Cyber Threat Intelligence is the assessment, validation and reporting of information on current and potential cyber threats to maintain an organisation’s situational awareness.
Cyber Threat Intelligence guides decision-making within an organisation through assessments that are underpinned by rigorous analysis. If dealing directly with clients, this involves supporting with tactical and operational assessments which enable the clients to identify, track and satisfy their intelligence needs.
Specialist tools are used to help curate personal news aggregators which help Cyber Threat Intelligence teams to focus on the most critical topics. These need to be interpreted to construct a credible view of emerging threats and the development of existing ones.
It is also very important to work closely with colleagues who are responsible for identifying vulnerabilities and deciding how to manage them, which feeds into risk assessments and the planning and management of security controls.
If there’s a security incident involving an intrusion, there needs to be an analysis of the attack and its attribution to an external actor. In some roles, this may involve liaising with other organisations – either cyber threat intelligence specialists or government agencies – to maintain a common view of threats. In some sectors, such as finance, it is common for businesses to share intelligence in order to better protect the whole sector.
Cyber Threat Intelligence research and report on the cyber threats to organisations’ security, to enable the organisation to focus its resources on addressing the risks it faces.
In detail, you might:
For Cyber Threat Intelligence role, titles include:
For more experienced Cyber Threat Intelligence, titles include:
An apprentice starting in Cyber Threat Intelligence might earn a salary of around £22,000.
A Cyber Threat Intelligence role could earn between £22,000 and £60,000. The median figure in February 2021 was £37,875.
A senior Cyber Threat Intelligence role could earn between £60,000 and £90,000. The median figure in February 2021 was £65,000.
These figures are dominated by the salaries for jobs in the UK's larger cities; salaries elsewhere may be lower.
The salary ranges are based on job vacancy advertisements published online in February 2021. Median salary figures are taken from calculations performed by www.itjobswatch.co.uk
Each of the 16 specialisms are based on knowledge areas within CyBOK.
More information on CyBOK knowledge areas can be found here.
Here are the knowledge areas associated with Cyber Security Governance & Risk Management
Core knowledge – you will need a very good understanding of these areas
Technical details of exploits and distributed malicious systems, together with associated discovery and analysis approaches.
The configuration, operation and maintenance of secure systems including the erection of and response to security incidents and the collection and use of threat intelligence.
Understanding an attacker’s motivations and capabilities, and the technological and human elements that adversaries require to run a successful operation.
Related knowledge – you will need a solid understanding of these areas
International and national statutory and regulatory requirements, compliance obligations, and security ethics, including data protection and developing doctrines on cyber warfare.
Wider knowledge – these areas will help to provide context for your work
Explaining the challenges associated with securing a network under a variety of attacks for a number of networking technologies and widely used security protocols, along with emerging security challenges and solutions.
Security management systems and organisational security controls, including standards, best practices, and approaches to risk assessment and mitigation.
The application of scientific tools and methods to identify, collect and analyse digital (data) artefacts in support of legal proceedings.
For the more experienced professional:
CIISec Skills Groups* (additional Skills Groups may also be relevant to particular jobs)
B1 – Threat Intelligence, Assessment and Threat Modelling
D4 – Penetration Testing and conducting Simulated Attack Exercises
F1 – Intrusion Detection and Analysis
*Non-Commercial - No Derivatives (BY-NC-ND) license. 2021 Copyright © The Chartered Institute of Information Security. All rights reserved. Chartered Institute of Information Security®, CIISec. Chartered Institute of Information Security®, CIISec®, AfCIIS®, ACIIS®, MCIIS®, FCIIS® and the CIISec graphic logo are trademarks owned by The Chartered Institute of Information Security and may be used only with express permission of CIISec.
Any role that has developed an aptitude for working in the intelligence analysis and threat cycle and instilled an ability to conduct the kind of analysis required for Cyber Threat Intelligence work could, with additional specialist training, provide a good foundation for working in this specialism.
Such careers and roles include:
With experience, you might progress to become a:
Alternatively, you may move into one of these cyber roles:
Our qualifications framework is currently under development. Sign up to our newsletter here to be notified when this is published.
Entry route information can be found here.
You can also visit the National Cyber Security Centre website at the links below: