Day in the Life of a Senior Threat Intelligence Analyst

8 min readJul 14

What does a day in the life of a cyber threat intelligence analyst look like?

I often thought this when starting out, along with what a SOC analyst actually does and exactly how busy are CISOs. I have been a senior cyber threat intelligence (CTI) analyst for quite some time now and can divulge the secrets!

Whether you are new to cyber security or just curious about what other cyber security professionals get up to, this article will answer your questions. It details what my typical workday looks like, what daily tasks I perform, and how this improves the cyber security of my organization.

I have split my day into two chunks. The morning, where I get my daily tasks completed, and the afternoon where any follow-ups from the morning happen and the focus shifts to program or personal development. Let’s start from the beginning.

Morning

I typically start my day at 6:00 AM. I get up, make myself a nice cup of black coffee (instant), hydrate, and stare at the sun for 10 minutes. I’m told this is supposed to help you wake up, but I have no idea at this point, and I’m just trying to make the most of the British summer. Finally, I feed the dog and begin my day.

From 6:30 to 9:00 AM, I work on any side projects or side hustles I have on the go. I need to complete these tasks by the end of the day or make significant progress, so I like to get these out the way first. Then the workday begins with my daily tasks, which can be split into threat intelligence, vulnerability intelligence, and threat hunting.

Threat Intelligence Tasks

To start our day, the team will analyze threat intelligence from a range of open sources and our Threat Intelligence Platform (TIP) to see if any new threats are relevant to our organization. If we find a new threat, we validate any indicators related to it (to ensure the indicator won’t trigger false positives when we hunt for it) and then add it to our CTI database.

The team focuses daily on ingesting operational and tactical intelligence that we can make actionable and hunt for. The strategic intelligence is collected and added to a backlog that is reviewed every month to shape the direction…

Day in the Life of a Senior Threat Intelligence Analyst

Morning

Threat Intelligence Tasks

Written by Adam Goss

More from Adam Goss

Python Threat Hunting Tools: Part 12 — MISP and CrowdStrike Falcon Integration

Discover how to automatically export IOCs from your MISP instance and upload them into the EDR solution CrowdStrike Falcon.

Threat Intelligence with MISP Part 7 — Exporting IOCs

Discover how to use the MISP API to export attributes as IOCs that you can upload to security tools for detection/blocking automatically.

Python Threat Hunting Tools: Part 11 — A Jupyter Notebook for MISP

Learn how to create a Jupyter Notebook using Python to interact with your MISP instance and drastically speed up your CTI operations!

Creating Your Own CTI Aggregator for Free: A Complete Guide

Learn how to create a cyber threat intelligence aggregator to automatically collect and organize open-source intelligence for free!

Recommended from Medium

Threat Intelligence with MISP Part 6 — Using the API

Learn how to use the MISP API to get statistics, search for attributes and events, and visualize your data through the power of code!

Day 76 — The Inner Workings of SOC Architecture

Hello Cyber Enthusiasts!

Lists

Staff Picks

Stories to Help You Level-Up at Work

Self-Improvement 101

Productivity 101

How to investigate a Phishing Email? A step by step guide !

Phishing emails are a common and dangerous form of cyber-attack that aims to deceive individuals into revealing sensitive information or…

Best Free SOC Analysis Tools

A pivotal component of the defense strategy is the Security Operations Center (SOC), the nerve center responsible for detecting, analyzing…

Cyber Security Certifications are USELESS if You Don’t Do These Things…

Credits to https://pauljerimy.com/security-certification-roadmap/

How I built my personal cybersecurity advisor GPT 🤖