Implementing a threat profile in your cybersecurity strategy

At the recent SANS CTI Summit Solutions Track 2025, held on January 27, experts gathered to discuss how threat profiles can strengthen Cyber Threat Intelligence (CTI) and overcome challenges like limited resources, AI-driven attacks, and sophisticated threats.

What is a threat profile?

“A threat profile is a comprehensive assessment detailing the most important and relevant cyber threats to your organization and how threats are likely to materialize and impact business operations," explains Taylor Long, Sr. Analyst for Custom Intelligence Solutions and Research, Mandiant Intelligence at Google Cloud Security.

What do we gain from a threat profile?

A threat profile is a common framework for prioritizing threats. It is a shared reference point that helps security professionals mitigate the risks of relying solely on individual mental models. 

Without this shared framework, organizations risk fragmented strategies informed by inconsistent research, media narratives, and isolated expertise.

Anchoring the decisions in one comprehensive threat profile builds collaboration and coordination across silos. It also equips security teams with the research they need to address cyber threats.

How to build a threat profile

1. Build your team

Organizations must identify the right people to contribute to building the threat profile. These can include:

• Stakeholders: Leadership and decision-makers who understand the organization's strategic objectives.
• Subject matter experts: Individuals with extensive IT, legal, and compliance knowledge.
• External sources: Trusted vendors, consultants, and intelligence providers who can bring an external viewpoint.

2. Understand the organization and define scope

Before diving into threats, you must understand the organization’s operational landscape. Consider the following:

• Which geographic areas are relevant to your operations?
• Who are your main vendors, partners, or contractors?
• What role do subsidiary organizations play?
• What are the legal and compliance requirements for your industry?

Additionally, identify the organization's "crown jewels", or as Long describes, “critical services” for business continuity, like sensitive or proprietary data.

3. Identify data sources

Gather insights from internal sources such as:

• Partner teams and previous intelligence reports.
• Intellectual property
• Customer personally identifiable information (PII)
• Financial disclosures and internal ticketing systems.
• Threat intelligence platforms or security tools like SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response).

As well as external sources like:

• Vendors such as Google Threat Intelligence.
• News outlets, industry publications, and regulatory guidance.
• Insights from other Cyber Threat Intelligence (CTI) practitioners.

4. Regularly update the threat profile

To stay ahead of cyber threats, organizations must treat their threat profile as a living document, implementing quarterly or bi-annual reviews that incorporate recent threat intelligence and operational changes.

Additionally, annual or multi-year reviews can reassess long-term strategic risks and upcoming trends.

Finally, “if you don't have the resources to build a threat profile in-house, consider outsourcing it. This can help you get a comprehensive threat profile without [doing] all the work yourself.”

Learn more: Types of cyber threats

FAQs

How does a threat profile handle AI-driven cyberattacks?

A threat profile assesses the likelihood and impact of AI-driven attacks, helping teams prepare appropriate defenses.

Can a threat profile prevent all cyberattacks?

No, but it significantly improves your ability to detect, prioritize, and respond to threats before they cause major harm.

How do threat profiles reduce organizational risk?

They help security teams identify vulnerabilities, prioritize fixes, and implement measures to mitigate the most significant risks.