Intelligence Tradecraft - Sharpen your analytic edge – Details, episodes & analysis

Summary

Listen to Nadia Tuominen's path from crime science student to intelligence analyst in London’s Metropolitan Police, where she learned mostly on the job in a changing organization. She explains how austerity and lack of development pushed her to leave for sports integrity in tennis, then into the financial sector to work on economic crime. A later shift into academia and training lets her “close the circle” by teaching police officers and practitioners, creating qualifications she wishes had existed earlier. Across her journey, she emphasizes intelligence as a reasoning process, the importance of frameworks, elevating analysts from “support staff” to specialists, and helping people think better rather than just learn tools. Nadia emphasizes the need for analysts to be proactive, build relationships, and continuously develop their skills to adapt to the changing landscape of intelligence work.

Key takeaways

• Intelligence is a reasoning process for decision-making, not magic or perfect prediction.
• Definitions of intelligence should fit each organization’s mission and context, rather than chasing one universal formula.
• Frameworks like the UK National Intelligence Model, though imperfect, become clearly valuable once you work in less-structured private-sector environments.
• Analysts should be treated as specialists, not generic “support staff,” to improve respect, pay, and decision quality.
• Training should focus on how analysts think (cognition, self-awareness, bias) as much as on tools and structured techniques.
• Biases are unavoidable and not inherently bad; the aim is to understand and manage them, not pretend they can be removed.
• Many law enforcement analysts lack formal, portable qualifications, so building accessible, practice-based education helps careers and professionalizes the field.

Resources and references mentioned

• NIM https://library.college.police.uk/docs/npia/NIM-Code-of-Practice.pdf
• ICD 203 https://www.dni.gov/files/documents/ICD/ICD-203.pdf
• Intelligence Architecture Mind Map - https://github.com/Errum/IntelArchitectureMap
• Psychology of intelligence Analysis - https://www.cia.gov/resources/csi/static/Pyschology-of-Intelligence-Analysis.pdf
• Analyst & Decision-Maker Conference - https://i2group.com/events/analyst-decision-maker-conference-2026

Chapters

02:59 Journey into Intelligence and Law Enforcement

05:56 Training and Development in Intelligence Analysis

09:12 Transitioning from Law Enforcement to Sports Integrity

12:07 Understanding Intelligence Frameworks

14:51 Exploring Financial Crime and Economic Crime

17:49 The Role of Academia in Intelligence Analysis

20:51 Training and Cognitive Function in Intelligence

23:59 Defining Intelligence: Perspectives and Processes

27:10 The Importance of Forward-Looking Intelligence

29:57 Analysts as Specialists, Not Support Staff

37:13 The Role of Analysts in Decision Making

38:25 Understanding AI and Its Implications

40:30 Critical Thinking in AI Usage

42:35 Explainability and Trust in AI

44:22 Evaluating AI vs Human Intelligence

46:24 The Importance of Input in AI

48:28Training and Experience in Intelligence Analysis

55:33 Measuring the Value of Intelligence

01:01:05 The Dialogue of Intelligence

01:04:17 The Future of AI in Intelligence

01:12:10 Preparing for a Career in Intelligence

Summary

Here, Teresa Walsh, a former NCIS analyst and current Chief Intelligence Officer (CINO), shares how intelligence tradecraft, critical thinking, and stakeholder-focused analysis must underpin cyber threat intelligence in an AI-saturated world, especially in heavily regulated sectors like finance.

She discusses the importance of understanding the audience in intelligence work, the challenges of transitioning from government to private sector, and the evolving role of AI in the field.

Teresa emphasizes the need for critical thinking, continuous training, and the significance of stakeholder engagement in delivering valuable intelligence. The conversation also touches on the future of intelligence, the impact of AI, and the importance of measuring success and value in intelligence work.

