2nd Edition

Tracking the trends and news for IT and IT Security

Paul Davis

Building a threat hunting team

Building a threat hunting team
OpenText Blog – Mario Daigle
This article discusses strategies for building an effective threat hunting team, emphasizing the importance of balancing in-house capabilities with external expertise
It explores the advantages and challenges of developing an internal team, the benefits of external partnerships, and the value of a hybrid approach
The piece also highlights the significance of understanding an organization’s security stack for effective hiring and the use of personas in the recruitment process
Important items to note:
1) Best Practices:
– Create an environment that supports ongoing education, collaboration, and innovation for in-house teams
– Align both in-house and external teams to ensure effective communication
– Use personas from the University of Victoria Threat Hunter report to guide hiring decisions
2) Trends:
– Increasing demand for skilled threat hunters
– Growing adoption of hybrid models combining in-house and external resources
– Emphasis on tailoring threat hunting teams to an organization’s specific needs and security stack
3) Outcomes:
– In-house teams provide deep integration and tailored approaches
– External partnerships bring fresh insights and specialized skills
– A hybrid approach offers comprehensive protection and adaptability
4) Key Considerations:
– The importance of aligning the threat hunting team with organizational objectives
– The need to balance technical expertise, analytical thinking, and continuous learning
– The value of understanding the security stack when hiring threat hunters
5) Challenges:
– High demand for skilled threat hunters makes recruitment competitive
– Maintaining a large in-house team may be resource-intensive for some organizations
6) Benefits:
– In-house teams offer intimate knowledge of the organization’s infrastructure and threat landscape
– External experts provide broad exposure to various industries and threats
– A hybrid model combines the strengths of both approaches
7) Strategic Implications:
– The choice between in-house, external, or hybrid models should be based on organizational needs and resources
– Effective hiring strategies, including the use of personas, can lead to a well-rounded threat hunting team
– A comprehensive threat hunting strategy enhances an organization’s overall cybersecurity posture
Link: https://blogs.opentext.com/building-a-threat-hunting-team/

Categories:

Tags: