In this conversation, Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber, shares his journey into the field of CTI, discussing his background, current responsibilities, and the importance of curiosity and empathy in intelligence analysis.

He emphasizes the role of AI and open-source intelligence in enhancing threat detection and response, while also addressing the challenges of implementing threat-informed defense strategies. The discussion highlights stakeholder engagement, the value of writing in intelligence, and the need for continuous learning and networking within the cybersecurity community.

Takeaways

• Curiosity is essential for success in intelligence analysis.
• Writing helps clarify thoughts and improve analytical skills.
• AI is transforming the landscape of cybersecurity and threat intelligence.
• Stakeholder engagement is crucial for effective intelligence sharing.
• Open-source intelligence provides valuable insights for threat analysis.
• Empathy allows analysts to understand diverse perspectives in intelligence.
• Structured analytic techniques enhance the quality of intelligence analysis.
• Networking within the cybersecurity community fosters collaboration and learning.
• Trustworthy sources are vital for accurate intelligence gathering.
• Incident-driven intelligence can lead to proactive security measures.

Resources references mentioned

• Tidal Cyber web site - https://www.tidalcyber.com/
• What are TTPs - https://csrc.nist.gov/glossary/term/tactics_techniques_and_procedures
• Cyber Kill Chain - https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
• Unified Kill chain - https://www.unifiedkillchain.com/
• my LinkedIn - https://www.linkedin.com/in/fmurre/
• my GitHub - https://github.com/Errum/IntelArchitectureMap
• Katie Nickels - CTI study plan 1 - https://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-1-968b5a8daf9a
• Katie Nickels - CTI study plan 2 - https://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-2-d04b7a529d36
• Curated Intel CTI fundamentals - https://github.com/curated-intel/CTI-fundamentals
• Intelligence Tradecraft Structured Analytic Techniques (SAT) training - https://inteltradecraft.com/sat-certifications
• Workshop I teach at FIRST CTI - https://www.first.org/conference/firstcti25/program#pIntelligence-Collection-Planning-Workshop-How-to-Create-A-Plan-that-Synchronizes-Collection-with-Your-Stakeholders-Needs
• NFCERT CTL - https://communication.nfcert.org/hubfs/CTL_Reports/2025%20TLP_CLEAR%20NFCERT%20Cyber%20Threat%20Landscape%20(CTL)%20Report%20v1.0.pdf

Chapters

00:00 Introduction to Cyber Threat Intelligence

02:47 Scott Small's Background and Career Path

06:10 Understanding Threat Informed Defense

08:59 The Role of TTPs in Cybersecurity

11:51 The Importance of Storytelling in Cyber Intelligence

15:05 Challenges in Implementing Threat Informed Defense

17:52 The Role of AI and Machine Learning in Cyber Intelligence

21:01 Evaluating Open Source Intelligence (OSINT)

23:56 Identifying Trustworthy Sources in Cyber Intelligence

26:59 Lessons Learned from Mistakes in Cyber Intelligence

29:44 Case Study: Analyzing the Akira Ransomware Group

33:10 Future of Cyber Threat Intelligence

38:06 Navigating the Landscape of Cyber Threat Intelligence

43:37 The Path to Becoming a Cyber Intelligence Analyst

46:08 The Importance of Writing in Cyber Intelligence

49:31 Essential Skills for a Successful Analyst

51:14 Structured Analytical Techniques in Cyber Intelligence

54:30 Implementing Intelligence Tradecraft in Organizations

58:02 Proactive vs. Reactive Intelligence

01:01:33 The Role of AI in Cyber Threat Intelligence

01:09:53 The Future of Automated Threats and Defenses

01:15:15 The Value of Networking and Community in Cyber Intelligence

This conversation is a compressed edit of an interview Freddy has conducted as part of his PhD research. The interview was recorded in April 23rd, 2025 during the FIRST CTI Conference in Berlin.