Should I Get a Master’s in Cyber Intelligence

Posted by Kathleen Smith

One of the great things about participating in a LinkedIn group is that you can ask a question. Depending on the group you may get some really good feedback. In one particular group focused on Cyber Intelligence, we noticed this question by a transitioning military professional.

“Hello I am a recent graduate with a degree in computer forensics and I am looking at an MS in Cyber Intelligence. What is the best school for this?”

There were several answers to programs around the country with many people sharing that UMUC has a good program. However, one participant in the discussion did provide some further advice worth sharing.

Troy Mattern, Chair, Cyber Intelligence Task Force for INSA and Technical Director for SEI shared these thoughts:

“You might find it harder than you would expect to find something in the lines of Cyber Intelligence. There are many, many fine programs that will give you a good foundation in cyber security and cyber operations. There are some that will consider the technical aspects of cyber and teach some applicable intelligence methodologies, tradecraft and concepts. However, there are few that actually include holistic all-source intelligence as a meaningful component to their programs. The idea of intelligence in this area, while natural to some, is still too new to most and the academic programs are generally not there. Thus, many of the private institutions that are hiring in this area are not looking for people with degrees but with practical intelligence experience. Read here for a little on this. Page 13 is the most relevant to your question:

“Check back in the coming months ( We continue to do research in this area right now and expect to have a white paper out that will hit on this topic in August.

“Good Luck and be cautious as you examine your options. “Cyber Intelligence” is becoming a bit of a buzz word and there are a lot of people using the brand despite there being little to no actual intelligence in their courses or products.”

A Follow Up Question

What would you suggest is the best way to develop that practical experience, short of being hired (that probably requires practical experience….)?

“Great question! Unfortunately, there are not great answers right now but I’ll try to do my best. We (Carnegie Mellon University, Software Engineering Institute) actually do quite a bit in trying to address this right now and I’ll try to provide a short answer.

“Many are in fact looking for experienced intelligence professionals. The problem is there are not enough to go around and the academic institutions don’t have programs that develop cyber intelligence analysts (some people even argue they should not). That being said there are things that can be done.

“I concede my senior analysts right now do have Intelligence Community Experience, as do I. However, when I’ve looked at potential candidates for a junior position I consider what clubs and non-technical analytic work they have done. Where have they interned and what did they do there (Cyber Intelligence interning opportunities exist, the Financial Sector has some, some of the commercial cyber intelligence companies have them, we have some at the SET and there others elsewhere). I ask for copies of research the candidate has done and have them walk me through their analytic process. I want to see that they understand the threat holistically and not just the technical aspects it. I want to see they understand it’s a human at the other end, not a machine. I want them to understand there are motivations behind malicious actions that are often discoverable. I want them to understand that things in cyber don’t really happen in milliseconds, but in days, weeks, months or longer because there are people involved. The technical components are important, but only one side of the coin. Analogies are usually dangerous but I’ll offer one anyway…. Focusing too much on the tech is like focusing only on a bullet and not the person who shot it. Sure its the bullet that will kill you, but one its fired its probably too late so you better pay attention to both so you can better defend yourself and act before the bullet is fired.

“Our research has found many companies are looking for people with solid holistic analytic capability and would rather teach the tech to someone like that than the other way around. Of course we also found their workforces rarely demonstrated they were successful in getting many of those people ( see page 13). Under the NISTs NICE framework we had hoped to see intelligence get some attention and that by identifying the KSA’s and roles the framework would help academic and training institutions understand what was needed to fill the gap. Unfortunately, while the framework showed intelligence components, it omitted any of the substance that was provided for the other disciplines ( ). We hope to remedy that through some work we have been asked to do and by trying to engage with NIST on the subject as well. Our hope is that when the details are made public academic and training institutions will begin to provide worthwhile programs to help meet the demand we see.

“I also serve as the chair of the Intelligence and National Security Alliance (INSA) Cyber Intelligence Task Force. Our task force is fairly new, but we will also be doing work in this area so if you are interested keep on eye on us there.”

We thank Troy for his great insight and his willingness to share this with the community.



This entry was posted on Wednesday, July 17, 2013 7:00 am

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of updates to this conversation