In this guide
This guide is all about what it takes to earn a certified threat intelligence analyst (CTIA) certification.
Earning a professional certification indicates that you have invested the time and energy to acquire and demonstrate specific skills relevant to your career.
It shows that you are serious about your professional development and provides potential employers with an easy method to make an initial assessment of your suitability for specific jobs.
Millions of professionals belonging to thousands of associations use certifications to demonstrate their dedication to standards specific to their industry.
For cybersecurity workers alone, there are dozens of certifications from which to choose. Security-focused associations design each to highlight a knowledge base and set of skills needed in security.
Professional certifications are essential for hiring agencies and human resource professionals to find, evaluate, and hire cybersecurity workers.
In the early stages of sourcing qualified job candidates, employers use professional certifications as a high-level qualification standard because they know these individuals have passed a rigorous examination to validate their knowledge.
Each security practitioner decides to pursue and achieve a professional certification for their unique reasons. Some find the challenge of learning the material required to pass the exam an effective and organized way of staying abreast of current best practices and new technologies.
Others value the career advancement opportunities that come with holding a certification, either by changing employers or advancement within their current organization. Nearly all certification holders appreciate the sense of belonging to an elite group of dedicated professionals that comes with earning a professional certification.
Wise HR pros understand that some highly qualified job seekers opt not to pursue professional certification for one reason or another.
These individuals can be overlooked by a hiring manager that requires certification, even though they would otherwise be well qualified. At the same time, other candidates have all the proper credentials for a job, but other characteristics may make them a poor fit for the job in question.
What is a CTIA certification?
EC-Council developed the Certified Threat Intelligence Analyst (CTIA) certification to help organizations hire qualified cyber-intelligence trained professionals that can identify and mitigate risks by converting unknown internal and external threats into quantifiable threat entities.
Sometimes referred to as a ‘hunter-killer’ team, CTIA holders are often deployed as members of a ‘Blue Team,’ responsible for threat identification, and tasked to employ threat assessment tools to mitigate active and potential cyberattacks.
According to Gartner, a leading technology research and consulting firm,
“Threat intelligence (TI) is evidence-based knowledge, including context, mechanisms, indicators, implications, and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.”
“to validate information security professionals who are equipped with the necessary skills and knowledge required in a specialized information security domain that will help them avert a cyber conflict, should the need ever arise.”
CTIA certification could be beneficial for anyone seeking to find or advance their employment in a cybersecurity job that requires the use and understanding of threat intelligence. A few of these jobs include:
- Computer Forensics Analyst
- Cybercrime Investigator
- Digital Forensic and Malware Analysts
- Incident Response Team Members
- Malware Analyst
- Penetration Tester
- Security Analyst
- Security Code Auditor
- Security Consultant
- Security Engineer
- Security Specialist
Designed for mid to high-level cybersecurity professionals and anyone from the information security profession who wants to enrich their skills and knowledge in cyber threat intelligence, the CTIA has broad applications in the security industry.
What are CTIA requirements?
In most cases, the only CTIA certification requirements are to attend and complete official EC-Council CTIA training through an accredited partner and then pass the certification exam.
Candidates who pass the exam will receive their CTIA certificate and membership privileges.
Alternatively, candidates can submit an application showing a minimum of two years of experience in the information security field. All candidates must pay the $100 application fee. Additionally, all members are required to adhere to the policies of the EC-Council’s continuing education policy.
How much does CTIA training and certification cost?
To help students prepare to take the CTIA exam, the EC-Council offers various training and self-learning options.
Regardless of the training option chosen, all students must purchase an application fee of $100.
Students who prefer a less structured learning experience can purchase the CTIA v1 e-Courseware for $250 and six months of access to the EC-Council virtual iLabs environment for CTIA for $199.
To sit for the exam, candidates must purchase a CTIAv1 ECC Exam Center Voucher for $450
Purchasing an official e-courseware or iLabs access doesn’t guarantee that the student can pass the exam. Students can refer to any study material to prepare to sit for the exam.
