█
LastWrite
  • > Curriculum
  • > Pricing
  • > For Educators
  • > About
  • > Contact
Log InGet Started

Questions, concerns, bug reports, or suggestions? We read every message, write to us at [email protected].

More ways to reach us →
LastWrite

Structured computer science lessons for aspiring developers and security professionals.

[email protected]

(201) 785-7951

Mon–Fri, 9 AM–5 PM EST

Learn

  • Curriculum
  • Pricing

Company

  • About
  • For Educators & Schools
  • Contact Us

Legal

  • Terms of Service
  • Privacy Policy
© 2026 LastWrite. All rights reserved.
Curriculum/Cybersecurity/Threat Intelligence/Threat Intelligence Job Readiness
30 minBeginner

Threat Intelligence Job Readiness

After this lesson, you will be able to: Translate threat intelligence skills into a resume, portfolio, and interview prep that lands a CTI role.

CTI is the most reading-heavy specialty in security and rewards strong written communication. This lesson maps the sub-track to real job titles and the portfolio that gets interviews.

Prerequisites:Threat Intelligence Resources and Next Steps

Real job titles that hire for these skills

Cyber Threat Intelligence Analyst, the core role; reads / produces threat reports, supports SOC and IR with context. $75-$135k entry to mid. Threat Hunter, proactive search for adversaries; overlaps with CTI but more hands-on. $110-$180k. Detection Engineer (CTI-informed), writes Sigma/SPL rules from CTI reporting. $110-$180k. Strategic Intelligence Analyst (rarer), executive-facing; produces quarterly threat landscape reports. $130-$220k. Search 'threat intelligence analyst', 'CTI analyst', 'threat hunter' on LinkedIn.

Entry-level resume snapshot

Skills: MITRE ATT&CK + Navigator, STIX/TAXII, IoC/IoA distinction, Shodan / Censys / VirusTotal / URLscan, OSINT investigation methodology, confidence-rated assessment language, threat-actor profiling, writing for executive audiences. Projects: 'APT29 threat profile, 6-page report with ATT&CK mapping, IoC table, and defensive recommendations. Published on GitHub.' 'Scattered Spider quarterly tracking report, 4 pages, written quarterly for 2 quarters.' 'OSINT pivot writeup, traced one IoC across Shodan, Censys, VirusTotal, and URLscan; published on blog.' 'MITRE ATT&CK Navigator layer mapping our (school's / lab's) Splunk detections to APT29.' Certs: Security+ held; CySA+ in progress; GCTI as a stretch goal with employer sponsorship.

Interview questions you'll face

'What's the difference between an IoC and an IoA, and which would you prioritise?' 'Walk me through how you'd produce a threat profile on Lazarus Group.' (Bring your APT29 template and adapt.) 'How do you communicate threat severity to non-technical executives?' (Confidence language + business impact, not technical detail.) 'You receive a feed entry: IP 198.51.100.42 is a known APT C2. How do you verify before blocking?' (Tests OSINT + judgement.) 'Tell me about the most interesting threat actor you've researched.' (Bring your APT29 report; tell the story.) 'What threat intelligence sources do you read daily?' (Have 5-7 ready: Mandiant, Talos, Microsoft, CrowdStrike, CISA, DFIR Report, your favourite ISAC.)

Build a portfolio that gets interviews

Three of these in 60 days lands interviews; consistency over time wins offers.

  1. 1

    Write 3 threat profiles on different actors (APT29, Lazarus, Scattered Spider). Publish on GitHub or a personal blog.

  2. 2

    Write a quarterly threat landscape report (4-6 pages) covering top threats in your target industry. Update quarterly to show consistency.

  3. 3

    Map your school's / lab's / employer's environment against one APT in MITRE ATT&CK Navigator. Publish the layer as JSON + PNG.

  4. 4

    Contribute to an open-source CTI project: file a Sigma rule, add to a public IoC feed, or improve MISP documentation.

  5. 5

    Start a weekly newsletter (Substack, etc.) summarising 3 CTI articles and what they imply for defenders. Consistency over months is a strong portfolio signal.

💡 The differentiator

CTI hiring is communication-heavy. Hiring managers will read your sample report and assess: can this person write for an exec audience, use confidence language, and tie analysis to action? If your APT29 report does all three in 6 pages, you'll outscore candidates with more certifications and less writing.

Common mistakes only candidates with offers avoid

Listing 'MITRE ATT&CK' as a skill without showing a Navigator layer you built. Writing reports that read like blogs (no confidence language, no defensive recommendations). Confusing CTI with news aggregation. Anyone can repost The Record headlines; CTI analysts produce assessments. Skipping the operational side. CTI without ties to detection / IR / risk management is paper; integrate at least one operational example in your portfolio. Forgetting to follow up on CTI roles after applications. CTI hiring panels prize candidates who keep producing publicly; show them you didn't stop writing after applying.

Sign in and purchase access to unlock this lesson.

Sign in to purchase
←Threat Intelligence Resources and Next Steps
Back to Threat Intelligence