Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

7/15/2021
10:00 AM
Troy Gill
Troy Gill
Commentary
Connect Directly
Twitter
LinkedIn
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

What to Look for in an Effective Threat Hunter

The most important personality traits, skills, and certifications to look for when hiring a threat hunting team.

Cybercrime is exploding, and companies cannot wait for potential threats to emerge. They must proactively identify security incidents that might go undetected by automated security tools. The FBI's 2020 Internet Crime Report finds a 69.4% increase in Internet crimes and losses exceeding $4.2 billion since 2019. The top three crimes reported by victims in 2020 were phishing scams, non-payment/non-delivery scams, and extortion.

Related Content:

The Workforce Shortage in Cybersecurity Is a Myth

Special Report: Building the SOC of the Future

New From The Edge: 5 Mistakes That Impact a Security Team's Success

These facts make threat hunters essential to companies' consistent operations. According to CompTIA, threat hunters are responsible for finding and mitigating cybersecurity threats before they cause problems. By creating a threat-hunter team to proactively identify vulnerabilities within their environments and remedy them before they become breaches, organizations reduce their security risks. But how do you start putting together a threat-hunter team? You must first understand what to look for in a threat hunter, including the most important personality traits, skills, and certifications.

The Value of Threat Hunters
Threat hunting isn't new, however, its practical use in countering cyberthreats is more important than ever with the uptick in cybersecurity attacks. According to the US Bureau of Labor Statistics' Information Security Analyst's Outlook, cybersecurity jobs will grow 31% through 2029, over seven times faster than the national average job growth of 4%. 

A worldwide shift to remote work and online learning, concerns around election security, and the overall increase in attacks have made cybersecurity an increasingly critical topic. The SANS 2020 Threat Hunting Survey found that 65% of respondent organizations are already performing some form of threat hunting and another 29% are planning to implement it within the next 12 months. Many markets, including financial services, high-tech, military, government, and telecommunications, have an essential need to remediate threats as early as possible. While prevention is the most preferable outcome, speedy detection and remediation are critical. The process of threat hunting, first and foremost, reduces the number of successful breaches.

What Personality Traits Should Threat Hunters Have?
Many different personality traits can contribute to being a great threat hunter. Look for an inquisitive personality — the type of person who cannot put down a puzzle until it's solved. Successful threat hunters often have an analytical mindset and are adept at solo work. They should also take satisfaction from being the first line of defense in keeping the organization and its stakeholders secure, even if it means being an unsung hero. Hiring individuals with some variation of these traits can be the secret sauce in taking a threat hunting team from good to great.

What Skills Should They Possess?
Threat hunters need to be untroubled by their job always shifting and changing. Threats rarely remain static, so they must be willing to continuously adapt. To that point, threat hunters may not find a threat and a way to protect against it every day, but they must always be prepared to try to solve threats each day. Threat hunters should be willing to share ideas openly with their immediate team members. Open collaboration nets strong results even when an idea falls flat. Threat hunters cannot be afraid to fail.

What Certifications Should They Have?
Along with having a solid foundation in computing, threat hunters also benefit from having a few industry certifications. The certifications will vary based on the responsibilities of the role and your industry. Certifications like CompTIA Security+ are a great foundation and very appropriate for an entry-level role. Becoming a certified GIAC Penetration Tester (GPEN) or a Certified Ethical Hacker (CEH) will show that you can view vulnerabilities through an attacker's eyes and predict their behavior. Lastly, Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) are encompassing enough to provide valuable knowledge in many areas. There are many other certifications that may be relevant to an individual's role. For example, Computer Hacking Forensic Investigator (CHFI) certification would be great if you're looking for someone to do forensic investigations for your organization.

Protect Your Organizations for the Future
Threat hunting is gaining momentum, with a growing number of companies looking for ways to improve their security stance and eliminate threats proactively. It is important to hire threat hunters to remain vigilant to cyber threats and improve cyber defenses within your environment before they even occur. Onboarding well-rounded threat hunters will improve your security posture as well as potentially uncover vulnerabilities. Addressing these areas will serve to shrink your organization's attack surface over time.

Troy Gill joined the AppRiver team in 2007 to analyze data regarding cyber threat tactics, methodologies or vulnerabilities that present threats to IT operations. Such real-time analysis helps Gill apply immediate improvements to cyber-analytical tools and disseminate ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-21533
PUBLISHED: 2021-09-16
fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c.
CVE-2020-21534
PUBLISHED: 2021-09-16
fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c.
CVE-2020-21535
PUBLISHED: 2021-09-16
fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c.
CVE-2020-21529
PUBLISHED: 2021-09-16
fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c.
CVE-2020-21530
PUBLISHED: 2021-09-16
fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c.