Abstract: Despite being around for well over six years, the position of a "cyber threat analyst" is one that is still not yet clearly defined. The lack of definition is due to the positions popularity and infancy. For example, there are vastly different job descriptions which are all labeled as "cyber threat analyst". This talk isn't about stating which definition is right or wrong. This presentation is about the set of skills, concepts and theories which enable an analyst to be successful under any definition of "cyber threat analyst". This presentation will provide key theories, concepts and required skills of the profession. For beginners it is a road-map. For experienced analysts it is a cross-pollination of ideas.
Outline: Introduction -An Overview of the Cyber Threat Analyst landscape -A recommended definition for " Cyber Threat Analyst" -Figure out your environment: Porters five forces analysis for the threat analyst Knowing how to talk and organize like a business: Porters Value Chain for SOC and analyst shops -Pick your own risk analysis. Example: Operational Risk Management (ORM) -If you only remember one thing from this talk: The Diamond Model of Intrusion Analysis -Choose your own attack phases: The Lockheed Martin Kill Chain & EC counsel phases of attack -Mitigation and understanding how to use defense in-depth concepts like the Lockheed Martin Cyber Threat Matrix -The Pyramid of Pain..and you! aka No good deed goes unpunished: How to prioritize your analytic life and avoid management's Lenny-like crushing grasp when they love you SOOO much! -Quick check to put it all together -Organizing your research aka pivoting whilst keeping your sanity -Tips on collaboration and avoiding being Alice in Wonderland (common analytic pivoting pitfalls to avoid) -How to support a SOC and play match-maker on the security team -Recommend courses, certifications, reading and means to break into the industry