This month, we thought it would be good to share some of our favorite threat intelligence resources that a security professional can use to stay sharp. We are often asked by our clients and colleagues what literature or ongoing education we consume in order to follow trends relating to cyber and physical threat intelligence. Our typical answer is that it’s a relatively sophisticated and multifaceted topic, and it should be broken down into several categories, as we have done below.

It’s good to keep in mind that not all security professionals see “eye-to-eye” when it comes to threat intelligence solutions, nor are they even playing from the same sheet of music when it comes to their fundamental methodologies or objectives. This aspect of threat intelligence clearly requires some maturation and alignment among industry practitioners. We certainly hope we can help with this challenge. (More to come on that topic in future articles, so stay tuned!)

One significant issue we often note is that when it comes to threat intelligence resources and case studies, no “one stop shop” has all the answers. Nor could it, since we all have diverse backgrounds, and in essence different (yet, at times complimentary) points of view.  Since we operate in various environments and threats are highly contextual – what may be considered a significant threat for one principal or asset, may actually be insignificant for another.

Threat Intelligence Resources – Key Objectives

First, there is the investigative aspect of threat intelligence. This includes following and testing new investigative research methods, as well as evaluating our own protection strategies in light of how an adversary could leverage those same methods in a malicious manner. We can avoid complacency and remain vigilant by reading the work of others and by sharing lessons learned with our colleagues.

Second, there is a growing body of literature and case studies regarding violent behavior and the activities, and various expressions of pre-incident indicators that precede them. Our team has found that by reverse engineering prior acts of violence and examining the sequence of events that led to the act being committed, they are able to highlight what could have been done differently to discover, disrupt, or wholeheartedly stop a plan of violence before it begins. Exercises such as these have benefited us greatly, and we encourage you to do the same, as it relates to your specific program. (This is not to be confused with placing blame or Monday morning quarterbacking, rather it’s about actually learning from the past.)

Third, there are plenty of established threat intelligence sources regarding intelligence collection & analysis, intelligence writing, and expedited sharing of such data. Our point of view is that information is worthless if it isn’t shared with relevant parties at the appropriate time. So, not only do we as security professionals need to communicate in a timely manner, but we need to do so in a common language, so that the right risk mitigation actions can be taken by our counterparts.

Threat Intelligence Resources – Getting Started

Below, you will find a concise threat intelligence list of resources broken down into the following categories: investigations, studies about violent behavior, and intelligence.  We acknowledge that this is not exhaustive, and we welcome your feedback and collaboration in improving it.  Please leave us your comments at the bottom of the page and we can make updates accordingly, as well, please share with your colleagues, it would be great to continue to update this list for all to benefit.

Part I: Threat Intelligence Websites & Personalities We Follow Regarding Investigative Trends


Twitter excels as a platform for threat intelligence feeds of the latest information about various topics. So, it’s no surprise that we follow a range of influencers in the investigative space for the latest and greatest. To make this content easier for you to consume, you can view our public Twitter list with the following personalities already input for you to follow: Ontic OSINT Twitter List.

  • Michael Bazzell – @IntelTechniques
  • Justin Nordine – @jnordine
  • Justin Seitz – @jms_dot_py
  • Hunchly – @hunchly
  • Bellingcat – @bellingcat
  • Dutch OSINT Guy – @dutch_osintguy
  • Kirbstr – @kirbstr
  • Sector035 – @Sector035
  • Access OSINT – @AccessOSINT
  • Trace Labs – @TraceLabs
  • Electronic Frontier – @EFF
  • i Intelligence – @i_intelligence
  • Web Breacher – @WebBreacher
  • Jake Creps – @jakecreps


Yes, Medium is a great place to find long-form OSINT related content and threat data, these are just a few of our favorite Medium accounts to follow:

Open Source Intelligence Resources & Blogs

While Twitter and Medium are sufficient to keep up on the latest news impacting our investigative methods, there are a handful of quality websites that we visit regularly to stay in-tune with the evolution of threat intelligence tools and techniques:

Open Source Intelligence Readings

Part II: Threat Intelligence Reports & Studies Relating To Violent Behavior & Pre-Incident Indicators

Educational Institution Specific

Part III: General Intelligence Readings & Writing Style

Final Thoughts

In the course of our careers, we have observed that it isn’t enough to just read the literature – it is critical that we collaborate with our teams to find creative ways to apply the most important ideas we take away from these readings, to improve the quality of our work product and our processes.  In addition, it is also not enough to simply forward a set of PDFs to our analysts and expect them to absorb the information in a meaningful way.

It’s up to security leaders at all levels to create a culture of continuous learning among our teams, rather than a culture of top-down “read this, read that.” We are confident that you will find excellent information among these up-to-date and thoroughly researched pieces from our collection above. Please share your thoughts in the comments section below and let us know what some of your favorite threat intelligence resources are.

Author Credit: This article was written by the Protective Intelligence contributor, Travis Lishok.

Ready to unify your data and tools for a holistic view of threats?