Saturday, November 13, 2021

The Tips & Tricks Into Finding A Great Threat Hunter

 


Some months ago, I wrote a blog posting on the importance of Threat Hunters on your IT Security team.  The stereotype for these people is that they are often shy, and tend to work by themselves, and others, if need be. 

They don’t carry out the image of the cloak and dagger, and hoodie image that the Pen Testers do.  The Threat Hunter actually looks more to be a like a scientist, given their title, which is all they do pretty much for their jobs.

They take into consideration all of the intel and information/data that is coming in, and from there, try to build up what future threat profiles could possibly look like down the road.  True, there are AI and ML tools that can do this, but it always takes a human to a certain degree to see just how accurate and realistic it all looks.

Therefore, hiring for a Threat Hunter for your staff, even if it is on a contract basis, is a different breed of animal than hiring for other types of Cyber positions.  So, what are the skills and traits that you look for when hiring for one?  Here is a quick checklist that just about HR professional can use:

1)     It is an analytical based interview:

Unlike other Cyber positions, you will be asking your candidate questions like what kind analytical courses did they take in college, if they attended?  This is important, as it shows they have the mindset of a potential scientist.  If they answer with such things as calculus, encryption, cryptography, you know then you are golden. But keep in mind that simply taking analytical courses is not just the make or break for possible candidates.  You also need to be asking them about the direct experiences that they have had with Threat Hunting, and how they approached it to find answers to questions.  Heck, your candidate may not even have gone to college. But that should not disbar them.  When interviewing candidates for a Threat Hunting position, try to bring in a member of the IT Security team as well that can ask more of the technical kinds of questions to probe their analytical thinking, and above all, to see if they could fit in well in the current environment. In this regard, you want your future Threat Hunter to think like an actual Cyberattacker, much like a Pen Tester would.

2)     They must be curious:

Apart from being analytical, your candidate should also exhibit a strong sense of curiosity.  Meaning along wit knowing the difference between integrals and differentials (LOL), they must be curious about the world that is around them.  Some great question to ask here is what kind of stuff do they like to read?  How do they keep abreast of what is happening in the Cyber world them?  What motivates them?  If you really want to test this, during the interview (perhaps in the second phase), you should pose to them a certain kind of Cyber scenario and ask them how they would find the answer to it, and what specific resources that they would use, apart from using Google.  A good question to also ask here is what some of their favorite Cyber sites are.  For me, being a tech writer, my favorite ones of those are those that bring reputable news stories and headlines.  A key feature to look out here is how the candidate looks at you when they respond to your curiosity-based questions.  If they look at you square in the eye, then you can tell for the most part that they are being honest.  But if they tend to get squirmy, then that should be somewhat of a red flag to you.

Ok, now let’s fast forward quite a bit and assume that you have found your ideal Threat Hunter.  The next question that often arises, is how do you keep this talent to the best that you can?  Well, here are some answers that could help:

1)     Create a social kind of atmosphere:

By this I don’t mean to have a party every day at your office (but that may not be a bad thing wither), but encourage your Threat Hunters to work with others on the IT Security team, and vice versa.  Try to get your team to share ideas amongst one another, and above all, share that information and data as well.  Let your Threat Hunters that you will be around for them, and they should not feel afraid to speak their mind, and ask for advice/help when needed.  From my experiences, Threat Hunters, as mentioned previously, tend to be a rather shy bunch.  Try to break that mold away from them.  Oh yea, and may not hurt to take your team out to lunch or dinner every few weeks to build these social skills.

2)     Let them do more:

By this I mean, don’t limit the Threat Hunters to just their specific job titles.  Let them explore other avenues as well.  In other words, don’t limit them.  By nature, Threat Hunters are explorers as well, and you should let them explore your kingdom, within reason of course.  Let them go beyond their limits, and the in the end you will be rewarded.  In fact, this reminds of the days when I was a white belt in Taekwondo.  One day, my instructor that all students could attempt break a concrete brick if they wanted to.  I asked, does that also include us newbies?  His reply was:  “I do not limit students by any means”.  So with those words, I broke the brick the first time around, and boy, did that motivate me to even higher levels.

3)     Always invest in and motivate your Threat Hunters:

We all know that the world of Cybersecurity is changing quickly, and that your employees mut be able to keep up with this.  Part of your job in the end is to give them the tools to get that extra education.  Yes, it can be expensive.  But this is something that you are going to have to convince your CISO about.  There may not be a direct percentage ROI immediately when you provide this training, but the chances are that happier employees will be around with you the longest.  And that can save time and money right there because a high employee turnover is not only expensive, but can also tarnish your company’s image in the end as well.  And always, whenever it is warranted, keep offering praise to your Threat Hunters.  They are not used to it by nature, so a simple pat on the back or even a random $15 gift card to Starbucks or Panera Bread can go a long way to keep employees as well. 

My Thoughts On This:

Yea, yea, everybody is complaining about the lack of Cyber workers.  The truth is that there is not, it’s how you approach it.  In this regard, and as I have written about before, take a holistic approach to it, and don’t get hung up by degrees or worst yet, certs.  Blah to the latter. 

If you think you have found the right candidate, by all means, offer them the job, and give them the chance they deserve to prove their worth to you and your company.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...