How do you find, hire and create the perfect threat hunter team? Troy Gill, Manager of Security Research and Zix’s AppRiver Threat Research Team speaks to what it takes to be an exceptional threat hunter and what qualities they need to be successful.
Security: What is your background, current role and responsibilities?
Gill: I am a threat hunter and Manager of Security Research at Zix | AppRiver. I am primarily responsible for evaluating security controls and identifying potential risks. I also provide advice, research support, project management services, and information security expertise to assist in designing security solutions for new and existing applications.
I joined the team in 2007 to analyze data regarding cyber threat tactics, methodologies or vulnerabilities that present threats to IT operations. Such real-time analysis helps me apply immediate improvements to cyber-analytical tools and disseminate incident reports, threat trends and situational analysis.
Security: How do you find, hire and create the perfect threat hunter team?
Gill: I look for a good skills foundation without focusing too heavily on checking every single box as I know that the on-the-job experience will be much more valuable over time. Finding the right personality type is of equal importance. I ask myself two important questions - How do their personality traits and interest fit the role? And how does that fit or balance out the team as a whole?
Look for someone who is fulfilled with being the unsung hero because threat hunters are not often celebrated for the attacks they prevent because if caught early enough, they are non-events. Threat hunters should find enjoyment and satisfaction as the first line of defense keeping the organization and its stakeholders secure. Hiring individuals with various traits and skills can be the secret sauce in taking a threat hunting team from good to great.
To retain hunters, it is important to make sure they are empowered to stay engaged in a meaningful way, as they often really enjoy the thrill of the hunt. Be careful not to overburden them as it can often lead to burnout.
Security: What does it take to be an exceptional threat hunter, and what qualities do they need to succeed?
Gill: Many different personality traits can contribute to being a great threat hunter. Something to consistently look for is an inquisitive personality — this is the type of person who cannot put down a puzzle until it is solved. It is also ideal to look for someone with an analytical mindset who welcomes collaboration and is content working on their own.
Threat hunters need to be untroubled by their job, constantly shifting and changing. Threats rarely remain static, so these individuals must be willing to adapt continuously. To that point, it is not every day that threat hunters will find a threat and protect against it, so it is a must that they are always prepared to try to solve it on the next day and the day after. Threat hunters should be willing to share ideas openly with their immediate team members. Open collaboration regularly nets strong results even if, at times, an idea falls flat. Threat hunters cannot be afraid to fail.
Security: What are the benefits of implementing a threat hunting process?
Gill: Threat hunting isn’t new; however, the importance of its practical use in countering cyberthreats is more critical than ever with the uptick in cyber security attacks. Threat hunting is essential to remediate threats as early as possible. While prevention is the most preferable outcome, speedy detection and remediation are critical. The process of threat hunting, first and foremost, has the impact of reducing the number of successful breaches. Over time the response time for events should become faster. Throughout this process, threat hunting/response teams will find opportunities to improve security posture as well as potentially uncovering vulnerabilities. Addressing these areas of concern will serve to shrink the attack surface over time.