By Oxana Parsons
The demand for threat intelligence and knowledge about active threats facing your systems continues to grow. In fact, the threat intelligence software and services market is expected to be valued at $26.15 billion by 2028. After all, if you know who’s targeting your organization and with what sort of attack, you can better defend critical business systems.
Despite these market signals, it can be challenging to gain alignment from senior executives on the value of threat intelligence or – in some cases – even understand what a threat analyst does with their time.
Part of the problem is that threat intel analysts often don’t speak the same language as senior leaders. As CISA Director Jen Easterly noted recently, cyber professionals and threat analysts often use highly technical language, or what she called “nerdspeak.” Talking to senior leaders in a way they understand is critical to demystifying cybersecurity.
RSA: The Conference that Proves the Point
In June of this year, I attended my very first RSA Conference. Among the threat intel community, RSA is viewed as a very vendor-centric and marketing-oriented conference. I’ll admit to sharing that perspective, but I was also surprised at how much technical content was at the conference.
The core difference between RSA and some of the more technical conferences that I’ve been to, however, is that the focus of the sessions was more strategic than tactical, or “down in the weeds.” Of course, there were a lot of vendors pitching their products, but I also attended sessions around blockchain and threat analyses that I found directly relevant to my job.
That high-level, strategic focus, even in sessions with more technical content, was the important bit about the conference, I found. It was a strong reminder that my key audience, as a threat intel analyst, is my or my customer’s senior leadership. This means that being able to speak, or write, their language and place my analysis in context is critical. RSA was a strong reminder of that, and I learned a lot about the kind of ways to talk with senior executives.
Meet Executives Where They are with Threat Intel
Understanding how threat actors operate and where they intend to strike is a key part of building out a strong threat intelligence program. The challenge is that threat intel isn’t always easily tied to business results: unlike my cybersecurity colleagues, we’re not configuring firewalls or implementing other defenses to stop a breach.
What we are doing is providing insight into potential minefields facing corporations. Say, for example, that there is a post on a dark web forum that talks about targeting a specific pharmaceutical organization. That information is something we gather alongside other threat data and curate into an intelligence report.
This report often ends up in the hands of a CISO or a senior leader who’s able to decide how to shore up the defenses of their organization against this specific threat. That report isn’t valuable unless it’s in a language that a senior leader can use to make a decision.
After attending the RSA Conference and, later, hearing Director Easterly emphasize the need for less “nerdspeak,” it reminded me that threat intelligence is even more effective when the material is framed in non-technical language. As a practice, doing this empowers organizations to act faster and has the added benefit of making the value of threat analysts much clearer to the organization.
Where to Take Threat Intelligence from Here
The argument that Director Easterly makes is a good one. Threat intelligence is often misunderstood – like cybersecurity more generally – and one of the most efficient ways to rectify that is to work hard to eliminate the overly technical jargon from how we communicate.
The threat intel team here at LookingGlass works hard to make sure that the threat intel we provide to our customers is actionable, with context baked into our findings. Only in that way can ensure the relevant people understand the information we provide and continue to see the value in it. Threat intel as a practice needs to do the same.
Looking for more strategic insights on the threat landscape? Sign up for the LookingGlass Cyber Monitor today.
