Ian Thornton-Trump CD is an ITIL certified IT professional with 25 years of experience in IT security and information technology. From 1989 to 1992, Ian served with the Canadian Forces (CF), Military Intelligence Branch; in 2002, he joined the CF Military Police Reserves and retired as a Public Affairs Officer in 2013. After a year with the RCMP as a Criminal Intelligence Analyst, Ian worked as a cyber security analyst/consultant for multi-national insurance, banking and regional health care verticals. Today, as Chief Information Security Officer for Cyjax Ltd. (UK) & Chief Technical Officer of Octopi Managed Services Inc. (Canada), Ian has deep experience with the threats facing small, medium and enterprise businesses. His research and experience have made him a sought-after cyber security consultant specialising in cyber threat intelligence programs for small, medium and enterprise organisations. Headshot courtesy of Thornton Trump
Image by RAEng_Publications from Pixabay
Good intelligence analysts are made and not born. There are some people who have a natural aptitude for intelligence work — cyber or otherwise — and it is fair to say they may progress faster in the field. However, give me the raw materials of a recent graduate from a general arts programme, STEM or, yes, even computer science, and they can be an intelligence analyst in the cybersecurity field.
There are four myths that are blockers to embracing the profession of “Intelligence Analyst” as a career option. Let’s dive into these four myths and help tackle the existing cybersecurity talent gap while stacking your organization with future security leaders.
Myth 1: You must be trained by the military or an agency.
This is absolutely the biggest blocker to an “Intelligence Analyst” career. It is the perception that you can’t be an Intelligence Analyst without that “sort of training.” But the analytical thought process can be learned outside of the angry rantings of a Company Sergeant Major. In fact, it has been my experience and observation that “institutionalized” intelligence analysts may have highly analytical skills and exceptional training but that “war fighting” training may degrade empathy and lead to a more likely institutional bias: hating the enemy or cybercriminal can be highly motivating but runs the risk of dehumanizing the person behind the keyboard or rifle. If you de-humanize the threat actor, it’s hard to get inside the threat actor’s decision-making process.
Myth 2: You must be super smart.
Again, and certainly in my case incredibly untrue. I suffered from dyslexia as a child with the nuns of my school beating the dyslexia out or smarts into me — depending on your perspective. As a result, I started to focus on learning to learn. My spelling is still fairly poor — as anyone that sees my social media posts or texts with me on a regular basis can attest to. The reality is that I know a lot as a 53-year-old student of cyber history. I can absorb knowledge — thanks to extensive role-playing game campaigns, and with an undergraduate degree in religious studies and my interest in Eastern Europe history which I continue to read and learn about. Intelligence analysis is not “rocket science;” in fact, I would say it’s not science at all — it is more akin to a philosophy with sociology and psychology as heavy influences. Marcus Aurelius’s “Meditations” may be of more use to an Intelligence Analyst than “Sun Tazu the Art of War.” Learning how to think analytically is more valuable than just thinking analytically.
Myth 3: You must be a good writer.
With five peer-reviewed journal papers under my belt and my thoughts and commentary published in some of the largest newspapers and publications, I may have shaken off some imposter syndrome. I could have never imagined myself as a writer of any capacity suffering as I did during my younger years from dyslexia. What I can say is anything substantial I have done has been because of great editors Pete, Tristan, Terry, The Beer Farmers — along with many others. Stringing thoughts together with some sort of coherence and formulating a logical thought based — all too often – on the premise that the status quo in cyber is incorrect. You get to the point where “Anger becomes your Cardio” and not only are you writing, you’re also being provocative — not a bad thing. As you progress in your career you will receive guidance. In a recent event I dropped 955 changes to a manuscript to make the analysis from a recent hire the world class level it was. The more you write, the better you get — it’s some sort of continuous improvement zen mind thing that is true.
Myth 4: You must be disciplined.
The best analytical minds roam freely. That sounds profound and it may be the kind of insight which illustrates my points above. The human mind does not work nine to five — well at least mine does not. I’ve written some of my best Huffington Post articles completely exhausted after a New Zealand, Australia, London and Norway trip in a little fishing village off the coast in the Lofoten Islands and smashed out articles for TripWire from the VIP tables of Ministry of Sound while listening to a live set of Sasha and John Digweed. My point here is that inspiration, insight and non-linear thinking can happen at any time…and good intelligence analysts must embrace it, whenever and wherever it happens.
Why and how Cybersecurity Threat Intelligence has become some esoteric profession which “regular folks” could never aspire to is a large con job perpetrated by training vendors and firms primarily populated with ex-military and ex law enforcement (I’m both) in management positions. The bottom line is that security leaders can encourage anyone to be in this field and the only thing needed to bring to the table is passion, a sense of curiosity and willingness to learn.
Spoiler alert: generating an intelligence product is a process and nearly anyone can follow a process. Sometimes obstacles in life are illusions. Wow. There I go again with the profound.
Ian Thornton-Trump CD is an ITIL certified IT professional with 25 years of experience in IT security and information technology. From 1989 to 1992, Ian served with the Canadian Forces (CF), Military Intelligence Branch; in 2002, he joined the CF Military Police Reserves and retired as a Public Affairs Officer in 2013. After a year with the RCMP as a Criminal Intelligence Analyst, Ian worked as a cyber security analyst/consultant for multi-national insurance, banking and regional health care verticals. Today, as Chief Information Security Officer for Cyjax Ltd. (UK) & Chief Technical Officer of Octopi Managed Services Inc. (Canada), Ian has deep experience with the threats facing small, medium and enterprise businesses. His research and experience have made him a sought-after cyber security consultant specialising in cyber threat intelligence programs for small, medium and enterprise organisations. Headshot courtesy of Thornton Trump
You must have JavaScript enabled to enjoy a limited number of articles over the next 30 days.
Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company. Interested in participating in our Sponsored Content section? Contact your local rep.
Situational awareness should be at the forefront of your security program. It can mean the difference between life and death in a workplace emergency.
Security’s digital transformation is now entering stage 5. Complex security technologies are connected to HR systems, global security operations centers, and other building technologies in a world where employees now work in two places: home and the corporate office.
Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.
Copyright ©2022. All Rights Reserved BNP Media.
Design, CMS, Hosting & Web Development :: ePublishing