Some months ago, I wrote a blog posting on the importance of
Threat Hunters on your IT Security team.
The stereotype for these people is that they are often shy, and tend to
work by themselves, and others, if need be.
They don’t carry out the image of the cloak and dagger, and
hoodie image that the Pen Testers do.
The Threat Hunter actually looks more to be a like a scientist, given their
title, which is all they do pretty much for their jobs.
They take into consideration all of the intel and information/data
that is coming in, and from there, try to build up what future threat profiles
could possibly look like down the road.
True, there are AI and ML tools that can do this, but it always takes a
human to a certain degree to see just how accurate and realistic it all looks.
Therefore, hiring for a Threat Hunter for your staff, even
if it is on a contract basis, is a different breed of animal than hiring for
other types of Cyber positions. So, what
are the skills and traits that you look for when hiring for one? Here is a quick checklist that just about HR professional
can use:
1)
It is an analytical based interview:
Unlike other Cyber positions, you
will be asking your candidate questions like what kind analytical courses did
they take in college, if they attended?
This is important, as it shows they have the mindset of a potential scientist. If they answer with such things as calculus, encryption,
cryptography, you know then you are golden. But keep in mind that simply taking
analytical courses is not just the make or break for possible candidates. You also need to be asking them about the
direct experiences that they have had with Threat Hunting, and how they approached
it to find answers to questions. Heck,
your candidate may not even have gone to college. But that should not disbar
them. When interviewing candidates for a
Threat Hunting position, try to bring in a member of the IT Security team as
well that can ask more of the technical kinds of questions to probe their
analytical thinking, and above all, to see if they could fit in well in the current
environment. In this regard, you want your future Threat Hunter to think like
an actual Cyberattacker, much like a Pen Tester would.
2)
They must be curious:
Apart from being analytical, your
candidate should also exhibit a strong sense of curiosity. Meaning along wit knowing the difference
between integrals and differentials (LOL), they must be curious about the world
that is around them. Some great question
to ask here is what kind of stuff do they like to read? How do they keep abreast of what is happening
in the Cyber world them? What motivates
them? If you really want to test this,
during the interview (perhaps in the second phase), you should pose to them a
certain kind of Cyber scenario and ask them how they would find the answer to
it, and what specific resources that they would use, apart from using
Google. A good question to also ask here
is what some of their favorite Cyber sites are.
For me, being a tech writer, my favorite ones of those are those that
bring reputable news stories and headlines.
A key feature to look out here is how the candidate looks at you when
they respond to your curiosity-based questions.
If they look at you square in the eye, then you can tell for the most
part that they are being honest. But if
they tend to get squirmy, then that should be somewhat of a red flag to you.
Ok, now let’s fast forward quite a bit and assume that you
have found your ideal Threat Hunter. The
next question that often arises, is how do you keep this talent to the best
that you can? Well, here are some answers
that could help:
1)
Create a social kind of atmosphere:
By this I don’t mean to have a party
every day at your office (but that may not be a bad thing wither), but encourage
your Threat Hunters to work with others on the IT Security team, and vice
versa. Try to get your team to share
ideas amongst one another, and above all, share that information and data as
well. Let your Threat Hunters that you will
be around for them, and they should not feel afraid to speak their mind, and
ask for advice/help when needed. From my
experiences, Threat Hunters, as mentioned previously, tend to be a rather shy
bunch. Try to break that mold away from
them. Oh yea, and may not hurt to take your
team out to lunch or dinner every few weeks to build these social skills.
2)
Let them do more:
By this I mean, don’t limit the Threat
Hunters to just their specific job titles.
Let them explore other avenues as well.
In other words, don’t limit them.
By nature, Threat Hunters are explorers as well, and you should let them
explore your kingdom, within reason of course.
Let them go beyond their limits, and the in the end you will be
rewarded. In fact, this reminds of the days
when I was a white belt in Taekwondo.
One day, my instructor that all students could attempt break a concrete
brick if they wanted to. I asked, does
that also include us newbies? His reply
was: “I do not limit students by any
means”. So with those words, I broke the
brick the first time around, and boy, did that motivate me to even higher
levels.
3)
Always invest in and motivate your Threat
Hunters:
We all know that the world of
Cybersecurity is changing quickly, and that your employees mut be able to keep
up with this. Part of your job in the end
is to give them the tools to get that extra education. Yes, it can be expensive. But this is something that you are going to have
to convince your CISO about. There may
not be a direct percentage ROI immediately when you provide this training, but
the chances are that happier employees will be around with you the
longest. And that can save time and
money right there because a high employee turnover is not only expensive, but
can also tarnish your company’s image in the end as well. And always, whenever it is warranted, keep
offering praise to your Threat Hunters.
They are not used to it by nature, so a simple pat on the back or even a
random $15 gift card to Starbucks or Panera Bread can go a long way to keep
employees as well.
My Thoughts On This:
Yea, yea, everybody is complaining about the lack of Cyber
workers. The truth is that there is not,
it’s how you approach it. In this
regard, and as I have written about before, take a holistic approach to it, and
don’t get hung up by degrees or worst yet, certs. Blah to the latter.
If you think you have found the right candidate, by all means,
offer them the job, and give them the chance they deserve to prove their worth
to you and your company.
No comments:
Post a Comment