Key takeaways

• Intelligence is a profession, not a personality trait
• Raw data is not intelligence
• Audience and purpose drive value
• Private-sector CTI lacks role and training standards
• Finance is mature because it’s regulated, not smarter
• Effective CTI blends technical and strategic skills
• AI and LLMs are tools, not replacements
• Beware “AI solves everything” thinking
• Metrics must go beyond counts
• Curiosity, humility, and feedback fuel growth

Resources and references mentioned

• Structured Analytic Techniques (SAT) book - https://www.amazon.com/Structured-Analytic-Techniques-Intelligence-Analysis/dp/150636893X
• Feedly - https://feedly.com/
• IAP Training - https://inteltradecraft.com/sat-certifications
• SANS Talk: The Way to a Stakeholder’s Heart is by Providing Value: Measuring Success of Your CTI Program - https://www.youtube.com/watch?v=5agsRg6-L4o
• Metrics by Gert-Jan - https://github.com/gertjanbruggink/metrics
• Psychology of Intelligence book - https://www.cia.gov/resources/csi/static/Pyschology-of-Intelligence-Analysis.pdf

Summary

In this podcast episode, Elizabeth Dos Santos shares her journey from a 25-year career in the FBI, focusing on intelligence analysis and counter-terrorism, to the private sector, teaching intelligence.

She discusses the challenges she faced, the importance of communication skills, and her transition to the private sector. Elizabeth emphasizes the role of AI in intelligence, the need for critical thinking, and the significance of structured analytic techniques in training.

She also provides valuable advice for aspiring intelligence analysts, highlighting the importance of writing and presentation skills.

Takeaways

• Elizabeth Dos Santos has a rich background in intelligence, having worked for the FBI for nearly 25 years.
• Her journey into intelligence began through a suggestion from her father.
• She emphasizes the importance of communication skills in intelligence analysis.
• Elizabeth shares her transition from government to private sector work and the cultural differences.
• She highlights the importance of structured analytic techniques in training and analysis is emphasized.
• Elizabeth advises aspiring analysts to focus on writing and presentation skills.
• The conversation touches on the need for transparency in AI and the importance of critical thinking.
• AI presents both opportunities and challenges in the field of intelligence.

Resources and references mentioned

• The Psychology of Intelligence Book - https://www.cia.gov/resources/csi/books-monographs/psychology-of-intelligence-analysis-2/
• The Six Thinking Hats Book - https://www.amazon.com/Six-Thinking-Hats-Edward-Bono/dp/0241257530
• Pherson Associates - https://pherson.org/
• ICD 203 - https://www.dni.gov/files/documents/ICD/ICD-203.pdf
• SANS FOR578 CTI - https://www.sans.org/cyber-security-courses/cyber-threat-intelligence
• Is all Intelligence Forward Looking blog post - https://inteltradecraft.com/is-all-intelligence-forward-looking
• The Thinking, Fast & Slow Book - https://www.amazon.com/Thinking-Fast-Slow-Daniel-Kahneman/dp/0374275637
• Training with Intelligence Tradecraft - https://inteltradecraft.com/sat-certifications
• IAFIE - https://www.iafie.org/
• The Structured Analytic Techniques (SAT) Book - https://www.amazon.com/Structured-Analytic-Techniques-Intelligence-Analysis/dp/150636893X
• The SAT Handbook book - https://www.amazon.com/Handbook-Analytic-Tools-Techniques-5th/dp/0979888093/
• Admiralty Scale SANS Blog - https://www.sans.org/blog/enhance-your-cyber-threat-intelligence-with-the-admiralty-system/
• SANS FOR589 Cybercrime course - https://www.sans.org/cyber-security-courses/cybercrime-intelligence/

Chapters

00:00 Introduction to Elizabeth Dos Santos

01:51 Journey into Intelligence

08:44 Career Development in the FBI

12:40 Challenges and Growth in Intelligence

19:39 Transitioning to the Private Sector

27:52 The Role of AI in Intelligence

53:23 Advice for Aspiring Intelligence Analysts

01:07:29 The Importance of Communication in Intelligence

01:14:19 Structured Analytic Techniques and IAP

01:18:19 Conclusion and Reflections on Intelligence

This conversation is a compressed edit of an interview Freddy has conducted as part of his PhD research. The interview happened on May 13th, 2025 in Copenhagen, Denmark.

Summary

In this conversation, Terry shares his journey from government intelligence to the private sector, discussing the evolution of training and methodologies in intelligence analysis. He emphasizes the importance of structured analytical techniques and the challenges faced in adapting these methods in the private sector. The discussion also touches on the impact of geopolitics on cyber threats and the role of AI in intelligence work, highlighting the need for critical thinking and planning in the analysis process. Terry reflects on the differences between open source intelligence and open source information, and the importance of understanding biases in AI tools.

