Threat Hunting Series: What Makes a Good Threat Hunter

Kostas
7 min readJun 27, 2022
Photo by Fahim Reza on Unsplash

Continuing with the second post in this series, I felt it was necessary to address the skills and knowledge required to become a threat hunter before diving into the threat hunting process. This article will hopefully assist people in understanding the different areas that they might need to work on to become excellent threat hunters.

Threat hunters should have certain skills and experience. This is so they can use their experience to identify suspicious activity patterns and use their skills to investigate each case. Although there are some exceptions, talented individuals with a strong desire to learn could also be a great investment for an organization. In these cases, there are usually more experienced threat hunters in the team willing to help and mentor those that are new to the field.

Human-centric threat hunting

Threat hunting is human-centric and cannot be entirely replaced by automation. The threat hunter will always have to initiate the threat hunt based on a hypothesis or analyze the collected telemetry looking for suspicious activity. Some vendors allege they can automate threat hunting for their customers using Machine Learning (ML).

ML can be an important source of information for threat hunters, but it cannot replace the human-driven threat…

--

--

Kostas

I am a security researcher. My interests lie in #ThreatIntel, #malware, #IR & #Threat_Hunting. I either post here or at http://thedfirreport.com/