I recently completed AttackIQ Academy's “Introduction to EASY Framework for Intelligence” presented by Chris Cochran and Ronald Eddings from Hacker Valley. The course outlined a clear, four-step model for building and improving threat intelligence programs. This framework is valuable for anyone in or pursuing a career in Cyber Threat Intelligence, as well as those looking to strengthen stakeholder engagement skills.
The EASY Framework consists of:
Elicit Requirements - Identifying stakeholders, defining intelligence needs and setting objectives
Assess Collection Plan - Evaluating sources and strategizing to gather threat data
Strive for Impact - Focusing on making intelligence actionable and meaningful
Yield to Feedback - Using stakeholder input to improve the intelligence product
While the EASY Framework appears simple, it can be challenging to implement, particularly when working with stakeholders. One key takeaway for me was the importance of understanding stakeholder language. Oftentimes, their definition of a term or concept differs from your own. Do not shy away from asking meaningful questions. Bridging that gap ensures both sides share the same understanding and expectations, which can save time, money, and resources.
In addition to understanding stakeholder language, another key insight for me was the importance of being intentional with data collection. There’s an overwhelming amount of threat data available from both external and internal sources. Collecting everything is neither practical nor useful. The focus should be on gathering only the data that directly supports your objectives and helps stakeholders make better decisions. A clear collection strategy can only be developed after setting well-defined objectives. Without a plan, it’s easy to drown in information, which makes it time-consuming and difficult to find what truly matters.
Another valuable lesson was the benefit of keeping feedback questionnaires short and focused:
How relevant was the intelligence product?
How impactful was the intelligence product?
(Optional) Any other feedback.
In my experience, concise questionnaires improve response rates since busy stakeholders are more likely to respond when it’s quick and easy. This is also one of the best metrics to gauge how well the intelligence product is working.
The course shared a lot of great questions to ask stakeholders during the Elicit Requirements stage. Here are two questions that stood out to me:
When was the last time you needed information but didn’t have it?
When was the last time a piece of information would’ve saved you time, money, or resources?
These questions help stakeholders narrow down their needs and uncover the kinds of value they may not even realize they’re looking for in a Cyber Threat Intelligence professional.
After completing this course, I feel better prepared to approach threat intelligence work. The EASY Framework provided clear guidance on defining requirements, collecting only the most relevant data, measuring impact, and actively seeking feedback. Each step of the framework reinforces the idea that intelligence is only valuable when it supports decision-making and meets stakeholder needs. As I continue developing my skills in Cyber Threat Intelligence, I plan to apply these principles to ensure the work I produce is not only accurate and timely, but also meaningful and impactful to those who rely on it.