Takeaways

• Terry is a senior director for customer success at Atreides.
• He has a mixed career in both government and private sectors.
• Training in intelligence has evolved significantly over the years.
• Open source intelligence became more prominent after 2008.
• Structured analytical techniques are crucial for effective analysis.
• Planning is essential before diving into information collection.
• The maturity of intelligence practices varies between sectors.
• Geopolitical events significantly influence cyber threats.
• AI tools can assist but come with their own challenges.
• Understanding biases in AI is critical for effective intelligence.

Resources and references mentioned

• SATs training - https://inteltradecraft.com/sat-certifications
• SANS FOR578 CTI - https://www.sans.org/cyber-security-courses/cyber-threat-intelligence
• Structured Analytic Techniques (SAT) training - https://inteltradecraft.com/sat-certifications
• Arno exemplifies "spending time to save time" - https://opensourceintelligence.biz/vague-osint-questions/
• ICD 203 - https://www.dni.gov/files/documents/ICD/ICD-203.pdf
• Intelligence agencies are starting to crowdsource information and recruits! For example, the MI6 platform, Silent Courier: https://www.gov.uk/government/news/new-dark-web-portal-launched-to-recruit-spies-to-support-uk-security

Chapters

00:00 Introduction to Terry's Journey

02:54 Training and Development in Intelligence

05:52 Transitioning from Government to Private Sector

08:58 Challenges in Intelligence Analysis

11:50 The Role of Planning in Intelligence Work

14:51 The Maturity of Intelligence in the Private Sector

17:53 The Impact of Geopolitics on Cyber Intelligence

20:56 The Future of AI in Intelligence

23:43 Open Source Intelligence vs. Open Source Information

26:47 Advice and Reflections on Intelligence Work

This conversation is a compressed edit of an interview Freddy has conducted as part of his PhD research. The interview happened on May 3rd, 2025 in London, England.

In this conversation, Freddy and Will delve into the world of Cyber Threat Intelligence (CTI) and sharing communities, exploring of Will T, the journey of a cybersecurity professional, the importance of training and community, the challenges faced in threat reporting, and the impact of AI on the field.

They discuss the evolution of CTI, the necessity for critical thinking, and the ethical considerations surrounding the use of AI in intelligence work. The conversation emphasizes the need for collaboration and knowledge sharing within the cybersecurity community to enhance overall effectiveness against cyber threats.

Takeaways

• The importance of foundational knowledge in cybersecurity.
• Real-world experience is crucial for developing analytical skills.
• Training can significantly enhance an analyst's capabilities.
• Community support is vital for sharing knowledge and resources.
• AI can assist in summarizing and analyzing data but has limitations.
• Ethical considerations are paramount when using AI in intelligence.
• Critical thinking is essential in evaluating threat reports.
• Transparency in threat reporting builds trust with stakeholders.
• Continuous learning and adaptation are necessary in cybersecurity.
• Collaboration within the community can lead to better threat mitigation.

Resources & References Mentioned

• Rob M. Lee - https://www.dragos.com/team/robert-m-lee/
• SANS FOR578: https://www.sans.org/cyber-security-courses/cyber-threat-intelligence/
• SANS FOR589: https://www.sans.org/cyber-security-courses/cybercrime-investigations/
• Chainalysis Blockchain Intelligence: https://www.chainalysis.com/blockchain-intelligence/
• SANS blog post on Admiralty Scale https://www.sans.org/blog/enhance-your-cyber-threat-intelligence-with-the-admiralty-system/
• Oracle incident - https://www.csoonline.com/article/3953644/oracle-quietly-admits-data-breach-days-after-lawsuit-accused-it-of-cover-up.html
• Flavio Queiroz's LinkedIn post - https://www.linkedin.com/posts/flavioqueiroz_threathunting-threatdetection-threatanalysis-activity-7310254153732141056-b-Ba/
• Council of Experts: https://blog.bushidotoken.net/2024/04/strengthening-proactive-cti-through.html
• Will's Projects: https://github.com/BushidoUK#-my-projects
• Ransomware Tool Matrix: https://github.com/BushidoUK/Ransomware-Tool-Matrix
• Curated Intelligence: https://www.curatedintel.org/
• MITRE ATT&CK: https://attack.mitre.org/
• Diamond Model of Intrusion Analysis: https://www.activeresponse.org/wp-content/uploads/2013/07/diamond.pdf?adlt=strict
• Mapping TTPs: https://github.com/BushidoUK/MITRE-Mappings
• Curated Intel website - https://www.curatedintel.org/
• Microsoft Security Copilot: https://www.microsoft.com/en-us/security/business/ai-machine-learning/microsoft-security-copilot

