we can maximize the value of our CTIP work means a lot given the level of commitment required to create a CTIP.
The CTIP creation processed expanded my respect for the field through my understanding of how information is gathered, reviewed, analyzed, packaged, and passed on to decision makers. This demonstrated to me the level of professionalism I must continue to seek, ensure it is included in every piece of work I produce and ensure that when it comes to protecting my organization from harm by any threat actor, I remember my sworn ethical duty as a certified security professional and as a subject matter expert to my organization.