CyberTalents has launched a series of webinars about cybersecurity jobs named what is required to work in cybersecurity jobs?. Throughout our webinars series, we will be talking about different cybersecurity jobs, what is required to work in these jobs? Spotting on each job, explaining it in details, describe its daily operations, resources and training needed and much more. There are around 15 to 20 jobs in the cybersecurity field.However, before starting your career, you need to identify which one of those jobs you would like to master. Accordingly, draw your career path, build your plan and reach your ultimate goals.
Starting our series, we were honored to have “Dr. Ahmed Shosha”, senior threat researcher at FireEye. Dr. Shosha received his Ph.D. in Computer Science from University College Dublin. He is currently Senior Threat Researcher at FireEye, his research focuses on malware analysis, reverse engineering, and threat intel. In the webinar, he covered a lot of information including what is threat intelligence, what it is required to work in threat intelligence jobs in addition to that, he gave us some tips on how to start in the field, resources to study and skills needed to have.Before getting into more details, we need to know first:
What is Threat Intelligence?
“Threat Intelligence is considered a new domain in cybersecurity that focuses on gathering intelligence and provide information to organizations related to APT (advanced persistent threats), different threat actors, tactics and techniques used by special groups to attack that specific organization.” Said Dr. Shosha
Another definition that is important to understand is IOCs ( Indication of Compromise)
IOCs (Indication of Compromise): this is a piece of data that indicates computer intrusion and helps an organization to protect themselves from specific APT groups. This can be malware signature, MD5 hashes, malicious URLs or similar.
How can Threat Intelligence help in protecting your organization?
“Imagine that a threat researcher published a report or indication of compromise before a ransomware like wanna cry that infected millions of machines worldwide, raise a flag that this is an imminent threat, we would have protected a huge amount of organizations”. Said Dr. Shosha.
Where can I find the threat intelligence Jobs?
Threat Intelligence jobs as other cybersecurity jobs can be divided into two tracks:
- Cyber Threat Intelligence Researcher: This type of job mainly found on vendor side like FireEye, Kaspersky, Symantec, Trend Micro or any other Threat intelligence vendor. One of the main roles of a cyber threat researcher is to keep track on APTs groups (advanced persistent threats), know their motivation, their tools & techniques, malware they write and C&C (command and control center), identify their targets. Are they targeting certain sectors like aviation or oil &gas? Who is behind that “threat actor”? Is it an organization or a group of cybercriminals or a nation-state?. Also, threat researchers, not only to track existing apt groups, but they expand their role to identify new apt groups.”
- Cyber Threat Intelligence Analyst: This type of jobs you can find it most of the time at customer side like Mobile/telecom operators, banks, and large enterprises. Analysts receive feeds ( reports or IOCs) from the cyber threat researchers or from different vendors like FireEye, Kaspersky, Symantec or others where they should understand this feeds, analyze, consume and prioritize it according to their sectors and different threats that target their organizations.
What kind of resources and skills needed?
“You need to have combinations of skills to work in Threat intelligence,” Dr.shosha said. “ Basic and advanced skills in Incident Response, Digital Forensics Malware Analysis and reverse engineering, Red Teaming and penetration testing are needed to join threat intelligence jobs”. He added.
As per Dr. shosha, having different technical skills is crucial to join threat intelligence jobs. More information about malware analysis skills can be found on what is required to work in Malware analysts jobs?
More information about penetration testing skills can be found on what is required to work in web penetration testing skills?
Links will be updated once we cover the other topics in our webinar series like incident response and digital forensics soon.
Most of the training is not mature enough. The community is still under development even sans courses didn’t cover depth knowledge of the topic. Dr. Shosha mentioned some resources to help yours through your Threat Intelligence journey.
- Sans FOR578: Cyber Threat Intelligence course, if the course price is not affordable, have a look at the outline to know what you should start to study
- APTnotes This is a repository of publicly-available papers and blogs (sorted by year) related to malicious campaigns/activity/software that has been associated with vendor-defined APT (Advanced Persistent Threat) groups and/or tool-sets
- Another APTnotes This is a repository for various publicly-available documents and notes related to APT, sorted by year.
- https://github.com/Yara-Rules/rules This is a repository where different Yara signatures are compiled, classified and kept as up to date as possible
- http://dfir.org/?q=node/8 This is a list of books that are recommended by security professionals in different cybersecurity topics like crypto, malware analysis, digital forensics and others.
Finally, threat intelligence is a new domain that is slightly different from the cybersecurity field. It focuses on APTs, threat actors, techniques used by threat actors and is a very highly demanded job across the world now like most of cyber security jobs especially in different antivirus companies.