The Art of Cyber Threat Intelligence - A Complete End-to-End Process

Read more

In the ever-evolving world of cybersecurity, the need for robust and proactive threat intelligence has never been more critical. This book is designed to arm you with the essential knowledge and tools required to establish a world-class cyber threat intelligence (CTI) capability. Authored by Crawford Thomas, a seasoned expert with over two decades of frontline experience in military intelligence and cyber threat intelligence within the financial sector, this guide is not just theoretical-it's a distillation of hard-earned, practical wisdom.
This book is not a typical consultation manual filled with checkboxes and generic advice. Instead, it draws from the real-world experiences of a practitioner who has navigated the complexities of regulatory pressures and excelled in environments that demand nothing less than excellence. Notably, during a recent CBEST testing, Thomas's leadership and the performance of his CTI team were described as "formidable." This recognition underscores the level of expertise and effectiveness you can expect to learn from.
You are invited on a comprehensive journey through the critical stages of building a CTI function: from developing a strategic vision, formulating prioritized intelligence requirements, and selecting the right vendors, to mastering the nuances of intelligence reporting. This book is designed to guide you in creating a CTI capability that not only protects your business, but also enhances its efficacy and fosters an environment of reliability and trust-both internally and externally.
The necessity for this book stems from the current cybersecurity landscape where businesses face an increasing barrage of threats. They require impeccable IT security across all platforms, often taking on risks that stretch beyond their risk appetite. Email systems, provided ubiquitously by major vendors, remain a prime target despite advanced security measures. Meanwhile, the rise of Ransomware as a Service has given a new edge to this already formidable threat, turning organizations into unwitting participants in attacks aimed at third-party applications.
 
What You Will Learn:

• How to build a world leading cyber threat intelligence capability that is threat vector focused.
• Estimate the size of the cyber threat intelligence team you require,
• How to build the prioritized intelligence requirements (PIRs) and collection plan.
• How to select the correct cyber security vendor-in line with the PIRs.
• How to develop 'pull intelligence' production and reporting writing.

 
Who This Book is for:
This book is for all levels of cyber analyst capability. From the beginner, with a hunger to find a definitive answer to 'what is a cyber threat intelligence capability'? To the expert, who is keen to learn of a better way to do their tradecraft. this book is also for the frustrated and burnt out in-house cyber specialist, who has grown cautious of the vendor market, the costs, the lack of integrations. The 10 year cyber expert who is aware of the changing threat landscape and the need to be more dynamic, responsive and efficient.

List of contents

Chapter 1. Understanding the Cyber Landscape.- Chapter 2. Understanding the Business.- Chapter 3. Create the Vectors - Threat First - Actor Second.- Chapter 4. Geopolitics.- Chapter 5. Fraud.- Chapter 6. Spheres of Influence.- Chapter 7. Fusion.- Chapter 8. PIRs (Priority Intelligence Requirements)- Chapter 9. Intelligence Collection Plans (ICPs).- Chapter 10. RFIs (Requests for Information).- Chapter 11. Vendors.- Chapter 12. Intelligence Sources.- Chapter 13. Internal Control Data.- Chapter 14. Intelligence Sharing.- Chapter 15. The Cyber Criminal.- Chapter 16. Scenarios for Testing.- Chapter 17. End to End Process.- Chapter 18. Heat Maps.- Chapter 19. Inherent Threat vs. Residual Risk.- Chapter 20. AI Emerging Technology.- Chapter 21. The Attack Surface.- Chapter 22. The MITRE ATT&CK Framework in Cyber Threat Intelligence.- Chapter 23. The Stakeholders.- Chapter 24: Intelligence Report Writing The CTI Output.- Chapter 25: Intelligence Maturity Balancing Growth with Purpose.- Chapter 26: The Near Future What Else is Going On.- Chapter 27: Final Thoughts of Significance: Lessons Beyond the Page.

About the author

Crawford Thomas is a former officer in the British Army, with over 20 years service. As a Scotsman, he joined a Scottish infantry regiment, The Argyll and Sutherland Highlanders. After an eventful 10 years, deploying on rural and urban tours in Northern Ireland, as well as squeezing in a 8 month tour as a platoon commander in the 2/1 New Zealand Infantry Regiment, Crawford found himself in command of the UK Ministry of Defence Anti-Terrorist, Training and Advisory Team at the time of 9/11. Immediately after the attack, he deployed to the British Embassy in Washington, marking the start of his transition to the world of intelligence.
Crawford very quickly made the permanent move to military intelligence, seeing tours of Iraq, Afghanistan, Pakistan, Bangladesh and Latin America. During this busy time, Crawford specialised in all aspects of the Intelligence Life Cycle and all capabilities, with one eye on the future and the day when he’d be hunting for a job in the corporate world. Since leaving the military in 2014, Crawford has built award winning ‘intelligence led’ approaches to cyber security in both regional and global financial institutions. He continues to work in a global bank and finds the most rewarding aspect comes from sharing with peers and benevolent nature of public/private communities. He now is keen to take the sharing one step further in consulting and as an author, putting to print his experiences.

Summary

In the ever-evolving world of cybersecurity, the need for robust and proactive threat intelligence has never been more critical. This book is designed to arm you with the essential knowledge and tools required to establish a world-class cyber threat intelligence (CTI) capability. Authored by Crawford Thomas, a seasoned expert with over two decades of frontline experience in military intelligence and cyber threat intelligence within the financial sector, this guide is not just theoretical—it's a distillation of hard-earned, practical wisdom.
This book is not a typical consultation manual filled with checkboxes and generic advice. Instead, it draws from the real-world experiences of a practitioner who has navigated the complexities of regulatory pressures and excelled in environments that demand nothing less than excellence. Notably, during a recent CBEST testing, Thomas’s leadership and the performance of his CTI team were described as "formidable." This recognition underscores the level of expertise and effectiveness you can expect to learn from.
You are invited on a comprehensive journey through the critical stages of building a CTI function: from developing a strategic vision, formulating prioritized intelligence requirements, and selecting the right vendors, to mastering the nuances of intelligence reporting. This book is designed to guide you in creating a CTI capability that not only protects your business, but also enhances its efficacy and fosters an environment of reliability and trust—both internally and externally.
The necessity for this book stems from the current cybersecurity landscape where businesses face an increasing barrage of threats. They require impeccable IT security across all platforms, often taking on risks that stretch beyond their risk appetite. Email systems, provided ubiquitously by major vendors, remain a prime target despite advanced security measures. Meanwhile, the rise of Ransomware as a Service has given a new edge to this already formidable threat, turning organizations into unwitting participants in attacks aimed at third-party applications.
 
What You Will Learn:

• How to build a world leading cyber threat intelligence capability that is threat vector focused.
• Estimate the size of the cyber threat intelligence team you require,
• How to build the prioritized intelligence requirements (PIRs) and collection plan.
• How to select the correct cyber security vendor—in line with the PIRs.
• How to develop ‘pull intelligence’ production and reporting writing.

 
Who This Book is for:
This book is for all levels of cyber analyst capability. From the beginner, with a hunger to find a definitive answer to ‘what is a cyber threat intelligence capability’? To the expert, who is keen to learn of a better way to do their tradecraft. this book is also for the frustrated and burnt out in-house cyber specialist, who has grown cautious of the vendor market, the costs, the lack of integrations. The 10 year cyber expert who is aware of the changing threat landscape and the need to be more dynamic, responsive and efficient.