Pathfindx Logo
Sign in Get Started Free

Threat Intelligence Analyst Career Roadmap

Threat intelligence analysts research adversaries - their motivations, capabilities, and tactics - to help organizations anticipate and prepare for attacks. This role sits at the intersection of research, analysis, and strategic communication.

Threat Intelligence Threat Analyst CTI Analyst Intelligence Analyst Threat Intel Malware Analyst Reverse Engineer Malware Researcher

What Makes a Great Threat Intelligence Analyst

The best threat intel analysts connect dots that others miss, turning raw data into actionable intelligence. They tailor their output to the audience - technical IOCs for SOC teams, strategic assessments for executives - and constantly question their own assumptions.

Related Articles

Threat Landscape Overview What Are Infostealers? What Is ClickFix Social Engineering? Ransomware, Firewall & VPN Exploitation

Entry Level

$65,000–$85,000

You're learning to collect and process threat data from open sources, map adversary behavior to frameworks like MITRE ATT&CK, and write clear intelligence reports that help defenders take action.

Skills

OSINT research MITRE ATT&CK framework IOC analysis Report writing Threat feed monitoring Indicator pivoting Dark web monitoring basics

ATT&CK Focus Areas

Initial Access

Understanding how adversaries gain entry - phishing campaigns, supply chain compromise - is the foundation of threat reporting

Phishing (T1566), Supply Chain Compromise (T1195)

Reconnaissance

Tracking how threat actors gather targeting information helps predict who they'll hit next

Gather Victim Identity Information (T1589), Search Open Websites/Domains (T1593)

Certifications

CompTIA Security+

Foundational security concepts

200h study · 3yr validity · 50 CPE · $75/yr CE fee

CompTIA CySA+

Threat detection and analysis

250h study · 3yr validity · 50 CPE · $75/yr CE fee

Tools

MITRE ATT&CK Navigator OpenCTI MISP VirusTotal Shodan

Learning Platforms

  • TryHackMe (Cyber Threat Intel path)
  • Cybrary CTI courses
  • MITRE ATT&CK training

Key Questions to Explore

  • What is the MITRE ATT&CK framework and how do I use it?
  • How do I research a threat actor's TTPs?

Sign up free to explore these topics with AI-powered guidance.

Mid Level

$95,000–$130,000

You're producing finished intelligence, writing detection signatures from your analysis, and building threat models that inform security architecture. You're developing attribution skills and starting to track campaigns.

Skills

Malware triage YARA rule writing Threat modeling Diamond Model analysis Attribution methodology Campaign tracking Stakeholder-tailored reporting

ATT&CK Focus Areas

Command and Control

Analyzing C2 infrastructure reveals adversary operational patterns and enables campaign tracking

Application Layer Protocol (T1071), Proxy (T1090)

Resource Development

Tracking how actors acquire infrastructure, tools, and capabilities enables early warning intelligence

Acquire Infrastructure (T1583), Develop Capabilities (T1587)

Certifications

GCTI

CTI lifecycle, reporting, and dissemination

300h study · 4yr validity · 36 CPE · $479/yr

CTIA (EC-Council)

Threat intelligence analysis methodology

200h study · 3yr validity · 120 CPE · $80/yr

Tools

Maltego ThreatConnect YARA MISP Galaxies Recorded Future

Learning Platforms

  • SANS FOR578
  • HackTheBox Sherlocks
  • Intel471 webinars

Key Questions to Explore

  • How do I build a threat intelligence program?
  • What are the key indicators for APT attribution?

Sign up free to explore these topics with AI-powered guidance.

Senior Level

$140,000–$185,000

You're shaping your organization's intelligence requirements, briefing executive leadership, and building relationships with intel-sharing communities. Your assessments influence strategic security investments.

Skills

Strategic threat assessments Intel program management Stakeholder briefings Threat landscape forecasting Intelligence requirements development Cross-org intelligence sharing

ATT&CK Focus Areas

Collection & Exfiltration

Understanding data targeting and exfiltration methods reveals adversary strategic objectives

Data from Information Repositories (T1213), Exfiltration Over C2 Channel (T1041)

Impact

Assessing destructive capabilities - ransomware, wipers, sabotage - informs strategic risk assessments for leadership

Data Encrypted for Impact (T1486), Data Destruction (T1485)

Certifications

CISSP

Security leadership and governance

400h study · 3yr validity · 40 CPE · $125/yr AMF

GREM

Advanced malware reverse engineering

350h study · 4yr validity · 36 CPE · $479/yr

Tools

Custom STIX tooling Diamond Model frameworks Strategic intel platforms

Learning Platforms

  • SANS leadership courses
  • CTI Summit
  • Peer intel sharing (ISACs)

Key Questions to Explore

  • How do I measure threat intel program effectiveness?
  • What's the process for strategic threat assessments?

Sign up free to explore these topics with AI-powered guidance.

Resources

Books

  • Intelligence-Driven Incident Response by Scott Roberts & Rebekah Brown
  • The Diamond Model of Intrusion Analysis by Sergio Caltagirone et al.
  • Structured Analytic Techniques for Intelligence Analysis by Richards Heuer & Randolph Pherson

Communities

  • r/cybersecurity
  • MISP Project community
  • CTI League

Podcasts

  • Risky Business
  • The CyberWire Daily
  • SANS Internet Stormcast

Related Career Paths

SOC Analyst Penetration Tester Incident Responder Detection Engineer Threat Hunter AI/ML Security

Start Your Threat Intelligence Analyst Career

Free to use. No credit card required.

Get Started Free

Ask your first question in seconds.