How do I start a career in cybersecurity threat intelligence?

Cybersecurity threat intelligence (CTI) focuses on understanding adversaries: who they are, what they target, and how they operate. CTI analysts collect, analyze, and disseminate intelligence that helps organizations make informed security decisions. This field bridges technical analysis and strategic advisory, making it attractive to professionals with analytical and research backgrounds.

Entry paths: SOC Analyst with a focus on threat analysis (1 to 2 years), military or government intelligence analyst transitioning to cybersecurity, or OSINT researcher building cybersecurity specialization. The NICE Framework work role 'Cyber Threat/Warning Analyst' (AN-TWA-001) defines the core competencies: threat methodology knowledge, OSINT collection, indicator analysis, and intelligence report writing.

Required skills: proficiency with threat intelligence platforms (MISP, ThreatConnect, Anomali), understanding of MITRE ATT&CK framework for technique mapping, OSINT collection techniques, malware analysis basics (behavioral analysis, indicator extraction), report writing for both technical and executive audiences, and understanding of geopolitical factors driving threat actor motivations.

Key certifications: GCTI (GIAC Cyber Threat Intelligence) is the gold standard. GREM (GIAC Reverse Engineering Malware) adds technical depth. CompTIA CySA+ provides a foundational analytical framework. FOR578 (SANS Cyber Threat Intelligence) is the most recommended course. Many CTI professionals also hold CISSP for broader credibility. DecipherU's threat intelligence career guide covers specialization options including strategic CTI, tactical CTI, and operational CTI.