‘Threat hunter’ emerges as new enterprise security role

David Bianco, who was lead threat hunter at General Electric prior to becoming lead security technologist at Sqrrl, describes threat hunting as the use of manual or machine-assisted techniques for detecting security incidents that an organization would otherwise not know about. The knowledge gap, he said, stems from the failure of automated systems to detect a particular threat or the lack of systems designed to detect certain types of activities. As for the former, Bianco said automated systems are great at finding automated threats, such as mass- market malware. 

“It’s when you pit automated detection against skilled human actors that the biggest problems occur,” he said.

So what types of skills should a CISO look for when hiring a threat hunter?

For one, threat hunters need to live on the front lines of security research, attuned to the latest and most dangerous emerging threats, Johnson said. That role, she said, means the hunters need access to key tools and services, such as behavioral threat analytics and “threat intelligence networks and solutions.”

But for Johnson, the most important job requirement is creativity.

“A threat hunter needs to be able to put his or her mind to the task of uncovering vulnerabilities that are specific to the organization, and may or may not be highly sophisticated,” she said.

For example, a security vulnerability could be as prosaic as a door left open in a facility to enable smokers to take a smoking break, she said.

Amoroso suggested threat hunters need to have a solid grasp of the corporate routine and the ability to seize upon any departure from the norm. In addition, he said hunters should be ready look for trouble in increasingly complicated IT environments, which he characterized as becoming much more distributed, virtualized and automated.

“Hunters need to figure out how to jockey this,” Amoroso said.

Bianco, meanwhile, cited critical thinking, business knowledge, communication and collaboration as important hunter skills.

The trick for CISOs is finding people with the requisite skills.

“Today, the issue is it’s just kind of hard to find people who are good at this,” Amoroso said.