Please upgrade your web browser

These pages are built with modern web browsers in mind, and are not optimized for Internet Explorer 8 or below. Please try using another web browser, such as Internet Explorer 9, Internet Explorer 10, Internet Explorer 11, Google Chrome, Mozilla Firefox, or Apple Safari.

How can I best prepare for a Cyber Threat Intelligence-type role?

Veteran

Justin Baker Evans, GA

Thanks so much for helping us out today, IBMers! Most of my experience lies in SIGINT/intel but I have 1.5 yrs of supporting the GSA's web app scan team. I hold the GSEC, GCIH, and GPEN certs. That being said, since COVID hit, I've been a homeschool teacher to my kids and have been working in a non-tech role. I feel incredibly rusty and my confidence is a bit shot. How can I best prepare to apply for an entry level role with IBM?

Per a mentor's advice, I'm currently preparing by building a tool in python to leverage virustotal's API and will also take advantage of Splunk's free training for Veterans. I'll also be studying up on the cyber kill chain and diamond model. I'd greatly appreciate any feedback as to whether that's a solid plan of attack or if my time is better spent elsewhere. Thanks again for your time - I greatly appreciate it!

*fun fact* My 'gramps' was an old school IBMer. He joined the team as an Air Force Vet. I have some old stock certificates from IBM lying around here somewhere.

16 November 2020 9 replies Interviews

Answers

Advisor

Andrew Foster

Justin,

As you indicated the Cyber Kill Chain and the Diamond Model are good starting points. I'd also recommend investing some time in the following:

https://www.researchgate.net/publication/324091298_Threat_Agent_Library_Helps_Identify_Information_Security_Risks This white paper breaks down hackers into categories. When someone says "hacktivist" what does that mean & how can we use that label to our advantage? Why do we categorize different types of hackers different ways?

https://stixproject.github.io/getting-started/whitepaper/ This paper covers STIX, which is a human & machine readable language for Threat Intelligence. It seems to be struggling to gain dominance in the market, but in my mind it's the future of Threat Intelligence.

https://attack.mitre.org/resources/getting-started/ If you haven't heard about MITRE ATT&CK, you will once you hit industry. I'd recommend spending some time learning the concepts behind the creation of the framework & exploring the framework's contents. It's quickly becoming the dictionary for describing malicious activity.

https://www.betaalvereniging.nl/wp-content/uploads/TaHiTI-Threat-Hunting-Methodology-whitepaper.pdf Is more of a Threat Hunting framework, but it's good to understand how your intelligence outputs will be utilized. It's one of many different Threat Hunting frameworks, I don't have any strong evidence to suggest any one framework is better or worse than others.

http://drtomlifvendahl.com/OODA%20Loops.pdf - "OODA Loops" - How to prevent analytical gridlock. Good concepts, difficult to implement.

If you are going to end up in a leadership position, the following are worth a read. They might be familiar to you, but they weren't when I was in the service working in roles where I would have benefited from the concepts described.

"Intelligence Preparation of the Battlefield" -
https://home.army.mil/wood/application/files/8915/5751/8365/ATP_2-01.3_Intelligence_Preparation_of_the_Battlefield.pdf

Intelligence Preparation for Operational Resilience (IPOR) -
https://resources.sei.cmu.edu/asset_files/SpecialReport/2015_003_001_448159.pdf

Finally, if you are looking to make sure you are well rounded, take a look at the SANS FOR578 syllabus, here: https://www.sans.org/cyber-security-courses/cyber-threat-intelligence/ If you have working knowledge of most of the concepts listed here, you will do fine in most Threat Intelligence roles.

Threat Intelligence is a fairly new discipline and there is still a lot of disagreement on what is expected of Threat Intelligence analysts. Unfortunately "Threat Intelligence" in many places is just glorified OSINT, and change isn't happening very quickly in the industry. Others think it's a tool or service. Be sure you get a good sense of what a potential employer defines as Threat Intelligence and what your deliverables will be, or risk unending frustration.

17 November 2020 Helpful answer

Advisor

Richard Darden Leesburg, VA

Justin,

Thanks for your service. I suggest taking a look at some of the job postings and see what types of certifications they are offering. IBM has a lot of cyber security positions open. Some entry level, some apprenticeship programs. Some more advanced. Take a look at these something might fit your interests and skills:
https://www.ibm.com/us-en/employment/veteran_talent/#jobs?%23jobs=&job-search=cyber%2520security&job-category=Human%2520Resources

Another thing to consider is a lot a colleges/universities are offering certificated in Cyber Security, many of which you can do totally online, If you want to brush up on your skills.

Good Luck!

Dick

16 November 2020 Helpful answer

Advisor

Evan Gubler Vail, AZ

Hey Justin. I did SIGINT in the army for 5 year as well and transitioned to software development with IBM a few years ago. If you are still completing your bachelors or masters degree, internships are a great way to get your foot in the door while still studying. That's how I was able to land my current career. Here is a link to current internships if you're interested:
https://www.ibm.com/us-en/employment/internships/

16 November 2020 Helpful answer

Advisor

Jeff Immel Jasper, GA

Justin,

Great to see that you also have some stock in IBM. Appears that your duty station was Fort Gordon? Besides applying for job roles at IBM.com, you should also check out Technology Association of Georgia (tag.org). They are also the technology resource for many companies in Georgia and your skills are in high demand. Best wishes and thanks for serving this great nation!

16 November 2020 Helpful answer

Advisor

Tom Holtzclaw Kansas City, MO

Hello Justin,

I am a Cyber Security Analyst at IBM. Sounds like you have some solid experience. Go post for a job. What do you want to do in Cyber Security? There are many roles and areas of expertise. We need good people.

Throw the lack of confidence out the window!

16 November 2020 Helpful answer

Advisor

Alexander McCreary Kennesaw, GA

Hi Justin, I would not fret too much over 'rust.' Clearly you have the aptitude for it, plus some experience, so don't let it discourage you. I am not aware of any role in tech that requires you to know everything all at once. I'd continue on your pursuit for knowledge in relevant topics (ex. Cloud). I'd also check out Onward 2 Opportunity through Syracuse and most definitely network on LinkedIn.

16 November 2020 Helpful answer

Veteran

Daniel King Andover, MA

Justin,
Your on the right path and your background with Threat Intell is very much in demand, even if you think you're rusty. Given your background, there are likely a bunch of opportunities for you in Cyber Security that would dovetail with just about everything that you have been doing. The certs are always valuable, but the path here is to apply and get the conversation started. IBM Security has positions in GA that would probably fit exactly what you are looking for if you want to stay there and more if you want to try something else. The biggest single thing that helped IBM find me was optimizing my Linked In account so that the data ML pinged. Key words, good job descriptions and tailored resumes got me in the door and then it was relatively easy.

16 November 2020 Helpful answer

Advisor

MARK THIELE Longmont, CO

Justin,

Being a homeschool teacher should get you a combat patch. ;)

IBM MSS (Managed Security Services) has a lot of opportunities in the world of Seurity.

Check https://careers.ibm.com/ to see which jobs interest you & what they require for degrees or certifications.

16 November 2020 Helpful answer

Veteran

Justin Baker Evans, GA

@Mark I appreciate that! And thank you for the resource - checking it out now.

Your Answer

Please log in to answer this question.

Sign Up

You can join as either a Veteran or an Advisor.

An Advisor already has a career, with or without military experience, and is willing to engage with and help veterans.
Sign Up as an Advisor.

A Veteran has military experience and is seeking a new career, or assistance with life after service.
Sign Up as a Veteran.