Cyber Threat Intelligence Professionals: The Tired, Overworked, Under-Appreciated Hope of 21st Century Security

Aaron Perkins
5 min readJan 1, 2022

--

Cyber Threat Intelligence Professionals: We Need You!

In a world where technology is constantly evolving, the need for cyber threat intelligence professionals has never been greater. Cyber threats are becoming more sophisticated and more frequent as time goes on, and we have seen an increase in ransomware, data breaches, phishing attacks, and virtually every type of social engineering scam. This means that organizations must be proactive in their defense to protect themselves from these imminent threats to their infrastructure, their customers, and ultimately, to protect themselves from their own demise.

As cyber threat intelligence professionals, we understand our organization’s environment inside and out. We know the systems that are in place, the vulnerabilities that exist, and the threats that pose the greatest risk to the business.

And. We. Are. Tired.

So Incredibly Tired

Cyber threat intelligence (CTI) professionals are some of the most burnt-out, tired, overworked, and under-appreciated people in the 21st century security field. We are often taken for granted and are not given the recognition we deserve for the work we do. We often feel undervalued and unappreciated, which unsurprisingly leads to a lot of frustration and burn-out.

This is a shame, because as CTI professionals we are essential to the security of the networks and data billions of people rely on every day. We work hard to keep everyone safe online, and honestly, it’s exhausting.

Is It Really That Bad?

Cyber threat intelligence has become increasingly important in recent years. As the Internet of Things, Operational Technology, and Web 3.0 becomes more popular and widespread, there are more devices connected to networks. These things make all of us more vulnerable, not through any fault of their own, but simply because they are new targets for attackers. It is imperative we have people dedicated to collecting and sharing information about both the threats we face and the tools and techniques used by attackers so we can defend against them effectively.

One More Time, for Those in the Back

Cyber threat intelligence professionals are some of the most important people in the world today — and we are some of the most overworked and misunderstood employees on the payroll. In the current “talent war”, we are a precious commodity that any organization can afford to lose only at its own peril.

But It’s Not Your Fault

What used to be one of the most rewarding career paths under the IT umbrella has come down to an ungrateful job where workers are typically burnt-out after less than two years in the trenches.

The overworked state of CTI professionals is nothing new, but it’s getting worse, because despite their best efforts, organizations keep loading us up with more and more work, but full disclosure again, this is not the fault of any single organization.

Threat actors are growing increasingly more sophisticated, and the advances in artificial intelligence (AI), machine learning (ML), and other automation tools make cybercrime not only lucrative, but disturbingly simple to scale.

Why Do CTI Professionals Feel So Overworked and Misunderstood?

Here are the main reasons that those of us who have to deal with wide-ranging investigations into cyber attacks on an hourly basis feel so overworked and misunderstood:

The CTI profession is still immature — To perform our jobs effectively, cyber threat intelligence professionals need sophisticated data feeds, but even the industry is still fragmented. In fact, ask 10 CTI professionals what CTI is, and you’re likely to get 10 different answers. Ask anyone else in the business what CTI is, and those answers will likely differ even more.

Many of us have even considered switching careers, in part because the industry is simply not what we expected it to be.

CTI is more than a single tool, or feed, or anything else. Without an accurate comprehension of what CTI really is, the reins have been handed to firms that provide tools and other resources for enhancing and enabling CTI teams.

But CTI is so much more than these tools, and the more quickly we can all agree on what cyber threat intelligence is (and what it is not), the faster we can better protect ourselves and our organizations.

The temptation of numbers — Another major complaint is the number of open cyber attack cases that each CTI professional has to deal with simultaneously, which means that we have to manage a multitude of workflows.

A lack of communication — Another major issue is a lack of communication so that cyber threat intelligence professionals don’t have to spend an inordinate amount of time searching for the tools and data they need.

This is especially true for CTI practitioners who are not a member of an ISAC or who do not have a Discord, Slack, or Telegram channel full of trusted peers where they can freely share what they are working on, what their challenges are, and just “let their hair down” a bit.

A lack of training — Finally, as cyber threat intelligence professionals we simply don’t receive enough training we need to do our jobs effectively.

Look, I know CTI as a career field is still in it infancy, but “go figure it out while you’re working” is not an acceptable training plan.

While it’s impossible to keep up with every new tool and capability offered, organizations need to understand that training cyber threat intelligence professionals is absolutely essential, and oh, by the way, it doesn’t need to break the bank either.

The CTI profession is a demanding one that requires an understanding of what cyber threat intelligence is (and is not), the goals of the CTI program, and where it all fits into the organization, and the reality is, none of this is going to happen automatically.

That’s why I started The CTI Schoolhouse, a place where cyber threat intelligence professionals can get the training we need to not only improve our own skills, but also those of our teams, organizations, and even the wider community.

And maybe, just maybe, we can all figure out how to avoid burnout along the way.

--

--

Aaron Perkins

Cyber Crisis Comms. Specialist (15+ years) | Husband | Daddy to 3| Speaker | Veteran