Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

End of Bibblio RCM includes -->
7/15/2021
10:00 AM
Troy Gill
Troy Gill
Commentary
Connect Directly
Twitter
LinkedIn
Twitter
LinkedIn
RSS
E-Mail vvv

What to Look for in an Effective Threat Hunter

The most important personality traits, skills, and certifications to look for when hiring a threat hunting team.

Cybercrime is exploding, and companies cannot wait for potential threats to emerge. They must proactively identify security incidents that might go undetected by automated security tools. The FBI's 2020 Internet Crime Report finds a 69.4% increase in Internet crimes and losses exceeding $4.2 billion since 2019. The top three crimes reported by victims in 2020 were phishing scams, non-payment/non-delivery scams, and extortion.

Related Content:

The Workforce Shortage in Cybersecurity Is a Myth

Special Report: Building the SOC of the Future

New From The Edge: 5 Mistakes That Impact a Security Team's Success

These facts make threat hunters essential to companies' consistent operations. According to CompTIA, threat hunters are responsible for finding and mitigating cybersecurity threats before they cause problems. By creating a threat-hunter team to proactively identify vulnerabilities within their environments and remedy them before they become breaches, organizations reduce their security risks. But how do you start putting together a threat-hunter team? You must first understand what to look for in a threat hunter, including the most important personality traits, skills, and certifications.

The Value of Threat Hunters
Threat hunting isn't new, however, its practical use in countering cyberthreats is more important than ever with the uptick in cybersecurity attacks. According to the US Bureau of Labor Statistics' Information Security Analyst's Outlook, cybersecurity jobs will grow 31% through 2029, over seven times faster than the national average job growth of 4%. 

A worldwide shift to remote work and online learning, concerns around election security, and the overall increase in attacks have made cybersecurity an increasingly critical topic. The SANS 2020 Threat Hunting Survey found that 65% of respondent organizations are already performing some form of threat hunting and another 29% are planning to implement it within the next 12 months. Many markets, including financial services, high-tech, military, government, and telecommunications, have an essential need to remediate threats as early as possible. While prevention is the most preferable outcome, speedy detection and remediation are critical. The process of threat hunting, first and foremost, reduces the number of successful breaches.

What Personality Traits Should Threat Hunters Have?
Many different personality traits can contribute to being a great threat hunter. Look for an inquisitive personality — the type of person who cannot put down a puzzle until it's solved. Successful threat hunters often have an analytical mindset and are adept at solo work. They should also take satisfaction from being the first line of defense in keeping the organization and its stakeholders secure, even if it means being an unsung hero. Hiring individuals with some variation of these traits can be the secret sauce in taking a threat hunting team from good to great.

What Skills Should They Possess?
Threat hunters need to be untroubled by their job always shifting and changing. Threats rarely remain static, so they must be willing to continuously adapt. To that point, threat hunters may not find a threat and a way to protect against it every day, but they must always be prepared to try to solve threats each day. Threat hunters should be willing to share ideas openly with their immediate team members. Open collaboration nets strong results even when an idea falls flat. Threat hunters cannot be afraid to fail.

What Certifications Should They Have?
Along with having a solid foundation in computing, threat hunters also benefit from having a few industry certifications. The certifications will vary based on the responsibilities of the role and your industry. Certifications like CompTIA Security+ are a great foundation and very appropriate for an entry-level role. Becoming a certified GIAC Penetration Tester (GPEN) or a Certified Ethical Hacker (CEH) will show that you can view vulnerabilities through an attacker's eyes and predict their behavior. Lastly, Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) are encompassing enough to provide valuable knowledge in many areas. There are many other certifications that may be relevant to an individual's role. For example, Computer Hacking Forensic Investigator (CHFI) certification would be great if you're looking for someone to do forensic investigations for your organization.

Protect Your Organizations for the Future
Threat hunting is gaining momentum, with a growing number of companies looking for ways to improve their security stance and eliminate threats proactively. It is important to hire threat hunters to remain vigilant to cyber threats and improve cyber defenses within your environment before they even occur. Onboarding well-rounded threat hunters will improve your security posture as well as potentially uncover vulnerabilities. Addressing these areas will serve to shrink your organization's attack surface over time.

Troy Gill joined the AppRiver team in 2007 to analyze data regarding cyber threat tactics, methodologies or vulnerabilities that present threats to IT operations. Such real-time analysis helps Gill apply immediate improvements to cyber-analytical tools and disseminate ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27509
PUBLISHED: 2022-06-26
Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email and injecting a specially crafted XSS payload in the 'subject' field. The payload executes when the recipient logs in...
CVE-2022-34491
PUBLISHED: 2022-06-25
In the RSS extension for MediaWiki through 1.38.1, when the $wgRSSAllowLinkTag config variable was set to true, and a new RSS feed was created with certain XSS payloads within its description tags and added to the $wgRSSUrlWhitelist config variable, stored XSS could occur via MediaWiki's template sy...
CVE-2022-29931
PUBLISHED: 2022-06-25
Raytion 7.2.0 allows reflected Cross-site Scripting (XSS).
CVE-2022-31017
PUBLISHED: 2022-06-25
Zulip is an open-source team collaboration tool. Versions 2.1.0 through and including 5.2 are vulnerable to a logic error. A stream configured as private with protected history, where new subscribers should not be allowed to see messages sent before they were subscribed, when edited causes the serve...
CVE-2022-31016
PUBLISHED: 2022-06-25
Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service, resulting in a Denial of Service. The attacker must be an authenticated A...