Candidates are encouraged to refer to the exam blueprint before registering for an exam.
For candidates that prefer a package that includes the above items plus instructor-led training, EC-Council offers the Certified Threat Intelligence Analyst for CTIA—From $1,399.00
The base training package includes
- Instructor-led training modules (one-year access)
- Official e-courseware (one-year access)
- iLabs (six months access)
- Exam voucher
- Certificate of completion
- Introduction to Threat Intelligence
- Cyber Threats and Kill Chain Methodology
- Requirements, Planning, Direction, and Review
- Data Collection and Processing
- Data Analysis
- Intelligence Reporting and Dissemination
More than 40 percent of instructor-led class time is dedicated to learning practical skills using labs.
The lab simulates a real-time environment consisting of the latest operating systems and popular platforms like Kali Linux for planning, collecting, analyzing, and disseminating threat intelligence.
Students have hands-on experience with the latest threat intelligence tools, techniques, methodologies, frameworks, and scripts.
Deep dive into the CTIA exam
A candidate’s exam application is valid for three months from the approval date. During that period, the candidate must purchase their exam voucher. After buying the voucher, the candidate has one year to take the exam.
The exam contains 50 multiple choice questions, and candidates have two hours to complete it. To pass the exam, candidates must get 70 percent of the questions correct.
CTIA course learning objectives and exam basis of knowledge include:
- Critical issues in the InfoSec domain.
- Importance of threat intelligence in risk management, SIEM, and incident response.
- Various cyber threats, threat actors, and their objectives for cyberattacks.
- Fundamentals of threat intelligence (including threat intelligence types, life cycle, strategy, capabilities, maturity model, frameworks, etc.)
- Cyber kill chain methodology, Advanced Persistent Threat (APT), Indicators of Compromise (IoCs), and the pyramid of pain.
- Threat intelligence program steps (Requirements, Planning, Direction, Review).
- Types of data feeds, sources, and data collection methods.
- Threat intelligence data collection and acquisition through Open-Source Intelligence (OSINT), Human Intelligence (HUMINT), Cyber Counterintelligence (CCI), Indicators of Compromise (IoCs), and malware analysis.
- Bulk data collection and management (data processing, structuring, normalization, sampling, storing, and visualization).
- Data analysis types and techniques including Statistical Data Analysis, Structured Analysis of Competing Hypotheses (SACH), etc.
- Complete threat analysis process including threat modeling, fine-tuning, evaluation, runbook, and knowledge base creation.
- Different data analysis, threat modeling, and threat intelligence tools.
- Creating effective threat intelligence reports.
- Different threat intelligence sharing platforms, acts, and regulations for sharing strategic, tactical, operational, and technical intelligence.
CTIA candidates with two or more years of relevant work experience who are confident they have mastered these learning objectives can consider challenging the exam without taking the training course.
CTIA salary information
Because the CTIA certification applies to many security roles, the average salary will vary.
Obtaining this certification, like many others, will qualify a candidate for advancement to higher-paying positions or may entitle them to increased compensation in their current role.
With the soaring demand for experienced cybersecurity professionals in the market today, obtaining a CTIA may open doors for mid to high-level positions.
Read more about how to choose the best cybersecurity certifications here.
According to the job site Indeed, advertisements that often require or compensate for CTIA certification include roles such as:
- Intelligence Analyst
- Cybersecurity Analyst
- Cyber Threat Intelligence Analyst
- Military Intelligence
- Intelligence Support Specialist
- Intelligence Operator
- Active Cyber Defense Operator
- Senior Intelligence Analyst
The average salary for these jobs ranges from $50,000 to $150,000 per year.
Skills, experience, and talents that employers commonly want for jobs that include CTIA as a desired certification include:
- Threat Intel Platform (TIP) experience – Anomalies, Recorded Futures, or other TIP experience.
- Must have worked as a Cyber Threat Intel Analyst in a prior role.
