On this month’s SANS Threat Analysis Rundown, I was joined by my co-chairs for the upcoming SANS CTI Summit, Rebekah Brown and Rick Holland. We gave a sneak preview of what to expect at the Summit and discussed key concepts and frameworks in cyber threat intelligence (CTI), along with throwbacks to previous Summit talks that remain valuable. Sign up for the Summit Live Online today!
Anticipatory Intelligence
Dr. Jeannie Johnson, Director of Utah State University’s Center for Anticipatory Intelligence, will deliver the Day 1 keynote address. She will share insights on applying cultural and geopolitical analysis to strengthen intelligence assessments. We discussed how intelligence analysts are often asked to “predict” the future. However, “anticipating” is different because it requires us to apply analytic techniques rather than just guessing. Rebekah emphasized the importance of moving beyond reactive intelligence to create well-informed, proactive strategies that account for potential future developments.
Structured Analytic Techniques and Cognitive Biases
Rick mentioned that structured analytic techniques (SATs) like forecasting can help analysts refine their decision-making processes in dynamic environments. These techniques not only improve the accuracy of assessments but also help intelligence professionals with tools to navigate complexity effectively. Rebekah and Scott J. Roberts, coauthors of Intelligence-Driven Incident Response, will lead a workshop on SATs at the Summit.
We recommended this book for anyone wanting to learn more about structured analytic techniques.
Though many people automatically think of Analysis of Competing Hypotheses (ACH) when they think of SATs, there are many more SATs that can be useful, including key assumptions checks, SWOT analysis, and contrarian techniques. Rebekah shared practical strategies for maintaining analytical rigor, such as employing visual aids like decision matrices to challenge assumptions and ensure comprehensive evaluations. Rick noted that he previously gave a talk on SATs at the 2018 CTI Summit.
The discussion then turned to the importance of SATs, especially in helping hedge against cognitive biases, which are constraints on how analysts think. We stressed that biases can significantly influence analysis, often leading to overconfidence in initial assessments or anchoring on early information. Every year, cognitive biases are a theme at the Summit across talks, and we expect that this year speakers will once again equip analysts with tools to recognize and reduce biases, fostering critical thinking and objective evaluations. Rick highlighted how even experienced professionals are susceptible to biases, especially under high-pressure scenarios.
Mental Health and Resilience in Threat Intelligence
In addition to technical skills, we’re excited to shine a light on mental health and resilience as critical aspects of professional growth in the CTI field. Our day 2 keynote speaker will be Dr. Daniel Shore, who will discuss “Mental Health & Well-Being: Combating the Adversaries of Stress & Burnout in Cybersecurity.”
We discussed the mental strain associated with the high-pressure nature of cyber threat intelligence work, including long hours, exposure to distressing content, and the need for constant vigilance. Rebekah noted a previous Summit talk discussing the effects of sleep on analysis, highlighting the importance of self-care. We discussed the importance of breaking the stigma around mental health challenges and promoting open conversations about stress and burnout.
The Role of Community in Advancing CTI
One of our favorite parts of the Summit each year is that it’s a chance for the CTI community to come together and collaborate. The Summit’s hybrid format—offering both in-person and virtual attendance options—was designed to make it accessible to a broad audience while fostering meaningful interactions among professionals. We’re excited to once again have a New2CTI track designed for those who are newer to the field. We encouraged attendees to engage actively and network with others, whether by participating in Slack discussions or joining hands-on workshops.
Artificial Intelligence in Cyber Threat Intelligence
We also touched on the role of artificial intelligence (AI) in the CTI landscape, as AI is being increasingly leveraged by both defenders and adversaries. Rebekah discussed the potential for AI to automate threat analysis processes, enabling faster detection and response. However, she also highlighted the risks, including the use of AI by malicious actors to craft highly convincing phishing campaigns or automate reconnaissance activities. Rick emphasized the need for CTI teams to stay informed about advancements in AI and integrate this knowledge into their threat models, ensuring they are prepared to counter these emerging risks. He shared an NCSC report on AI that has a useful framework for thinking about how AI may uplift actors. Katie noted that the upcoming SANS AI Summit will have much more content on the use of AI.
The CTI Cheat Sheet: A Practical Resource
We’re excited to debut the first FOR578TM CTI Cheat Sheet, which will be available in print for attendees. This resource, also accessible online here, offers concise guidance on core concepts and methodologies in CTI. Rebekah highlighted the value of the cheat sheet as both a learning aid for newcomers and a quick reference for seasoned professionals. It includes frameworks like the Diamond Model and structured analytic techniques, along with tips for reducing cognitive biases and improving analytical rigor. Katie noted that having such a resource readily available can serve as a helpful reminder of best practices and encourage consistent application of proven methodologies in day-to-day work.
Looking Ahead to the Summit
The SANS CTI Summit 2025 is a must-attend event for anyone passionate about cyber threat intelligence, offering a blend of cutting-edge content and opportunities to connect with peers. Whether attending in person or virtually, participants can expect to leave with fresh perspectives, practical tools, and renewed motivation to tackle the challenges of an increasingly complex cyber landscape. Sign up today!
