The phrase “intelligence drives operations” is more than a concept; it’s a central truth about how we organize our knowledge to design defenses that ultimately keep our services online, our data private, and our customers happy. Moreover, cyber intelligence informs the strategic decision-making processes at the enterprise level by providing context and understanding of the cyber threat landscape.
In my experience, cyber intel can be a compass or a distraction. How many Cozy Bears do you have in your house? Are the spiders scattered? It quickly becomes overwhelming. How can you make sense of the chaos? Let’s explore five concepts I’ve learned to level up your cyber intelligence team.
Prioritize Thought Diversity
Every high-functioning threat intelligence team will place a priority on thought diversity. From creative problem-solving to cultural competence, having a diverse team of different backgrounds will only increase your success as a cyber intelligence practitioner. A diverse team can better understand and communicate with a wide range of stakeholders, including clients, executives, and technical experts.
Perhaps more importantly, diversity can provide dissenting opinions that challenge accepted narratives or assumptions. Overall, thought diversity fosters a more dynamic and adaptive team, better equipped to navigate the constantly changing landscape of threats and the actors behind the threats.
Increase Your Agility
The ability to rapidly reorganize and theory craft is predicated on infrastructure and team members who can quickly reframe information when new data is introduced, especially data that is contrary to what we previously understood. If you aren’t already using automated tools, workflows, and systems to continuously monitor for new threats, vulnerabilities, and emerging trends in the cybersecurity landscape, you are behind the ball.
"If you aren’t already using automated tools, workflows, and systems to continuously monitor for new threats, vulnerabilities, and emerging trends in the cybersecurity landscape, you are behind the ball."
Develop the capability to rapidly collect, analyze, and disseminate threat intelligence in real time, allowing the team to respond quickly to evolving threats. While these tools can be purchased off the shelf, budget-conscious teams can also easily develop these tools using open-source software and services readily available online.
Who You (Don’t) Know
Open-source intelligence (OSINT) is the bread and butter of the threat intelligence industry, but it's critical to incorporate closed communities and trust groups into your program. If possible, having individuals on the team with a security clearance from a federal agency can also enrich your program. Communities built on trusted relationships can be hard to join, but with time and tenacity, you can increase your network substantially and substantively.
A great way to discover these connections is through networking opportunities like industry conferences and events. But don’t discount speaking opportunities and invitations to smaller gatherings to leverage contacts and relationships. And don’t be afraid to ask – often our reluctance to engage is the single most potent inhibitor to our success.
Become the Hype Killer
In the age of clickbait headlines, “Breaking News”, and endless social media scrolls, we have become desensitized to critically engaging with information. Too often, we passively consume information without any analysis, which unconsciously dilutes our ability to provide clear-eyed analysis and opinion. Start engaging critically with everything you read or hear.
The end goal of killing the hype is risk quantification. It’s too easy to declare that the sky is falling once a week. Your message becomes quickly deprioritized when you habitually pull the fire alarms for candles on the cake. Help your teams find the signal in the noise so when it’s time to sound the alarm, you have the right facts to back it up.
Don’t Give Up on Winning
As a direct corollary to killing the hype, we cannot resign to fatalism in what seems like an endless game of cops and robbers. As new zero days emerge, and organized cyber criminals continue to score wins, we shouldn’t become resigned to accepting this as reality. Defenders can prevail, and we need to focus our resources and alliances on defeating those who seek to steal and destroy. We must adopt Defend Forward cybersecurity strategies that bring this fight to our adversaries’ doorstep.
Remember, this battle isn’t just numbers on a screen, this is an existential war we must win. The stakes have never been higher. This is a fight to keep clean water flowing to our homes and schools, a fight to protect our hospitals and banks, and ultimately, a fight to preserve our democracy. It’s up to us to focus, organize, and bring our best to the digital front lines.
