What does a day in the life of a cyber threat intelligence analyst look like?
I often thought this when starting out, along with what a SOC analyst actually does and exactly how busy are CISOs. I have been a senior cyber threat intelligence (CTI) analyst for quite some time now and can divulge the secrets!
Whether you are new to cyber security or just curious about what other cyber security professionals get up to, this article will answer your questions. It details what my typical workday looks like, what daily tasks I perform, and how this improves the cyber security of my organization.
I have split my day into two chunks. The morning, where I get my daily tasks completed, and the afternoon where any follow-ups from the morning happen and the focus shifts to program or personal development. Let’s start from the beginning.
I typically start my day at 6:00 AM. I get up, make myself a nice cup of black coffee (instant), hydrate, and stare at the sun for 10 minutes. I’m told this is supposed to help you wake up, but I have no idea at this point, and I’m just trying to make the most of the British summer. Finally, I feed the dog and begin my day.
From 6:30 to 9:00 AM, I work on any side projects or side hustles I have on the go. I need to complete these tasks by the end of the day or make significant progress, so I like to get these out the way first. Then the workday begins with my daily tasks, which can be split into threat intelligence, vulnerability intelligence, and threat hunting.
Threat Intelligence Tasks
To start our day, the team will analyze threat intelligence from a range of open sources and our Threat Intelligence Platform (TIP) to see if any new threats are relevant to our organization. If we find a new threat, we validate any indicators related to it (to ensure the indicator won’t trigger false positives when we hunt for it) and then add it to our CTI database.
The team focuses daily on ingesting operational and tactical intelligence that we can make actionable and hunt for. The strategic intelligence is collected and added to a backlog that is reviewed every month to shape the direction…