All learning paths
Executive career path
Senior10–16 months

Director of Threat Intelligence

Lead intel production and strategic cyber insight

Executive threat intelligence path: collection management, intel production, ATT&CK mapping, stakeholder reporting, and fusion with SOC and IR.

Best for: Intel leads, CTI managers, and security leaders building intelligence functions.

Senior10–16 monthsExecutive milestonesBundled roadmaps

Your destination

Director of threat intelligence delivering actionable intel to SOC, executives, and business units

10–16 mo

Timeline

4

Phases

6

Roadmaps

4

Roles

Target job titles

Director of Threat IntelligenceHead of CTICyber Threat Intelligence ManagerIntel Fusion Lead

Career outcomes

What you will achieve

Measurable leadership outcomes when you complete this path — your executive destination, not just certifications.

  • Stand up intel requirements and collection plan
  • Deliver finished intelligence to SOC and leadership
  • Map threats to ATT&CK and business-critical assets
  • Measure intel program impact on detection and decisions
  • Build ethical collection and source-vetting standards
  • Produce executive-ready threat landscape assessments quarterly
  • Why this path

    How this path helps your career

    Insight 1Threat intelligence directors enable proactive defense — senior roles in finance, government contractors, and global enterprises offer strong compensation.

    Insight 2Intel leaders who measurably improve detection and executive decision-making justify dedicated teams — this path structures that value story.

    Insight 3CTI directors frequently partner with SecOps and IR leadership, with paths to CISO for strategists with operational depth.

    Learning phases

    Path milestones

    Phases on the way to your destination — what you prove at each step of the journey.

  • 1Phase 1

    Intel operating model

    Requirements, sources, and ethics.

    • Define PIRs and consumers
    • Source vetting criteria
  • 2Phase 2

    Production & fusion

    Analysis, reporting, and dissemination.

    • Publish strategic assessment
    • Brief SOC on campaigns
  • 3Phase 3

    Detection alignment

    IOC/TTP flow to SOC and hunting.

    • Integrate intel into SIEM
    • Measure detection uplift
  • 4Phase 4

    Executive storytelling

    Risk narratives for leadership.

    • Quarterly threat landscape brief
    • Align to business geography
  • Your toolkit

    Roadmaps, courses & tutorials

    Curated resources mapped to this career path — no generic catalogs, only what matters for your destination.

    Technology roadmaps

    Work top to bottom — foundation first, then adversary depth and stakeholder context.

    1. 1

      Cybersecurity Beginner Roadmap

      Baseline vocabulary for intel production and briefing

    2. 2

      SOC Analyst Roadmap

      Consumer workflow literacy

    3. 3

      Linux Security Roadmap

      Log sources and infrastructure context

    4. 4

      Ethical Hacking Roadmap

      Adversary TTP understanding

    5. 5

      Cloud Security Roadmap

      Modern attack surface and cloud campaigns

    6. 6

      Cybersecurity Compliance & GRC Roadmap

      Risk framing for executive intelligence reports

    How to use these roadmaps

    Roadmaps are numbered top to bottom — start at #1 and work down. Pair each step with courses and tutorials on the right while completing executive milestones on the Threat Intel Director path.

    FAQs for this path

    Do I need an intelligence or military background?

    No — many CTI leaders come from SOC, IR, or research roles. Milestones focus on production, dissemination, and stakeholder value.

    How does threat intel connect to the SOC?

    Phase 3 milestones integrate IOCs and TTPs into detection workflows. The SOC Analyst roadmap helps you speak the language of your consumers.

    What tools does this path assume?

    No specific vendor — milestones emphasize requirements, production quality, and ATT&CK mapping applicable across SIEM and intel platforms.

    How long does this path take?

    Typically 10–16 months. Leaders building new intel functions may spend more time on operating model and collection milestones first.

    Ready to start your Threat Intel Director journey?

    Start at roadmap step 1 and work through the sequence while completing executive milestones at your own pace.