Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

// // //
7/15/2021
10:00 AM
Troy Gill
Troy Gill
Commentary
Connect Directly
Twitter
LinkedIn
Twitter
LinkedIn
RSS
E-Mail vvv

What to Look for in an Effective Threat Hunter

The most important personality traits, skills, and certifications to look for when hiring a threat hunting team.

Cybercrime is exploding, and companies cannot wait for potential threats to emerge. They must proactively identify security incidents that might go undetected by automated security tools. The FBI's 2020 Internet Crime Report finds a 69.4% increase in Internet crimes and losses exceeding $4.2 billion since 2019. The top three crimes reported by victims in 2020 were phishing scams, non-payment/non-delivery scams, and extortion.

Related Content:

The Workforce Shortage in Cybersecurity Is a Myth

Special Report: Building the SOC of the Future

New From The Edge: 5 Mistakes That Impact a Security Team's Success

These facts make threat hunters essential to companies' consistent operations. According to CompTIA, threat hunters are responsible for finding and mitigating cybersecurity threats before they cause problems. By creating a threat-hunter team to proactively identify vulnerabilities within their environments and remedy them before they become breaches, organizations reduce their security risks. But how do you start putting together a threat-hunter team? You must first understand what to look for in a threat hunter, including the most important personality traits, skills, and certifications.

The Value of Threat Hunters
Threat hunting isn't new, however, its practical use in countering cyberthreats is more important than ever with the uptick in cybersecurity attacks. According to the US Bureau of Labor Statistics' Information Security Analyst's Outlook, cybersecurity jobs will grow 31% through 2029, over seven times faster than the national average job growth of 4%. 

A worldwide shift to remote work and online learning, concerns around election security, and the overall increase in attacks have made cybersecurity an increasingly critical topic. The SANS 2020 Threat Hunting Survey found that 65% of respondent organizations are already performing some form of threat hunting and another 29% are planning to implement it within the next 12 months. Many markets, including financial services, high-tech, military, government, and telecommunications, have an essential need to remediate threats as early as possible. While prevention is the most preferable outcome, speedy detection and remediation are critical. The process of threat hunting, first and foremost, reduces the number of successful breaches.

What Personality Traits Should Threat Hunters Have?
Many different personality traits can contribute to being a great threat hunter. Look for an inquisitive personality — the type of person who cannot put down a puzzle until it's solved. Successful threat hunters often have an analytical mindset and are adept at solo work. They should also take satisfaction from being the first line of defense in keeping the organization and its stakeholders secure, even if it means being an unsung hero. Hiring individuals with some variation of these traits can be the secret sauce in taking a threat hunting team from good to great.

What Skills Should They Possess?
Threat hunters need to be untroubled by their job always shifting and changing. Threats rarely remain static, so they must be willing to continuously adapt. To that point, threat hunters may not find a threat and a way to protect against it every day, but they must always be prepared to try to solve threats each day. Threat hunters should be willing to share ideas openly with their immediate team members. Open collaboration nets strong results even when an idea falls flat. Threat hunters cannot be afraid to fail.

What Certifications Should They Have?
Along with having a solid foundation in computing, threat hunters also benefit from having a few industry certifications. The certifications will vary based on the responsibilities of the role and your industry. Certifications like CompTIA Security+ are a great foundation and very appropriate for an entry-level role. Becoming a certified GIAC Penetration Tester (GPEN) or a Certified Ethical Hacker (CEH) will show that you can view vulnerabilities through an attacker's eyes and predict their behavior. Lastly, Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) are encompassing enough to provide valuable knowledge in many areas. There are many other certifications that may be relevant to an individual's role. For example, Computer Hacking Forensic Investigator (CHFI) certification would be great if you're looking for someone to do forensic investigations for your organization.

Protect Your Organizations for the Future
Threat hunting is gaining momentum, with a growing number of companies looking for ways to improve their security stance and eliminate threats proactively. It is important to hire threat hunters to remain vigilant to cyber threats and improve cyber defenses within your environment before they even occur. Onboarding well-rounded threat hunters will improve your security posture as well as potentially uncover vulnerabilities. Addressing these areas will serve to shrink your organization's attack surface over time.

Troy Gill joined the AppRiver team in 2007 to analyze data regarding cyber threat tactics, methodologies or vulnerabilities that present threats to IT operations. Such real-time analysis helps Gill apply immediate improvements to cyber-analytical tools and disseminate ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Black Hat USA 2022 Attendee Report
Black Hat attendees are not sleeping well. Between concerns about attacks against cloud services, ransomware, and the growing risks to the global supply chain, these security pros have a lot to be worried about. Read our 2022 report to hear what they're concerned about now.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-38223
PUBLISHED: 2022-08-15
There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.
CVE-2022-37401
PUBLISHED: 2022-08-15
Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from 128...
CVE-2022-38221
PUBLISHED: 2022-08-15
A buffer overflow in the FTcpListener thread in The Isle Evrima (the dedicated server on Windows and Linux) 0.9.88.07 before 2022-08-12 allows a remote attacker to crash any server with an accessible RCON port, or possibly execute arbitrary code.
CVE-2022-37400
PUBLISHED: 2022-08-15
Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same whi...
CVE-2022-36006
PUBLISHED: 2022-08-15
Arvados is an open source platform for managing, processing, and sharing genomic and other large scientific and biomedical data. A remote code execution (RCE) vulnerability in the Arvados Workbench allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This exi...