Chapters

00:00 Introduction to Cyber Threat Intelligence

02:48 Career Journey in Cybersecurity

06:08 Understanding Cyber Threat Intelligence

09:06 The Role of Training in Cyber Intelligence

11:57 Teaching and Sharing Knowledge in Cybersecurity

15:08 The Importance of Community in Cyber Intelligence

17:54 Challenges in Cyber Threat Reporting

20:56 The Impact of AI on Cyber Threat Intelligence

24:08 Future of AI in Cybersecurity

26:47 Ethics and Challenges of AI in Intelligence

29:57 Conclusion and Final Thoughts

This conversation is a compressed edit of an interview Freddy has conducted as part of his PhD research. The interview happened on May 2nd, 2025 in Bournemouth, England.

Step inside the real world of intelligence with Kathy Pherson, a pioneering CIA analyst whose career arc spans from a curious Kansas City upbringing to the highest levels of global intelligence.

In this episode, Kathy reveals how she navigated the challenges of intelligence writing, honed her craft in security and Latin American analysis, and ultimately transformed the field with innovative structured analytic techniques.Kathy has candid reflections on balancing data and practical countermeasures, adapting to the evolving demands of intelligence, and the crucial role of critical thinking in a world increasingly shaped by AI.

Learn how Kathy’s work at the White House, her leadership of Pherson Associates, and her presidency at the International Association for Intelligence Education are shaping future intelligence professionals.

With stories of teamwork, adaptation, and even a personal mission to fight rare diseases, this conversation promises to intrigue, inspire, and challenge your ideas about intelligence analysis, education, and the intersection with advanced technologies.

Takeaways

• Kathy Pherson's journey began with a love for language and led her to a career in intelligence.
• She learned the importance of writing clearly for policymakers. Writing skills are crucial in intelligence analysis, especially for conveying complex information succinctly.
• Understanding the audience and decision-making is key to effective communication in intelligence.
• Kathy emphasizes the need for adaptability in intelligence work because the evolution of intelligence practices requires ongoing learning.

Resources and References Mentioned

• Vassar College - https://www.vassar.edu/
• Critical Thinking book - https://www.amazon.com/Critical-Thinking-Strategic-Intelligence-Katherine/dp/1544374267
• IAP training - https://inteltradecraft.com/sat-certifications
• SANS blog post on sources and admiralty scale - https://www.sans.org/blog/enhance-your-cyber-threat-intelligence-with-the-admiralty-system/
• The Five Habits of the Master Thinker paper - https://digitalcommons.usf.edu/jss/vol6/iss3/5/
• SAT book - https://www.amazon.com/Structured-Analytic-Techniques-Intelligence-Analysis/dp/150636893X
• The Art of the Long View book - https://www.amazon.com/Art-Long-View-Planning-Uncertain/dp/0385267320
• Maria Robson Morrow's research - https://www.tandfonline.com/doi/full/10.1080/02684527.2022.2029099
• Gary Klein's book - https://www.amazon.com/Sources-Power-People-Decisions-Press/dp/0262534290
• The Intel Architecture mind map on GitHub - https://github.com/Errum/IntelArchitectureMap
• ICD 203 - https://www.dni.gov/files/documents/ICD/ICD-203.pdf
• IAFIE - https://www.iafie.org/
• IAFIE European Conference - https://iafieeurope.org/events/annual-conference/

Chapters

• 00:00 Kathy's Journey: From Kansas City to CIA
• 03:09 Navigating the Intelligence Landscape
• 05:58 The Art of Writing in Intelligence
• 08:55 Understanding the Decision Maker
• 12:13 The Importance of Communication in Intelligence
• 15:04 Framing and Analyzing Risks
• 17:56 The Evolution of Security Analysis
• 20:57 Lessons Learned from Intelligence Work
• 24:13 The Future of Intelligence and Decision Making
• 34:37 Operationalizing Cyber Intelligence
• 35:52 The Role of AI in Intelligence Analysis
• 37:17 Transitioning from Intelligence to Private Sector
• 40:30 The Evolution of Structured Analytic Techniques
• 44:39 Publishing Intelligence Methodologies
• 46:44 Teaching Critical Thinking in Cyber Intelligence
• 50:51 The Importance of Perspective in Analysis
• 54:56 Defining Success in Intelligence
• 01:00:33 The Balance of Data and Creativity
• 01:09:47 Simple Steps for Intelligence Analysis
• 01:12:28 The Role of AI in Intelligence
• 01:18:39 AI's Impact on Nonprofit Initiatives
• 01:21:10 Challenges of AI in Decision Making
• 01:27:33 The Future of Human Intelligence in an AI World
• 01:33:03 IAFIE: Bridging Academia and Practice

This interview was recorded on May 2nd, 2025 in London, England.

