Part of responsibility of a Security Incident Response Teams is to be provide situational awareness to the organizations, which they intend to protect. Not only is it necessary to monitor the threat landscape for emergent threats, but having an understanding of the threat actor landscape is a critical component to knowing the enemy. In this study we demonstrate how we leverage Social Network Analytics techniques to provide real-time situational awareness information on threat actor plans and activities. Have you ever wished you had visibility when someone started bragging about a new hack or a new attack they were trying to commit? Ever wonder if two threat actors happen to know one another, thus explaining commonalities in attack chains? Wanted to find out if the individual threatening you was credible or just pretending? In this case you would find our experience useful. While working on this project we’ve been trying to automate finding answers to such questions as: - Who talks to whom on Twitter and in what form? What are the communities of potential threat actors on the social network and what are their size and predominance? Can on-going activities and campaigns be identified within these communities and can we spot a new wave of attacks through keywords in discussions? The presentation includes a number of case studies and visualizations we have developed in course of this study.