What to Look for in an Effective Threat Hunter

The most important personality traits, skills, and certifications to look for when hiring a threat hunting team.

Troy Gill, Senior Manager of Threat Research, OpenText Cybersecurity

July 15, 2021

4 Min Read
Dark Reading logo in a gray background | Dark Reading

Cybercrime is exploding, and companies cannot wait for potential threats to emerge. They must proactively identify security incidents that might go undetected by automated security tools. The FBI's 2020 Internet Crime Report finds a 69.4% increase in Internet crimes and losses exceeding $4.2 billion since 2019. The top three crimes reported by victims in 2020 were phishing scams, non-payment/non-delivery scams, and extortion.

These facts make threat hunters essential to companies' consistent operations. According to CompTIA, threat hunters are responsible for finding and mitigating cybersecurity threats before they cause problems. By creating a threat-hunter team to proactively identify vulnerabilities within their environments and remedy them before they become breaches, organizations reduce their security risks. But how do you start putting together a threat-hunter team? You must first understand what to look for in a threat hunter, including the most important personality traits, skills, and certifications.

The Value of Threat Hunters
Threat hunting isn't new, however, its practical use in countering cyberthreats is more important than ever with the uptick in cybersecurity attacks. According to the US Bureau of Labor Statistics' Information Security Analyst's Outlook, cybersecurity jobs will grow 31% through 2029, over seven times faster than the national average job growth of 4%.

A worldwide shift to remote work and online learning, concerns around election security, and the overall increase in attacks have made cybersecurity an increasingly critical topic. The SANS 2020 Threat Hunting Survey found that 65% of respondent organizations are already performing some form of threat hunting and another 29% are planning to implement it within the next 12 months. Many markets, including financial services, high-tech, military, government, and telecommunications, have an essential need to remediate threats as early as possible. While prevention is the most preferable outcome, speedy detection and remediation are critical. The process of threat hunting, first and foremost, reduces the number of successful breaches.

What Personality Traits Should Threat Hunters Have?
Many different personality traits can contribute to being a great threat hunter. Look for an inquisitive personality — the type of person who cannot put down a puzzle until it's solved. Successful threat hunters often have an analytical mindset and are adept at solo work. They should also take satisfaction from being the first line of defense in keeping the organization and its stakeholders secure, even if it means being an unsung hero. Hiring individuals with some variation of these traits can be the secret sauce in taking a threat hunting team from good to great.

What Skills Should They Possess?
Threat hunters need to be untroubled by their job always shifting and changing. Threats rarely remain static, so they must be willing to continuously adapt. To that point, threat hunters may not find a threat and a way to protect against it every day, but they must always be prepared to try to solve threats each day. Threat hunters should be willing to share ideas openly with their immediate team members. Open collaboration nets strong results even when an idea falls flat. Threat hunters cannot be afraid to fail.

What Certifications Should They Have?
Along with having a solid foundation in computing, threat hunters also benefit from having a few industry certifications. The certifications will vary based on the responsibilities of the role and your industry. Certifications like CompTIA Security+ are a great foundation and very appropriate for an entry-level role. Becoming a certified GIAC Penetration Tester (GPEN) or a Certified Ethical Hacker (CEH) will show that you can view vulnerabilities through an attacker's eyes and predict their behavior. Lastly, Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) are encompassing enough to provide valuable knowledge in many areas. There are many other certifications that may be relevant to an individual's role. For example, Computer Hacking Forensic Investigator (CHFI) certification would be great if you're looking for someone to do forensic investigations for your organization.

Protect Your Organizations for the Future
Threat hunting is gaining momentum, with a growing number of companies looking for ways to improve their security stance and eliminate threats proactively. It is important to hire threat hunters to remain vigilant to cyber threats and improve cyber defenses within your environment before they even occur. Onboarding well-rounded threat hunters will improve your security posture as well as potentially uncover vulnerabilities. Addressing these areas will serve to shrink your organization's attack surface over time.

About the Author

Troy Gill

Senior Manager of Threat Research, OpenText Cybersecurity

Troy Gill is a Senior Manager of Threat Research at OpenText Cybersecurity, a division of OpenText. Gill's 16 years of cybersecurity experience has focused primarily on email threat mitigation and malware analysis. He has also completed numerous professional certifications including GIAC's –(GPEN)GIAC Penetration Tester. In his current role, Gill is responsible for analyzing data and identifying cyber threat tactics, methodologies and vulnerabilities that present threats to IT operations. This real-time analysis helps Gill apply immediate improvements to the company's cyber-analytical tools and disseminate incident reports, threat trends and situational analysis which are essential to keeping customers safe.

Gill came to OpenText through the company’s acquisition of Zix/AppRiver where he was instrumental in protecting customer safety by monitoring inbound messaging threats and identifying methods for blocking them. As part of OpenText Cybersecurity, he helps to keep more than 60,000 corporate customers safe from today's ever-evolving IT threats.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights