Guest Post by: Raveena Parikh
I had an exceptionally great opportunity to intern with CRI as a Cyber Threat Intel Analyst during the summer of 2017. As a threat analyst, I developed skills such as tactical threat intelligence, open-source threat hunting, and social media analysis & monitoring through the course of this internship.
We leveraged several tools such as TruStar (threat intel platform), Dunami (social media analysis and monitoring tool), online tools such as OSINT, Foller.me, etc. to perform various operations. I collaborated with other team members onboard and performed threat intel and hunting activities by collecting indicators of compromise and ingesting them into the threat intel platform to generate insightful reports. The insights from these reports were further used to perform open-source hunting which involved finding traces of the identified malicious indicators such as IP addresses, websites, social media profiles, etc. We adopted a process called Analysis of Competing Hypothesis (ACH) to support our analysis based on the evidence discovered.
Throughout the course, we also had two sessions every week outlining various threat intel concepts and methodologies such as cyber kill chain, MITRE Attack framework, influence operations, etc. along with some sessions on geopolitical threat landscape that facilitated our understanding of the current state of global cybersecurity threats and laws and regulations across different countries including United States, China, Russia, etc. Certain sessions also focused on tools and techniques used to perform threat intel operations enabling us to learn and leverage some of these skills. One of the greatest highlights about this internship was the guest speakers invited to these sessions. The guest speakers came from varied professional backgrounds such as US military, corporate cybersecurity, international sports committee, etc. bringing a lot of useful and relevant information to the table.
As we were learning new tools, techniques, and concepts, I participated in a two-day workshop hosted in Colorado Springs by CRI in collaboration with the team of Dunami where they gave us a deep dive on the functionalities of this tool so that we could leverage it effectively for our capstone project operations.
My capstone project for this internship was to perform security operations for the IAAF World Championships of Track & Field, London 2017 during which I had the opportunity to lead a team of five members. Every team was assigned a set of US athletes that were our focus for threat intel and social media monitoring activities performed on a daily basis. We, as a team, had defined a set of Priority Intelligence Requirements (PIRs) and the primary goal here was to focus on findings that relate to any of the PIRs on our list. Every team documented their activities and any critical findings throughout the project which were communicated to the entire group via weekly debrief meetings. At the end of the project, we were required to generate an intel summary of potential threats, threat actor profiles and severity levels for each threat.
In a nutshell, I will always be grateful for such a wonderful experience at CRI. Along with developing great threat intel skills, I made some really good connections with super talented people who can be leveraged to explore the threat intel space as well as opportunities in cybersecurity.