SANS Institute recently listed “Threat Hunter” as the coolest career in its Cyber Talent Immersion Academy.
We couldn’t agree more! However, since there is still some skepticism about threat hunting, we decided to ask our own amateur hunter — SecBI VP of Product and longtime cybersecurity operations manager Arie “Fredy” Fred – for the top three reasons why it’s cool to be a hunter:
- Hunting is anything but tedious
Unlike responding to security alerts, hunting is by definition an open-ended activity. You can easily diversify the operation and do something new every time you go hunting. You can devise different theories, try different data sources, reverse attacks that impacted others, and work to connect the not-so-obvious dots of an exciting new story. It’s never boring because it’s always changing. You don’t really have a boss or service level agreement either – just the trust that you know what you are doing.
- A good hunter will get to leverage all current skills and gain additional ones
To be good, you need to know all about networking, OS, applications, defensive tools, and security architecture. To be better, you need the ability to think like an attacker, i.e. learn to attack, gain knowledge of the offensive tools and tactics. To be one of the best, you need to experience a breach first-hand. Trying to understand what has happened, how it happened, and how to recover from it is the best education possible in the cyber world.
- The reward, if successful, is the reason it’s called a hunt
Considering a number of breaches that succeed every day, the hunter has a lot on his plate. So if the hunter actually manages to protect his organization from these many threats, let’s just say that job security is the least of his worries. Moreover, hunting is based on creativity and exploration, and thus rewards the hunter with satisfaction and a sense of achievement.
Threat Hunting is one of the most demanding sub-professions of cybersecurity. It requires technical and mental proficiency and a desire to beat the opponent on any given day. But given that you got what it takes, it is also one of the most rewarding roles in cybersecurity.
At SecBI we realize the importance of threat hunting but also acknowledge that the bar for becoming a successful hunter is set too high.