3.0
11 Feb 2026
Former employee, more than 3 years
Hartford, CT
Recommend
CEO approval
Business outlook
Pros
Strategic impact – Influences detection engineering, IR, vulnerability management, and executive risk decisions. High visibility – Regular interaction with SOC leadership, security architects, and sometimes CISO-level stakeholders. Proactive security – Focus on anticipating threats instead of reacting to alerts.
Cons
Less hands-on – Reduced keyboard time compared to SOC or IR roles. Ambiguous ROI – Harder to “prove value” without strong metrics and storytelling. Intel fatigue risk – Constant exposure to breach data, APT activity, and emerging threats. Tool dependency – Success often tied to quality of TI feeds, platforms, and data maturity.