Check out Threat Flow, the Security Industry’s First Transparent Generative AI Application

Top 10 Cyber Threat Intelligence Certifications for 2023

Gradient blue background. There is a light orange oval with the white text "BLOG" inside of it. Below it there's white text: "Top 10 Cyber Threat Intelligence Certifications for 2023." There is white text underneath that which says "Learn More" with a light orange arrow pointing down.

Cyber threat intelligence certifications can provide important benefits to individuals looking to pursue a career in threat intelligence, or for those who want to advance in their current position. But which certification is best, and how should professionals go about getting certified? 

How Cyber Threat Intelligence Certifications Can Add to Your Career

Obtaining a cyber threat intelligence certification can provide a range of benefits to security professionals, including better career opportunities, industry recognition, potential raises, and professional development.

That said, it’s not enough to simply apply for the first certification you hear about; different programs and certifications can add to cyber practitioners’ understanding of their field in different ways. It’s important to investigate and see which is best for you and your chosen career path. This can be easier said than done;  the number of certifications available can seem overwhelming, especially if you’re just getting started. 

One one tool that’s helpful in evaluating information security certifications is this chart by Paul Jerimy, which lists certifications by subject area and level of expertise. As comprehensive as the chart is, however, it does not include every available certification, so it’s important to do your own research, and know exactly which skills you want certified. To get you started, below are the ten most sought-after cyber threat intelligence certifications.

Top 10 Cyber Threat Intelligence Certifications

  1. GIAC’s Cyber Threat Intelligence (GCTI)

The GCTI is one of the most highly-recommended threat intelligence certifications. It’s issued by GIAC Certifications, an organization founded in 1999 to certify information security professionals and is associated with the FOR578 Cyber Threat Intelligence course offered by SANS. The 

GCTI certification is offered as a proctored exam. It covers strategic, operational, and tactical cyber threat intelligence application & fundamentals, open source intelligence, analysis and other intelligence gathering and analysis tactics. 

The benefits of this certification is that it’s a comprehensive assessment of threat intelligence skills. The drawback is that it’s pricey. An attempt at taking the exam costs $949 while the associated SANS course costs $8275. This may make it inaccessible for professionals whose workplace won’t pay for them to sit for the exam or take the course.

  1. EC-Council’s CTIA Certified Threat Intelligence Analyst

The CTIA is both a course and an exam offered by the EC -Council, an organization that has been certifying the skills of cyber security professionals since 2001. The CTIA certification includes hands-on practice as well as a comprehensive overview of threat intelligence. It covers everything from planning threat intelligence projects to disseminating threat intelligence. Not just anyone can take the exam; to be certified, candidates must prove they’ve been working in the field of cybersecurity or software design for at least two years, or that they’ve completed the requisite coursework. 

  1. CPTIA – CREST Practitioner Threat Intelligence Analyst

CREST (The Council for Registered Ethical Security Testers) is another respected organization known for its information security certifications. As part of a consortium with CIISec and Royal Holloway University of London (RHUL), CREST is an international body offering several certifications. 

The CPTIA is an entry-level certification which certifies a professional as a solid grasp of cyber threat intelligence operations. There is no minimum experience requirement for this exam, which is a multiple choice test given at Pearson Vue testing centers. 

  1. CRTIA – CREST Registered Threat Intelligence Analyst

The CRTIA is a level up from the CPTIA. It is aimed at candidates who are already working in the field and conducting threat intelligence analysis in a team. Candidates must prove at least two years of work experience in the field in order to take the exam, which consists of a multiple choice test and written long-form answers to questions.

  1. CCTIM – CREST Certified Threat Intelligence Manager

As you might expect, this CCTIM is the top threat intelligence certification issued by CREST, and is aimed at managers with at least five years in the field. The examination verifies skills in all areas of threat intelligence and consists of short written answers, long written answers, and a written scenario-based component. 

  1. MITRE’s MAD
Automate Your Threat Exposure Management

Integrate the world’s easiest to use and most comprehensive cybercrime database into your security program in 30 minutes.

MITRE ATT&CK Defense (MAD) program is called a “living credential” by its creator, MITRE Engenuity. The credentials are updated as the threat landscape changes in order to help defenders maintain an edge on attackers. MAD helps professionals apply ATT&CK across three areas of cyber operations, such as cyber threat intelligence, testing and evaluation, and defensive measures, and uses a mixture of live and on-demand training methods.

  1. CCTIA — Certified Cyber Threat Intelligence Analyst

CybersTraining 365 offers this credential to certify the skills of threat intelligence researchers. The associated course is intended to teach professionals how to identify attackers, trace malware, and physically locate threat actors. 

  1. Cyber Intelligence Tradecraft – Certified Cyber Intelligence Analyst

Offered by Treadstone 71, this course provides tradecraft training, including collection methods, techniques, and more. Students in the course are required to demonstrate understanding of analytic techniques. This course follows the International Association for Intelligence Education Standards for Intelligence Analyst Initial Training and is available on demand.

  1. CTI’s Certified Threat Intelligence Specialist I (CTIS-I) 

The Center for Threat Intelligence (CTI) offers two threat intelligence certifications. The first is the CTIS-I, which is an introductory course for professionals who want to build knowledge, experience and skills in the area of threat intelligence.

  1. CTI’s Certified Threat Intelligence Specialist II (CTIS-II)

CTI’s second course is the CTIS-II, which is intended for experienced threat intelligence professionals who want to enhance and demonstrate their skills in intelligence tradecraft. To enroll in this course, candidates must be CTIS-I certified.

Next Steps for Pursuing a CTI Certification

Once you have selected the certification that’s right for you, there are a few steps you’ll need to take before going ahead with the course or exam. First, review the program requirements, to ensure that you’ve met any prerequisites. Next, ensure that this exam will actually help you with your goals. If you’re new to threat intelligence, an advanced certification won’t be helpful without experience in the field. 

If you’re currently employed, check with your company to see if you have access to a training budget. This will keep you from unnecessarily paying out of pocket for certifications. You should also be aware that you may need to maintain your certification by taking courses or paying renewal fees. 

Help Upskill Junior Employees with Flare

Training junior staff to take on more responsibility can be tough, particularly when you’re in the middle of an attack. Certifications are a safe way to enable less experienced staff to handle attacks. Another way to do this is to use an automated tool that lets newer workers learn on the job. 

For example, Flare’s dark web monitoring approach allowed a North American Managed Security Service Provider (MSSP) to delegate dark web data discovery to junior team members who had little to no experience with the dark web. 

Flare’s dark web monitoring approach consists of three parts:

  • The research and threat hunting team follow trends and news on upcoming illicit websites
  • The technical team adds new data sources to our collection engine
  • The automated collection engine crawls every source every day, saving the results in our local databases, and archives dark web posts and platforms

This approach provided scaffolding to the junior team members who were able to learn more about initial dark web discovery by working with Flare, and with more people supporting dark web investigation assignments, the Senior Penetration Tester could offer dark web assessments and monitoring to more customers.

Want to boost the skills of your junior team members? Book a demo today.

Share This Article

Related Content