- Splunk ES experience.
- Must have polished oral and written communication skills. Ability to produce products based on the research performed on IOCs in Threat Intel platforms.
- Two years or more experience with alert analysis in a computer network intrusion/detection environment or a similar field is desirable.
- One to three years of experience working in an operations environment; or previous SOC/NOC experience.
- Working knowledge of current vulnerabilities and attacks.
- BS degree with 8+ years of experience, and CTIA certification.
- Must be a US Citizen and must undergo Public Trust clearance.
- Serve as an all-source cyber threat intelligence analyst.
- Develop and hold regional expertise on cyber network operations, emerging cyber threats and trends, and the evolving policy and regulatory framework related to cyber security.
- Investigate threat information, fuse it with other relevant information, and analyze data for patterns and actionable information.
- Collect, analyze, catalog, and assist in the deployment of indicators of compromise (IOCs) in partnership with the Cybersecurity Incident Response Team (CSIRT) to understand incidents and help refine detection and response efforts.
- Develop and maintain expertise in a wide variety of technology platforms, threat vectors, and threat actors to track cyber campaigns using internal and external data.
- Perform analytical support focused on cyber doctrine, policies, strategies, capabilities, and intent to conduct cyberspace operations and cyber-oriented groups, individuals, organizations, tools, tactics, and procedures.
- Assist with drafting, editing, critiquing, and proofreading threat intelligence assessments and briefs.
- Work closely with functional senior leaders to ensure threat intelligence analysis and products are mapped to prioritized corporate assets and risks.
Core responsibilities of these jobs are often described using these or similar requirements:
- BA or BS degree in International Relations, Security Studies, Intelligence Studies, Political Science, Cyber Security, related field, or equivalent experience.
- Possession of excellent oral and written communication skills.
- Two to four years of experience with all-source cyber intelligence analysis.
- Experience with collecting, analyzing, and interpreting qualitative and quantitative data from multiple sources.
- Experience with cyber intelligence, computer network operations, information operations, information warfare, or cyber topics.
- Knowledge of current hacking techniques, vulnerability disclosures, data breach incidents, and security analysis techniques.
- Familiarity with link-analysis methods and software (Maltego, Palantir, Analyst Notebook).
- Ability to communicate intelligence and analysis of cyber threats in various forms (written production; briefings) for a senior-level audience.
- Ability to develop specific expertise, discern patterns of complex threat actor behavior, and communicate an understanding of current and growing cyber threats.
- Considerable working knowledge in one or more of the following topics: Cybercriminals, Point-of-Sale malware, Financially motivated cyber groups, Hacktivism, DDoS attack methods, Malware variants, Mobile and Emerging Threats, Social Engineering, Insider Threats.
- Can apply various cyber-related analytic techniques to identify, track and support analysis of cyber threat actors and events. Examples of these techniques include but are not limited to using the Diamond Model, Kill Chain Methodology, and MITRE ATT&CK Framework.
The US Bureau of Labor Statistics indicates that they expect the job outlook for Information Security Analysts to grow 33 percent from 2020 to 2030. This anticipated increase is much faster than the average rate of job growth.
Earning a CTIA certification signals to your current employer, or potential future employer, that you are knowledgeable about cyber threat intelligence and have what it takes to excel in the field. This certification can set you apart from the crowd and help you stand out as a serious applicant for desirable positions within organizations that integrate TI into their cyber risk mitigation efforts.
This certification should be considered by security professionals desirous of moving from an entry to mid-level job to a mid to high-level position. Even seasoned professionals will learn additional skills as they study to pass the CTIA exam.
For those who aspire to the top cybersecurity positions, such as CISO, holding a CTIA and other certifications will demonstrate their well-rounded experience. Because it is pretty specialized around threat intelligence, the CTIA is not often listed among the most common or popular cybersecurity certifications. This can benefit practitioners wishing to validate their understanding of how TI is used to protect digital assets.