In this conversation, Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber, shares his journey into the field of CTI, discussing his background, current responsibilities, and the importance of curiosity and empathy in intelligence analysis.

He emphasizes the role of AI and open-source intelligence in enhancing threat detection and response, while also addressing the challenges of implementing threat-informed defense strategies. The discussion highlights stakeholder engagement, the value of writing in intelligence, and the need for continuous learning and networking within the cybersecurity community.

Takeaways

• Curiosity is essential for success in intelligence analysis.
• Writing helps clarify thoughts and improve analytical skills.
• AI is transforming the landscape of cybersecurity and threat intelligence.
• Stakeholder engagement is crucial for effective intelligence sharing.
• Open-source intelligence provides valuable insights for threat analysis.
• Empathy allows analysts to understand diverse perspectives in intelligence.
• Structured analytic techniques enhance the quality of intelligence analysis.
• Networking within the cybersecurity community fosters collaboration and learning.
• Trustworthy sources are vital for accurate intelligence gathering.
• Incident-driven intelligence can lead to proactive security measures.

Resources references mentioned

• Tidal Cyber web site - https://www.tidalcyber.com/
• What are TTPs - https://csrc.nist.gov/glossary/term/tactics_techniques_and_procedures
• Cyber Kill Chain - https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
• Unified Kill chain - https://www.unifiedkillchain.com/
• my LinkedIn - https://www.linkedin.com/in/fmurre/
• my GitHub - https://github.com/Errum/IntelArchitectureMap
• Katie Nickels - CTI study plan 1 - https://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-1-968b5a8daf9a
• Katie Nickels - CTI study plan 2 - https://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-2-d04b7a529d36
• Curated Intel CTI fundamentals - https://github.com/curated-intel/CTI-fundamentals
• Intelligence Tradecraft Structured Analytic Techniques (SAT) training - https://inteltradecraft.com/sat-certifications
• Workshop I teach at FIRST CTI - https://www.first.org/conference/firstcti25/program#pIntelligence-Collection-Planning-Workshop-How-to-Create-A-Plan-that-Synchronizes-Collection-with-Your-Stakeholders-Needs
• NFCERT CTL - https://communication.nfcert.org/hubfs/CTL_Reports/2025%20TLP_CLEAR%20NFCERT%20Cyber%20Threat%20Landscape%20(CTL)%20Report%20v1.0.pdf

Chapters

00:00 Introduction to Cyber Threat Intelligence

02:47 Scott Small's Background and Career Path

06:10 Understanding Threat Informed Defense

08:59 The Role of TTPs in Cybersecurity

11:51 The Importance of Storytelling in Cyber Intelligence

15:05 Challenges in Implementing Threat Informed Defense

17:52 The Role of AI and Machine Learning in Cyber Intelligence

21:01 Evaluating Open Source Intelligence (OSINT)

23:56 Identifying Trustworthy Sources in Cyber Intelligence

26:59 Lessons Learned from Mistakes in Cyber Intelligence

29:44 Case Study: Analyzing the Akira Ransomware Group

33:10 Future of Cyber Threat Intelligence

38:06 Navigating the Landscape of Cyber Threat Intelligence

43:37 The Path to Becoming a Cyber Intelligence Analyst

46:08 The Importance of Writing in Cyber Intelligence

49:31 Essential Skills for a Successful Analyst

51:14 Structured Analytical Techniques in Cyber Intelligence

54:30 Implementing Intelligence Tradecraft in Organizations

58:02 Proactive vs. Reactive Intelligence

01:01:33 The Role of AI in Cyber Threat Intelligence

01:09:53 The Future of Automated Threats and Defenses

01:15:15 The Value of Networking and Community in Cyber Intelligence

This conversation is a compressed edit of an interview Freddy has conducted as part of his PhD research. The interview was recorded in April 23rd, 2025 during the FIRST CTI Conference in Berlin.

