Diversity is an important part of every workplace. In a western, liberal, and business context, few would argue otherwise. This blog explores the specific need for diversity in the processes of analysis that are a crucial part of cyber threat intelligence.
”Optimal results come from alternating between individual thinking and team effort, using group interaction to generate ideas that supplement individual thought. A diverse group is clearly preferable to a homogeneous one. Some groups participants should be analysts who are not close to the problem, inasmuch as their ideas are more likely to reflect different insights.”
Heuer, Richards J. Psychology of Intelligence Analysis, 1999.
In this, Heuer alludes to the notion that analytical progress is driven by a dialectic. The basic concept is simple: Person A puts forward an idea (‘Thesis’), Person B notes all that is wrong with that idea (‘Antithesis’), and then both Person A and B argue to a commonly held position that fuses the most coherent elements of both arguments (Synthesis). However, Heuer also acknowledges that for this ‘synthesis’ or analytical output to be of value, it must not perpetuate underlying assumptions or bias.
In analytical fields, there exist similar concepts and variations on this theme. Red Teaming, for instance, requires analysts to simulate outcomes in a competitive environment by adopting the outlook and modus operandi of the opposing force. Similarly, Steel Manning involves analysts making convincing arguments in opposition to their own in order to better understand the opposing argument’s strengths and weaknesses.
If two analysists from identical backgrounds attempt to engage in a dialogue, both may be prone to agree with each other and fail to challenge each other’s arguments. Red Team members need to challenge the cultural assumptions on which the ‘Blue Team’ is basing its strategy – an incredibly difficult task if the Red Team is a homogeneous mass with little experience working in other environments or with different cultures. There is also the psychological phenomenon of ‘Groupthink’, where a group of analysts make an assessment without critical reasoning out of a desire to not ‘rock the boat’. Any group of analysts- no matter how diverse – can end up victims of Groupthink as group dynamics and hierarchies also come into play. Nevertheless, the more diverse the team of analysts, the more willing others may be to listen to alternate or dissenting viewpoints, and the less Groupthink is a problem.
Diversity in CTI analysis
For Cyber Threat Intelligence (CTI) analysis, diversity in background, experience, and occupation (to name a few factors) prove valuable not only during the analytical process, but also during various stages of the Intelligence Cycle (Figure 1).
During the Collection process, for instance, diversity in experience and occupation can increase the quality of the team’s research by allowing it to consider previously overlooked questions (in the case of interviews), while language and cultural diversity can yield the cultivation of new sources.
A varying set of perspectives can also benefit the Processing stage, by which raw data is transformed into usable formats. Though this stage is often automated, having a diverse team of analysts reduces the likelihood of misvaluing data and ensures accurate confidence scoring of intelligence sources (as is done using the 5x5x5 model) [1].
As discussed in the previous section, diversity within the Analysis and Production phase sees that debate is encouraged and that assumptions do not go unchallenged. This can involve identifying cases of mirror-imaging, in which analysts may inadvertently fill in knowledge gaps with their own understanding, or recognising alternate models or frameworks in which to present findings.
These are but a few reasons diversity in analytical teams is not only important, but essential, for the output of high quality intelligence products and services.
The author is a researcher on Orpheus’ Analysis team
Get our latest cyber intelligence insights straight into your inbox
Fill out the short form below to subscribe to our newsletter so that you never miss out on
our cyber intelligence insights and news.
Privacy Overview
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
Strictly Necessary Cookies
These cookies are strictly necessary to provide you with services available through our website and to use some of its features. These must be enabled at all times, so that we can save your preferences.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
If you do not enable Strictly Necessary Cookies, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
Request Demo Access
Fill out your details below and we'll be in touch to arrange demo access for you as soon as
possible.