Limited Series Podcast

TLDR: Key Takeaways

• CTI is defined too narrowly: Expanding its scope increases its impact and value
• Precision is non-negotiable: Ambiguity undermines intelligence.
• Timing drives impact: Intelligence is only valueable if it arrives when it matters.
• Automation needs intention: Automation is great, but not at the expense of precision and accuracy.

Show Notes

Over the last decade, Cyber Threat Intelligence (CTI) has matured into a core function inside security organizations. But for all its growth, there’s still a fundamental question that lingers beneath the surface:

Has CTI evolved... or has it been constrained by its own definition?

In a recent conversation, The Vertex Project co-founders Visi Stark and John “Whippit” Rodgers unpack this tension, drawing from years of experience spanning government work, private sector innovation, and foundational contributions like the APT1 report. What emerges isn’t just a retrospective on CTI, it’s a reframing of what intelligence should actually be.

CTI Was Never Meant to be This Small

At its core, CTI is straightforward: collect, analyze, and deliver insights about threats so organizations can make better decisions.

But somewhere along the way, that definition became limiting.

Visi points out that CTI has been “pigeonholed”—reduced to a narrow set of outputs and expectations. Instead of expanding into a broader intelligence function, it often gets boxed into tactical reporting or indicator tracking.

And that’s the problem.

The higher you set the definition of intelligence, the more impact it can have across security, business risk, and even strategic decision-making. But if CTI stays narrowly defined, its value stays constrained too.

From Manual Work to Machine Speed

A decade ago, CTI workflows were largely manual.

Analysts spent hours pulling data from disparate sources, stitching together context, and trying to make sense of fragmented signals. ETL processes existed, but they weren’t widely operationalized in day-to-day intelligence work.

That's changed.

Modern platforms, like Synapse, have transformed how data is ingested, enriched, and analyzed. Automation now handles much of the heavy lifting, freeing analysts to focus on higher-order thinking.

But that shift introduces a new challenge.

Automation Should Serve the Mission

Automation is often treated as an unquestioned good: faster pipelines, more enrichment, less manual effort.

But both Visi and Whippit push back on that assumption.

Automation works if accuracy holds. Otherwise, you’re trading speed for trust.

If a process doesn’t produce clear value, or if automation introduces ambiguity, it can actually degrade the quality of intelligence. Whippit emphasizes the importance of return on investment: automation should serve the mission, not just exist for efficiency’s sake.

And in intelligence work, precision and accuracy matter more than speed alone.

The Hidden Risk: Ambiguity

One of the more subtle risks in modern CTI is the growing reliance on loosely structured data processing, especially through natural language techniques.

Visi highlights a critical issue: ambiguity.

Natural language processing can blur meaning, introduce inconsistencies, and ultimately weaken analytical confidence. In intelligence, where decisions can carry real consequences, that lack of precision and accuracy is dangerous.

That’s why structured approaches (like query-driven analysis) remain essential. They enforce clarity, reduce misinterpretation, and ensure that what’s being communicated is actually actionable.

Intelligence Has a Shelf Life

Speed still matters, just not at the expense of accuracy.

Whippit frames it simply: intelligence has a shelf life. If insights arrive too late, they lose their value. If they arrive quickly but lack clarity, they lose their usefulness.

The challenge for modern CTI teams is balancing both.

And that balance doesn’t stop at analysis; it extends to communication.

Delivering intelligence to leadership in a way that is both timely and understandable often determines whether it drives action or gets ignored. The best intelligence isn’t just correct, it’s delivered at the right moment, in the right way.

So, Where Does CTI Go From Here?

What this conversation ultimately reveals is that CTI is at an inflection point.

The tooling has evolved. The data has scaled. Automation has accelerated everything.

But the definition hasn't caught up.

If organizations continue to treat CTI as a narrow function, they’ll miss its broader potential. But if they expand it, treating intelligence as a discipline that informs decisions across the business, they unlock something far more impactful.

Final Thought

There’s CTI. And then there’s intelligence.

The difference isn’t just semantics. It’s the difference between producing reports and driving decisions.