• We’re Hiring
  • Request Demo
  • Support
  • Log In
  • Product keyboard_arrow_down
  • Solutions keyboard_arrow_down
  • Customers
  • Partners
  • Blog
  • Resources keyboard_arrow_down
  • Get started arrow_forward
  • Product
  • apps
    Overview
    Learn more about threat intelligence powered by machine learning
  • blur_on
    Technology
    See how collection from an unrivaled breadth of sources powers risk insights
  • developer_board
    Integrations
    Combine threat intelligence with your existing security technology
  • announcement
    Services
    Let our team of world-class analysts help you apply threat intelligence
  • device_hub
    API
    Connect to our real-time threat data through a flexible rest API
  • create
    Training
    Become an expert in threat intelligence through our educational programs
  • Solutions
    people By Role
  • Incident Response
  • Security Leadership
  • Security Operations
  • Threat Analysis
  • Vulnerability Management
  • extension By Need
  • Brand Monitoring
  • Dark Web Monitoring
  • Indicator Enrichment
  • Third-Party Risk
  • Threat Hunting
  • Threat Intelligence Platform
  • Threat Intelligence Feeds
  • business By Industry
  • Energy
  • Financial Services
  • Government
  • Healthcare
  • Retail
  • Resources
  • email
    Cyber Daily™
    Join over 35,000 subscribers who get daily threat insights by email
  • mic
    Podcasts
    Listen to our podcast to supercharge your threat intelligence knowledge
  • book
    The Book
    Download our new book to learn everything about threat intelligence
  • ondemand_video
    Webinars
    Watch live and on-demand webinars to hear from industry experts
  • how_to_reg
    Grader
    Take this short survey to assess your threat intelligence maturity
  • chrome_reader_mode
    White Papers
    Read our white papers to keep up with the latest threat intelligence advice
  • video_library
    Videos
    Watch our videos to see firsthand the power of threat intelligence
  • menu
    close
    • Product
      • Overview
      • Technology
      • Services
      • Integrations
      • API
      • Training
    • Solutions
      • Threat Analysis
      • Security Operations
      • Incident Response
      • Vulnerability Management
      • Security Leadership
      • Indicator Enrichment
      • Brand Monitoring
      • Threat Hunting
      • Cyber Risk Trends
      • Threat Intelligence Feeds
      • Financial Services
      • Healthcare
      • Retail
      • Energy
      • Government
    • Customers
    • Partners
    • Resources
      • Cyber Daily
      • Webinars
      • Podcasts
      • White Papers
    • Login
    Changing Hats: From Enterprise Security to Threat Intelligence as a Service
    Recorded Future Blog

    Changing Hats: From Enterprise Security to Threat Intelligence as a Service

    By Diana Granger on March 29, 2018

    In the cybersecurity space, the role of an analyst varies widely. Two job listings for different companies with the exact same title, such as “security analyst,” might have completely different job functions or levels of responsibility. Some organizations have small security teams with analysts managing a broad scope of information security functions with help from third-party security vendors, while others are structured to have more specialized analysts focused on deep-diving into one facet of cybersecurity, such as vulnerability management or threat intelligence.

    The contrast I want to focus on, and one I have personally experienced, revolves around the question, “Who are you protecting?” As a technical threat analyst at Recorded Future, I am focused on providing threat research for customers from a vast set of industries and geographies. Contrarily, my previous role as a security analyst at a financial services company revolved around protecting one company within the financial services industry. Reflecting on my two years on an internal security team and one year in threat intelligence as a service, I will reflect on the advantages and challenges each role brings, as well as why they can be stronger together.

    Wearing Many Hats (Defending an Enterprise)

    My first job after graduating with a degree in computer science was as a security analyst within an investment management company’s IT department. My responsibilities touched on a few different aspects of information security, but my frame of reference hinged on threats relevant to the financial services industry and the nuances of that company. I supported compliance controls by monitoring for suspicious activity on critical databases and responded to audit requests. I maintained metrics around the organization’s risk exposure and provided security awareness training for new employees. And if any of our systems alerted on a possible intrusion on our network, I dropped all of this to investigate the incident. I’m sure this sounds familiar to many security analysts with smaller, less specialized teams.

    This many-sided role allowed me to see how all of the moving parts of an organization’s cybersecurity program fit together. I became familiar with many security technologies and learned how to communicate about security to different audiences. However, it also limited the time I had left to invest in research and threat intelligence. For me, in our relatively young security program, this did not go much further than finding indicators of compromise (IOCs) to integrate into our automated intrusion detection systems. It was a work in progress and a small part of my day-to-day, but it was also a good starting point, just as my other responsibilities were the starting point for my transition to a threat intelligence-focused role.

    Wear the Hat That Fits (Threat Intelligence as a Service)

    While threat intelligence was not a big part of my first job, my technical background and incident response experience were well-suited to the technical threat analyst role in Insikt Group, Recorded Future’s threat research component. The investigative nature of my past role is particularly applicable, as my main focus now is surfacing actionable threat leads, such as new malware variants or campaigns, and efficiently communicating my findings to our customers. I utilize our software and data heavily to perform and summarize research I probably wouldn’t have had time to do in my previous role.

    While my job functions have become more focused on research and reporting, the scope of relevant information has increased tenfold. Our customers are spread across many industries and countries, so it is necessary to operate with a more worldly view and learn about the attack vectors that impact different types of organizations.

    Hat in Hand

    While there are many qualities that distinguish the above roles from each other, I believe that these distinctions also leave room for the analysts in these roles and their organizations to help each other. I use my experience as a security analyst at an investment management firm to analyze threats that may impact organizations in the financial services industry, and feedback from organizations in this industry and in others helps me understand their pain points and how I can enable them to better defend themselves.

    In turn, as an analyst for a threat intelligence service provider, I can do deep-dive research and analysis on emerging threats and then present that analysis in a way that is easy for our customers to consume, whether it is a detailed blog post or a brief analyst note, so they can make the best decision for their organizations’ security going forward.

    Diana Granger

    Diana Granger is a technical threat analyst with the Insikt Group at Recorded Future.

    Up next:
    2017 Vulnerability Report: A Shift in Cybercriminal Preferences

    Every year we analyze thousands of sources, including code repositories, deep web forum postings, and dark web onion sites to bring you the top 10 vulnerabilities used by cybercriminals.

    11 months AGO
    Scott Donnelly
    Cyber Daily Banner
    listRecent Posts
    • How to Build Comprehensive Security Processes With Threat Intelligence

      By Andrew Scott

      on February 15, 2019

    • Third-Party Risk: Keeping Your Friends Close and Your Enemies Not as Close

      By Zane Pokorny

      on February 14, 2019

    • 4 Ransomware Trends to Watch in 2019

      By Allan Liska

      on February 13, 2019

    • How Dragos Protects Industrial Control Systems With Threat Hunting

      By The Recorded Future Team

      on February 12, 2019

    • The Value Proposition of Finished Intelligence

      By Zane Pokorny

      on February 11, 2019

    Copyright © 2019 Recorded Future, INC.
    Product
  • Overview
  • Technology
  • Integrations
  • Services
  • API
  • Resources
  • Blog
  • Cyber Daily
  • Podcasts
  • Webinars
  • White Papers
  • Company
  • About
  • Events
  • Press
  • Contact
  • Jobs
  • Information
  • Support
  • FAQ
  • Terms
  • Privacy
  • Cookies
  • Copyright © 2019 Recorded Future, INC.
    closeclose