# Threat Intelligence, What is it?
Threat Intelligence by definition is data that is collected, processed, and analyzed to understand a threat actor’s motives, targets, and attack behaviors. Threat intelligence enables us to make faster, more informed, data-backed security decisions and change their behavior from reactive to proactive in the fight against threat actors. (CrowdStrike)
# Do we need it?
Yes, absolutely! These reports are essential to forecasting threat actors motives, and require in-depth research behind them to piece it all together. Without these
analytical reports, companies, customers, individuals are out of the loop as to what is going on in the cyber landscape. It's up to Intelligence to piece it
all together and make a concise, succint, fool-proof report about current attacks and vectors happening on the internet.
# Cool, so what?
Exactly. So what? That is the main question as to why you're reading an Intelligence report in the first place. Why should you, a CEO, a Director, an Analyst, a Technician
read these reports in the first place? Simple, to see the current attacks that is happening within our space. Cybersecurity isn't just about protecting yourself
and your company - well it is - **BUT**, it is also understanding bigger picture. You see the cyberlandscape from a higher point of view and map out potential and possible attacks
in the future.
# Understandable, what skills does it take to get into Intelligence?
If you're just starting out, write-ups to current cyber labs, or research is a great start. However, in order to take it to the next-level, one must seperate their
own personal writing style and cater it to organizations and customers. You're not writing for yourself anymore. That is one key take away that I've learned from starting
my first Intelligence job. Intelligence must be understood across the boards, and not just to yourself and your peers.
Another characterstic trait is being a sleuth. Having your investigative mindset to see if these companies that are being targeted are true, real companies.
There are many companies out there that faulty, sketchy, or unheard of, that is where your decision making comes in to determine if these companies are worth mentioning.
Additionally, understand why these attackers are aiming for these targets. Go back to cybersecurity basics and see what these companies Assets, data, customers are.
Finally LOTS of reading and writing (*groan, I know*). But that is essential in any career-field and industry. After my first week at work, it immensely shows the gap of my current
ability and where it needs to be. I thought, I wrote well, but again most writing is for myself and blogging. Changing that style to a more work oriented report takes time, and my language and
rhetoric needs to improve without a doubt.
# Sum it up!
Intelligence is a highly sought out field in our cyber career/culture. And I mean who doesn't like to tell their friends and family *"I work in Intelligence, scoff).*
Aside from that it's imperative to keep learning, practicing, and exercise that analytical thinking of yours. And you may say, "Easy, I've got those skills!" and you
probably may have, however, implementing them into writing takes time for your ideas and writing to cultivate.
# Resources!
Primary research and examples derive from CrowdStrike. They have an awesome breakdown of what Threat Intelligence is, who it benefits, and why it's so important! Link: https://www.crowdstrike.com/cybersecurity-101/threat-intelligence/
Another good example to understand Threat Intelligenc would be EC-Council Link: https://www.eccouncil.org/cyber-threat-intelligence/
Flashpoint is also another prime example of Threat Intelligence. Here they cover the Intelligence Life-Cycle in-depth. https://flashpoint.io/blog/threat-intelligence-lifecycle/
If you're looking for Intelligence Report examples there are tons on Google. Remember, Intelligence in itself is a different field. It is the course of
effectively getting your message across without any ambigous jargon, or self input. Intelligence in Cybersecurity is the specialization of Intelligence
within Cyber so you need to understand that. There are multiple Intelligence fields which cater to different sectors:
* Cybersecurity
* Government
* Legal
From there we can break down the specific types of reports that should be written. Here are a few types of categories company classify the type of Intelligence report that should be written
*(Source of Image from Flashpoint.io)*
# Thanks!
If you've read this I just wanted to say thank you for spending your invaluable time! Cybersecurity is hard. And as many leaders in the field say, "To understand cybersecurity,
is to understand you are a student of cybersecurity." Feel free to connect with me on Linkedin!