In this conversation, Freddy and Gert-Jan delve into the complexities of cybersecurity and cyber threat intelligence (CTI), exploring the importance of decision-making informed by intelligence, the challenges of training and development in the field, and the significance of metrics in demonstrating value.

They discuss the evolving role of AI in cybersecurity, the necessity of critical thinking, and the importance of mentorship and community support for aspiring professionals.

Takeaways

• The journey into cybersecurity often starts with hands-on experience rather than formal education.
• Understanding the implicit decision-making processes in CTI is crucial for effective intelligence work.
• Training and continuous learning are essential in cybersecurity.
• Metrics should focus on impact rather than just activities to demonstrate value to stakeholders.
• AI is transforming the landscape of intelligence, but critical thinking remains vital.
• Source assessment and information evaluation are key components of effective intelligence generation.
• The importance of storytelling in conveying intelligence to different stakeholders cannot be overstated.
• Building a community and supporting others in their journey is a fundamental aspect of professional growth.
• Recognizing influential figures in one's career can provide valuable insights and direction.
• The future of CTI will require adaptability and a focus on explicit decision-making processes.

Resources and references mentioned

• The APT 1 report - https://services.google.com/fh/files/misc/mandiant-apt1-report.pdf
• Venation - https://venation.digital/
• Gert-Jan speaking at the FIRST conference - https://youtu.be/2pSjbSx8J1Q?t=5202
• CTI-CMM web site - https://cti-cmm.org/
• SANS FOR578 - https://www.sans.org/cyber-security-courses/cyber-threat-intelligence
• Intelligence ans Structured Analytic Techniques (SATs) training - https://inteltradecraft.com/sat-certifications
• Arno's LI profile - https://www.linkedin.com/in/reuser/
• Admiralty Scale SANS Blog post - https://www.sans.org/blog/enhance-your-cyber-threat-intelligence-with-the-admiralty-system/
• MISP Admiralty Scale - https://www.misp-project.org/taxonomies.html#_admiralty_scale
• SANS talk on metrics - https://www.youtube.com/watch?v=-d38C3992aQ
• Gert Jan's Metric GitHub - https://github.com/gertjanbruggink/metrics
• My SANS talk on measuring success of CTI programs - https://www.youtube.com/watch?v=5agsRg6-L4o

Chapters

00:00 Introduction to Gert-Jan and the CTI Conference

02:50 Gert-Jan's Journey in Cybersecurity

05:51 The Role of Intelligence in Decision Making

08:50 Training and Development in Cyber Threat Intelligence

12:06 Consultancy and the Importance of Storytelling

14:46 Generating and Consuming Intelligence

17:37 The Distinction Between OSINT and OSINF

20:49 Prioritization and Decision Making in Intelligence

23:54 The Art of Failure and Learning

26:55 Navigating the Intelligence Cycle

29:53 Responding to Incidents and Public Perception

35:38 Critical Thinking in Source Assessment

39:48 Understanding Source Reliability

43:04 The Role of AI in Intelligence

51:31 Metrics and Measuring Impact

01:06:02 Advice for Aspiring CTI Professionals

01:11:49 Reflecting on Influential Figures

This conversation is a compressed edit of an interview Freddy has conducted as part of his PhD research. The interview was recorded in April 21st, 2025 during the FIRST CTI Conference in Berlin.

Join us in the first episode of our podcast where we interview Garrett Carstens in beautiful Berlin.

Garrett shares his extensive experience in cyber threat intelligence, from his beginnings at the US Department of Defense to his current role as VP of Intel Operations at Intel 471.

We delve into the transition from government to private sector, the importance of critical thinking in cyber intelligence, the evolution of threat intelligence, and how to effectively measure success in this field. Garrett also discusses the role of artificial intelligence and machine learning in cyber intelligence and provides practical advice for those looking to make a similar career transition.

