No two days are the same working as a Cyber Threat Intel Analyst and I'm always keen to start the day early and find out what's in store. We have a wide range of Intel sources across a few different platforms, so my first job is to check in on any auto generated alerts which may indicate that a customer that we're providing dark web monitoring for may have a developing issue they're not yet aware of. One of my favourite parts of my role is performing a deeper investigation on any threat warning which could be impactful on a customer, making sure they are warned about an emerging threat and are given proactive advice to take action. This can mean sending them short intel alerts and advisories.
After checking through all customer monitoring and alerting, I always move on to the largest part of my daily work which is customer investigations and research. These are deeper investigations and reports which customers have requested, usually deep dives into individuals and their social media usage, attribution to any dark web activity and an assessment of their tools and capabilities. It's always astonishing how much information can be collected, even when people are trying to cover their tracks on the web.
Often as part of an investigation, customers ask if some malicious or otherwise untoward activity would have been possible to perform on the open and dark web. If this is the case, I add into my report an 'Analysis of Competing Hypothesis' (ACH) where the feasibility of different scenarios are considered and assessed. I particularly enjoy this part of my work as it gives me the freedom to analyse different possibilities in an investigation and present them all, allowing the customer to see a case from different perspectives and address the scenario they would like to mitigate against the most. Often, I'm invited to join in calls with the customer to explain the different scenarios and help them workshop their approach.
We always aim to keep a little time back each day for our individual research and development projects. Some of our personal projects can turn out to be new monitoring and tracking capabilities which are then used across all the intel team. I always keep a close eye on new open source intel tools, utilities and platforms to test out in our dev environment at this time.
At the end of the day, after all the new customer requests for monitoring, alerting and research have been processed we can start to close down knowing that our systems are working through the night ready for us to pick up again in the morning, or send out of hours alerts to the on call team for anything especially serious. However, it's not all just work! Even though we have a hybrid working model, often other colleagues are in and around the main office and we often go out together after work for a short while.
Registered in England and Wales (number 14885394) whose registered office is at 20-22 Wenlock Road, London, N1 7GU.
Address: 20-22 Wenlock Road, London, N1 7GU
Email: contact@blackroomintelligence.comPhone: +44 (0) 208 058 2971Linkedin: linkedin.com/black-room-intel.png)
.png)
