As more cyber threat intelligence teams become established, and members of Information Sharing and Analysis Organizations (ISAOs) begin to realize the benefits of threat intelligence sharing for fortifying their networks and reducing liabilities and risks associated with data breaches, there will be an increased need for individuals that understand how to interpret the indicators of compromise (IOCs), enrich the data, and know how to characterize the activity of threat actors that may be engaging in attacks on member networks. There are currently, in our view, very few threat analysts that understand how to use Threat Intelligence Platforms (TIPs), how to read STIX-related data, how to enrich IOCs, how to analyze the patterns in order to test various hypotheses on threat actor intent and motivation, how to make assertions on possible attribution, and how to represent the findings in a manner that will be helpful for decision-makers.
Poaching of cybersecurity talent is a growing concern. As noted in Riley,
“In January 2015, MasterCard hit Nike with a $5M cyber talent poaching suit. The suite noted that companies are desperate for information security talent amid highly publicized data breaches at Target Corp. and Home Depot Inc. While the area is fast growing skilled workers are limited and in demand” (2015).
Currently threat analysts are not only being poached, but they are also being recruited from the ranks of network engineers, database managers, ethical hackers, software developers, and other specialty disciplines that have bearing on the information technology and cybersecurity fields. Even for these specialized workers, there is a steep learning curve to develop an understanding of the tools and techniques used to analyze attacks, to establish threat actor tactics, techniques and procedures (TTPs), and to develop application interfaces (APIs) between TIPs and existing in-house tools for monitoring networks and generating security metrics.
There is a role in workforce training for TIP-based instruction for workers seeking skills upgrades, such as the experienced professionals listed above. In addition, there is a also role for TIP-based training for new analysts seeking to develop a career dedicated to threat analysis.