Threat Analyst Insights: Eating Your Threat Intelligence Veggies

Posted: 4th January 2019
Threat Analyst Insights: Eating Your Threat Intelligence Veggies

It’s no secret that the most mundane and underwhelming tasks are often the most essential elements to establishing a successful and sustainable path forward in nearly every area of life. Brushing and flossing your teeth every day leads to a life of satisfying and healthy oral hygiene. Consistently eating well-balanced meals and exercising leads to a nourished and rich physical life.

It’s also no secret that the more one forgoes taking these steps, the less satisfaction and success that person will find in that area of growth.

The same principle can be directly applied to the work of a threat intelligence analyst.

Often, the most mundane and underwhelming tasks are the key ingredient for consistently producing substantial and high-value threat intelligence.

Many times, in the moment, these ‘“veggies” can feel unnecessary, trivial, or even unpleasant, but when consistently forgotten, they can seriously debilitate an analyst’s ability to produce and interpret threat intelligence well.

The Veggies of Threat Intelligence

1. Organization

Intelligence can’t be intelligence unless it is organized, clear, and presented in an actionable way.

Often, while going about my day, I find that if I don’t choose to be organized upfront, it can be easy for my process to unravel. If I don’t decide to be guided at the start of my day, then often at the end of my day, I’m left with a bunch of random pieces that don’t quite fit.

To prevent this, I’ve learned to make an effort to be organized from the beginning and actively maintain a sense of organization as I go. When I find myself too much in the weeds, I find myself asking, “How would I categorize what I’ve found so far? Is it actionable? Is it helpful?”

Allowing my work to move through the natural phases of intelligence by using the standards previously set before me keeps my research on the right track.

2. Time Management

During the work day, I have approximately eight hours to accomplish a variety of things. In a world of a hundred different vendors and a hundred different rabbit holes of possibilities, making an active choice to recognize that my time is limited actually empowers me to use it well and use it wisely.

Similar to being organized, I find that when I actively choose to focus on one question at a time, my process of traversing through multiple reports and tools becomes much more guided and easier to move through. Bearing in mind the questions I would like to answer keeps me focused and helps me respect how much time I really have and use it efficiently. I can’t be productive if I’m not cognizant of the amount of time I’m working with. In this way, managing my time is actually empowering me to produce the best work I can.

3. Discipline

Discipline enables trust. Trust enables exploration.

Every day, threat intelligence analysts like myself consume a huge amount of information. We then perform a series of steps and processes in an attempt to transform that information into actionable threat intelligence for a variety of audiences (our customers, our bosses, our peers, and so on).

These steps and processes are primarily rooted in logic and tend to sit in line with the established standards set before us.

Generally speaking, the more rooted in logic a researcher’s threat intelligence is, and the more transparent a researcher is with this information, the more a reader or customer feels confident trusting it. With this confidence established, the researcher feels more empowered to perform their job well.

If an analyst is empowered to do their job well, then they are easily more likely to pursue the question they are most curious about — the question that leads them to the most exciting area of exploration. In this way, disciplined pursuit enables the path for the most exciting threat intelligence possible and ultimately, the best threat intelligence possible.

Do I Have To?

No. You don’t have to do anything you don’t want to do, and you shouldn’t choose to do anything unless it is ultimately empowering and helpful.

If you find difficulty with any of these suggestions, I invite you to consider how a baby first learns to walk.

In the beginning, that baby may experience pain or difficulty. With time and practice, that baby eventually grows into an adult with strong, functional legs — an adult so familiar and reliant on walking they can’t even remember a time where it was ever difficult for them. With time, patience, and support, what was once nearly impossible became a mastered tool utilizable and helpful for nearly all areas of life.

What may feel difficult at first is actually just allowance of exploration. Accepting the tools of organization, time management, and discipline may not be easy at first, but it all begins with the recognition that the tool is worth mastering because it is helpful to you.

So no, you don’t have to. But maybe you should.

Briana Manalo

Briana Manalo is a junior threat intelligence analyst at Recorded Future.