Defense

Can We Forecast CTI’s Future? Mapping with SATs

SANS Digital Forensics and Incident Response
SANS Digital Forensics and Incident ResponseApr 2, 2026

Why It Matters

Accurate CTI forecasting enables firms to allocate resources, retain talent, and mitigate cyber risk amid rapid AI, geopolitical, and regulatory changes.

Key Takeaways

  • Historical forecasting saved lives; CTI can similarly mitigate risks.
  • AI, geopolitics, and compliance identified as primary industry drivers.
  • Scenario analysis yields twelve futures; three most impactful highlighted.
  • AI‑military arms race scenario predicts uneven demand across sectors.
  • Regulatory relaxation could automate away CTI analyst roles entirely.

Summary

The presentation uses a World‑War‑era forecasting analogy to argue that cyber‑threat‑intelligence (CTI) practitioners can—and should—apply structured analytic techniques (SATs) to anticipate industry shifts. By reviewing how British officials forecast aerial bombings and then evacuated 1.5 million civilians, the speaker illustrates how data‑driven foresight can dramatically reduce harm.

Employing three SATs—key‑driver generation, multiple‑scenario generation, and indicator validation—the analyst identified AI, geopolitics and compliance as the dominant forces shaping the U.S. CTI market over the next three years. These drivers were mapped into twelve possible futures, then narrowed to three high‑impact scenarios: an AI‑military arms race driving uneven demand, a “great displacement” where regulatory roll‑backs and AI automation erode analyst roles, and a compliance‑plus‑conflict surge creating new opportunities for SMEs.

The speaker highlights concrete examples: Operation Pied Piper’s rapid evacuation saved thousands of lives, mirroring how proactive CTI forecasting could avert cyber crises. The methodology was built in low‑cost tools—Figma, Excel, and Claude AI—as a third analyst to counter bias, demonstrating that sophisticated scenario planning need not be expensive.

For businesses, the analysis signals that CTI staffing, technology investment, and risk‑management strategies must adapt to divergent outcomes. Companies should monitor AI maturity, geopolitical tensions, and regulatory trends to either capitalize on emerging demand or safeguard against the erosion of human expertise in threat intelligence.

Original Description

Can We Forecast Our Own Fate? Mapping the Future of the CTI Industry with SATs
🎙️ Josh Darby MacLellan, Staff Threat Intelligence Advisor, Feedly
📍 Presented at SANS CTI Summit 2026
CTI teams frequently forecast threats, but what if we forecast the future of CTI itself? Disruption from technology and geopolitics are increasing, CTI is not immune. Foresight SATs (Structured Analytic Techniques) provide insights into whether the CTI industry is heading for a boom, bust, or something completely different. More importantly, forecasting enables CTI analysts to prepare for our possible futures.
In this session, I will provide a step-by-step walkthrough of how I used Foresight Technique SATs (including Key Drivers Generation, Key Uncertainties Finder, Multiple Scenarios Generation and others) to identify what is shaping the CTI industry, map possible futures, and assess which future is most likely emerging based on current indicators.
So what if we can successfully forecast? The talk will then focus on the practical steps we can take as individual CTI analysts and as CTI teams to prepare for our industry’s future. This includes training pathways, skills development, career strategy, and other risk mitigations to future-proof ourselves on an individual and team-level.
What value will attendees gain?
- Knowledge and guidance on multiple Foresight SATs
- A walkthrough of how forecasting can be used to answer a difficult question (what does the future of the CTI industry look like?)
- Tips on how we can best prepare for future disruptions in the CTI industry
- Recommendations on how we can strategize to future-proof our careers

Comments

Want to join the conversation?

Loading comments...