The most useful technical signs for describing intrusions, cyberattacks, and adversarial operations are often the malware that has been distributed, exploited C2 domains, linked IP addresses, file hash values, and a host of other factors. Nonetheless, a common misperception among those outside of the fields of information security and cyber threat intelligence (CTI) is that these actions are merely accidental technological events. The human element in these activities is highlighted by the Diamond Model, a foundational paradigm in CTI: threat actors with their goals and motives, and victims with their weaknesses and effects.
The axis of the human dimension of cyberattacks, known as Social-Political in the original model, is located between the Adversary and the Victim. Professionals with non-technical backgrounds can offer important viewpoints in this broad domain. The human aspect of hostile operations, cyberattacks, and incursions is what allows specialists without a technical background to enter the CTI field.
Technical expertise will probably continue to dominate the CTI profession. But it is expanding, and there are more and more opportunities for experts from non-technical or non-traditional backgrounds. But keep in mind that not every organization with a CTI function is looking for non-techies. Significant regional variations also exist. This is a growingly popular professional path in the United States and a few other English-speaking nations with a strong intelligence analytic culture; however, circumstances in other regions of the world are different.
How precisely might experts with non-technical backgrounds improve CTI? Since this is my own background and experience, I will primarily concentrate on social science graduates; however, the following can be applied to many other non-technical backgrounds, including business studies, linguistics, area studies, communication and journalism, anthropology, legal studies, or education, to mention a few.
Solving Complex Problems and Identifying Patterns
Graduates in social science are prepared to assess intricate political, social, and economic systems and may offer a more comprehensive understanding of cyberthreats. Social scientists are adept at finding trends and patterns in big collections of quantitative and qualitative data.
Threat Actor Identification
Graduates in the social sciences can shed light on threat actors’ motivations, thought processes, and social dynamics, among other psychological and sociological characteristics. This has the potential to increase danger anticipation and enemy profiling.
Efficient Interaction and Multidisciplinary Teamwork
If stakeholders and decision-makers are not reached with the greatest technical knowledge and insights, they are useless. Graduates in social science are capable of translating intricate technical data into language that is understood by all members of the organization. Additionally, social science graduates may be skilled at cooperating with technical specialists, business executives, and other stakeholders due to their background in interdisciplinary work.
Intelligence for Strategy and Global Context
Cyberattacks frequently have a geopolitical component. Graduates in social science bring knowledge of regional politics, international relations, and cultural dynamics to the table that can be invaluable in determining the causes and possible global effects of cyberthreats. They can aid in the gathering of strategic intelligence by examining the potential effects of geopolitical developments on cyber threat environments.
Methodological rigor, research, and critical thinking
Social scientists receive training in both qualitative and quantitative research methodologies, as well as critical thinking. This enables them to combine data analysis with qualitative insights, conduct investigations into cyber events, and objectively evaluate the data that is already available. They are able to modify the evaluation language to the subtleties of intelligence gaps that are characteristic for CTI analysis, and they are aware of the limitations of different sources of data.
Intelligence Open-Source (OSINT)
Among recent social science grads, OSINT is becoming a more and more popular field. Although OSINT investigations in CTI have a specific emphasis, they can be exciting journeys that pique our interest and add significance to CTI teams’ threat research and hunting endeavors.
Development of Policy
Developing internal rules and procedures can benefit greatly from an understanding of the processes involved in policymaking. Traditionally, security policy design has not been the primary responsibility of CTI; yet, effective policies ought to be guided by threats. For the mitigation (now what?) portion of your threat reports or other deliverables, you might as well be asking for feedback from other people.
Cross-disciplinary Knowledge and Ongoing Education in CTI
The non-techies are not the only ones who know anything about this. A lot of technical people who are interested in global context and social science frameworks and are eager to learn more about them are drawn to CTI. To become a proficient CTI practitioner, a CTI analyst must integrate a wide range of non-technical notions, primarily related to intelligence analytic tradecraft, into their cognitive processes.
Bring your non-technical knowledge to CTI at the same time! My areas of expertise were intelligence analysis, research methodology, and the backdrop of international security. Perhaps they are area studies, risk assessment techniques, social engineering indicators, communication theory, behavioral economics, or area studies. The field of CTI is still developing; not everything is as codified as we would like. This offers essential chances for you to contribute fresh viewpoints that could enhance and diversify it. Examine your university texts; there are likely many concepts, frameworks, and techniques that are just waiting to be implemented in CTI. Diverse viewpoints and areas of expertise can be integrated to improve CTI and provide real benefits to our stakeholders.
