What is Required to Work in Threat Intelligence Jobs?

CyberTalents has launched a series of webinars about cybersecurity jobs named “What is required to work in cybersecurity jobs?” Throughout our webinar series, we will be talking about different cybersecurity jobs and what is required to work in these jobs? Spotting each job, explaining it in detail, describing its daily operations, resources and training needed, and much more.


There are around 15 to 20 jobs in the cybersecurity field. However, before starting your career, you need to identify which one of those jobs you would like to master. Accordingly, draw your career path, build your plan, and reach your ultimate goals.


Starting our series, we were honored to have “Dr. Ahmed Shosha”,  Senior Threat Researcher at FireEye. Dr. Shosha received his PhD in Computer Science from University College Dublin. His research focuses on malware analysis, reverse engineering, and threat intel.


In this webinar, he covered a lot of information including what is threat intelligence, what is required to work in threat intelligence jobs, and he gave us some tips about how to start in the field, resources to study and, skills needed to have.


Before getting into more details, we need to know first.

What is Threat Intelligence?

Threat Intelligence is considered a new domain in cybersecurity that focuses on gathering intelligence and provides information to organizations related to APT (advanced persistent threats), different threat actors, tactics and techniques used by special groups to attack that specific organization.” Said Dr. Shosha


Another definition that is important to understand is IOCs (Indication of Compromise):

IOCs (Indication of Compromise) is a piece of data that indicates computer intrusion and helps organizations to protect themselves from specific APT groups. This can be malware signature, MD5 hashes, malicious URLs, or similar.

How can Threat Intelligence help in Protecting your Organization?

Imagine that a threat researcher published a report or indication of compromise before a ransomware like wanna cry that infected millions of machines worldwide, raise a flag that this is an imminent threat, we would have protected a huge amount of organizations”. Said Dr. Shosha.

Where can I find the Threat Intelligence Jobs?

Like most the cybersecurity jobs, Threat Intelligence jobs can be divided into two tracks: 

Cyber Threat Intelligence Researcher

This type of job is mainly found on the vendor side like Fireeye, Kaspersky, Symantec, TrendMicro, or any other Threat intelligence vendor. 


One of the main roles of a cyber threat researcher is to keep track of APTs groups (advanced persistent threats), know their motivation, their tools & techniques, the malware they write, and C&C (command and control center), identify their targets.


Are they targeting certain sectors like aviation or oil & gas? Who is behind that “threat actor”? Is it an organization or a group of cyber criminals or a nation-state? Also, threat researchers, not only track existing apt groups, but they expand their role to identify new apt groups.

Cyber Threat Intelligence Analyst

This type of job you can find most of the time at the customer side like Mobile/telecom operators, banks, and large enterprises. 


Analysts receive feeds (Reports or IOCs) from the cyber threat researchers or from different vendors like FireEye, Kaspersky, Symantec, or others where they should understand these feeds, analyze, consume and prioritize them according to their sectors and different threats that target their organizations.

What Kind of Skills are Needed in Threat Intelligence Jobs? 

You need to have a combination of skills to work in Threat intelligence.” Dr. Shosha said. 


Basic and advanced skills in Incident Response, Digital Forensics Malware Analysis and Reverse Engineering, Red Teaming, and Penetration Testing are needed to join threat intelligence jobs”. He added

Resources to Learn Threat Intelligence 

Most of the training is not mature enough. Community is still under development even SANS


However, Dr. Shosha mentioned some resources to help you through your Threat Intelligence journey:

1. Sans FOR578: Cyber Threat Intelligence course: If the course price is not affordable have a look at the outline to know what you should start studying.

2. APTnotes: This is a repository of publicly-available papers and blogs (sorted by year) related to malicious campaigns/activity/software that has been associated with vendor-defined APT (Advanced Persistent Threat) groups and/or tool sets.


3. Another APTnotes This is a repository for various publicly-available documents and notes related to APT, sorted by year.


4. Repository of Yara Rules: This is a repository where different Yara signatures are compiled, classified, and kept as up-to-date as possible.


5. Recommended Books: This is a list of books that is recommended by security professionals in different cybersecurity topics like crypto, malware analysis, digital forensics, and others.


Finally, threat intelligence is a new domain that is slightly different from the cybersecurity field. It focuses on APTs, threat actors, and techniques used by threat actors and is a very highly demanded job across the world now like most cyber security jobs, especially in different antivirus companies.


Read more articles related to cybersecurity jobs: 

What is Required to Work in Malware Analysts Jobs? 

What is Required to Work in Web Penetration Testing Jobs? 

What is Required to Work as a Cybersecurity Engineer in Facebook?

What is Required to Work in Automotive Cybersecurity Jobs?

What is Required to Work in SOC Analysis Jobs? 

What is Required to Work as a CISO?