Resources and references mentioned:

• Intel471 - https://www.intel471.com/

• SANS blog - https://www.sans.org/blog/enhance-your-cyber-threat-intelligence-with-the-admiralty-system/

• FIRST CTI Conference Agenda - https://www.first.org/conference/firstcti25/program

• LinkedIn post on "what makes something intelligence?" - https://www.linkedin.com/posts/fmurre_in-your-opinion-when-does-something-go-from-activity-7181221399561203712-mV-m

• The Intelligence Architecture Mind Map on GitHub - https://github.com/Errum/IntelArchitectureMap

• SANS courses FOR578 CTI - https://www.sans.org/cyber-security-courses/cyber-threat-intelligence

• FOR589 Cybercrime Investigations - https://www.sans.org/cyber-security-courses/cybercrime-investigations

• Intel471 Handbook - https://www.intel471.com/resources/cyber-underground-handbook

• GitHub Repo - https://github.com/intel471/CU-GIR

This conversation is a compressed edit of an interview Freddy has conducted as part of his PhD research. The interview was recorded in April 21st, 2025 during the FIRST CTI Conference in Berlin

Summary

In cybersecurity, understanding the intricacies of intelligence tradecraft can make all the difference. In this insightful interview, cybersecurity expert Aaron Roberts shares his journey from military intelligence to founding Perspective Intelligence. He discusses the evolution of cyber threat intelligence, practical training approaches, the impact of AI, and how to build a successful intelligence function.

Aaron’s path into intelligence started with a fascination for intelligence and a local awareness of GCHQ, the UK’s Government Communications Headquarters. He candidly shares, "I always tell people this story and I don't think anyone believes me, but I used to watch a lot of 24." He recalls, "I was always interested in military history and intelligence services, which guided my career path." This foundational knowledge helped him navigate the complexities of cyber intelligence later on.

After working at GCHQ, Aaron faced a significant decision: stay in public service or explore opportunities in the private sector. He explains, "I thought I was always going to be there for life," but personal circumstances and the evolving cybersecurity landscape prompted him to make a change.

Aaron’s experiences provide valuable insights into cyber threat intelligence (CTI). He emphasizes the importance of adapting to new threats and technologies. "Cybersecurity is an ever-changing landscape, and staying ahead requires constant learning and adaptation," he advises.

One key area Aaron focuses on is Open Source Intelligence (OSINT). He finds it fascinating how the internet can be utilized for intelligence investigations. "Using the internet for intelligence work is incredibly powerful," he states. This approach allows organizations to gather insights that are often overlooked in traditional intelligence methodologies.

In 2021, Aaron published his book on cyber threat intelligence, a project that began during the early days of the COVID-19 lockdown. He shares, "I decided to write a book because there wasn’t much available for non-analysts looking to understand threat intelligence better." The process was both challenging and rewarding, providing him with a platform to share his knowledge and experiences.

Resource

Perspective Intelligence - https://perspectiveintelligence.co.uk/

WannaCry - https://en.wikipedia.org/wiki/WannaCry_ransomware_attack

KASE Scenarios OSINT Training Platform - https://kasescenarios.com/

KASE Scenarios PRoject SandShark - https://kasescenarios.com/project-sandshark

Diamond Model - https://www.threatintel.academy/wp-content/uploads/2020/07/diamond_summary.pdf

Intel architecture mindmap - https://github.com/Errum/IntelArchitectureMap

The cyber threat intelligence book - https://www.amazon.com/Cyber-Threat-Intelligence-No-Nonsense-Security/dp/1484272196

TCM Security SOC 101 - https://academy.tcm-sec.com/p/security-operations-soc-101

Michael Koczwara's Hunting Adversary Infrastructure Training Course - https://academy.intel-ops.io/courses/hunting-adversary-infra

Intel471 Cyber underground Handbook - https://www.intel471.com/cyber-underground-handbook

Admiralty Scale blog post - https://www.sans.org/blog/enhance-your-cyber-threat-intelligence-with-the-admiralty-system/

Chapters

00:00 Introduction to Intelligence Careers

04:21 Transitioning from Government to Private Sector

12:23 Becoming a Published Author

20:37 The Importance of Context in Cyber Intelligence

28:08 Challenges in Open Source Intelligence

36:53 Defining Intelligence: What It Is and Isn't

44:47 Critical Thinking in Intelligence Analysis

51:52 Training and Certifications in Intelligence

59:14 Success Criteria for Intelligence Functions

01:05:07 The Future of Cyber Threat Intelligence

01:11:03 The Role of AI in Intelligence

01:18:18 Advice for Aspiring Intelligence Professionals

PS! This conversation is a compressed edit of an interview Freddy has conducted as part of his PhD research. The interview happened on July 1st, 2025 in London, UK.