Every year, cybercrime continues to increase. Consider the annual Internet Crime Report released by the FBI’s Internet Crime Center (IC3) in March. The survey found that American citizens lost about $6.9 billion to cybercriminals and online scammers throughout 2021—a significant increase over the $4.2 billion in losses reported the previous year.
Overall, the IC3 report found that FBI agents received 847,376 complaints about cybercrime losses in 2021—a seven percent increase over 2020, with cyber threats such as ransomware, business email compromise, and cryptocurrency thefts all increasing.
This increasing amount of cybercriminal and other malicious activity targeting users’ data as well as the infrastructure and networks of private companies and government entities is increasing the number of open cybersecurity positions. This means employment opportunities for those who want to enter the field, look for ways to boost their salary, or advance a career.
With malicious activity expected to continue increasing, a threat hunter is one position that is seeing greater interest from organizations of all sizes. According to Glassdoor, the total pay for these positions stands at about $104,000, with many private firms willing to pay more than that for the right talent.
Those with the right set of skills (or willing to work at gaining those skills) can find themselves well-positioned for better pay or career advancements, said Archie Agarwal, founder and CEO at ThreatModeler, a New Jersey-based automated threat modeling firm.
“The most important indicator of success in threat hunting is a person’s ability to combine business risk, security, and software or infrastructure engineering disciplines fluidly. In a sentence, a great threat hunter can look at a situation, intuit what risks are worth going after, and where the software and infrastructure may be vulnerable because of how it’s built,” Agarwal recently told Dice.
What Is Threat Hunting?
As with many other types of IT and cybersecurity jobs, threat hunting doesn’t have a specific definition, but training firm CompTIA offers a good overview of what the position entails. “Threat hunters are IT professionals who proactively find cybersecurity threats and mitigate them before they compromise an organization. It is a newer extension of the cybersecurity analyst job role intended to neutralize advanced threats that might evade the security operations center (SOC),” according to its report.
Threat hunting is also central to many organizations’ overall cybersecurity strategy. A 2021 SANS Institute survey on threat hunting found that about 93 percent of respondents report their organization has a dedicated threat hunting staff. A majority of participants also reported they are looking to invest more in tools and talent.
The one downside the SANS study found is that about 12 percent fewer organizations performed threat hunting in 2021, compared to 2020.
“But what caused this dip? It seems to be a combination of organizations reducing their external spend with third parties and their overall internal staff in response to COVID-19,” according to an analysis by security firm Rapid7.
Skills Needed for Threat Hunters
While the pandemic and the Great Resignation may have affected some organizations’ spending on threat hunting, the field itself still holds multiple opportunities for tech and security professionals.
For threat hunters, the ability to think creatively about cybercrime—not so much how threat actors are thinking now, but how they will think about an attack in the future—is a key to finding success in the field, said Agarwal.
“Threat hunters need to be comfortable with threat modeling techniques to accomplish this. It’s common for practitioners to have security chops—but what separates good from great is an ability to dig into development and infrastructure technology frameworks,” Agarwal added. “A great threat hunter can quickly come up to speed on these technologies based on available open source, or reverse engineering when code isn’t available, and find design limitations or flaws to be exploited in the process.”
And while there is no specific set of skills needed to explore a threat-hunting career, John Bambenek, principal threat hunter at security firm Netenrich, noted that knowledge of Microsoft PowerShell is useful since many threat actors take advantage of flaws in the platform for their attacks.
Another useful skill is knowing another language, with even basic knowledge of Russian, Mandarin or Farsi in high demand due to the increasing number of advanced persistent threat groups from Russia, China and Iran targeting both government agencies and private businesses, Bambenek added.
“Salary is often tied to experience, but languages and supporting skills can help. It’s likely easiest to get a good raise and move up the ladder by applying to work at another organization, but for those trying to get raises or better salaries, being able to show that significant attacks were prevented and the ability to tie those to a potential dollar loss,” Bambenek told Dice. “For instance, if you have prevented five major breaches that saved the organization hundreds of millions, a raise can be much easier to justify.”
What Can I Teach Myself About Threat Hunting?
As with other types of cybersecurity positions, those looking to make the jump to threat hunting can teach themselves many of the necessary skills, especially if they already have a tech or IT background.
“Someone who is a self-learner that comes into cybersecurity interviews and can engage can often ‘get away with’ less experience; if you come to an interview and want to talk about lateral movement using Remote Desktop Protocol and honeypots you've set up to determine threat patterns, there may be less focus on how much experience you have,” Matthew Warner, CTO and co-founder of Blumira, an automated threat detection and response technology firm, told Dice.
Potential threat hunters or those looking to brush up can also practice the skills they need in their home. “In the end, it all comes down to one thing for IT and cybersecurity as a self-starter or learner—build a home lab, break the home lab, build it again and keep doing that while adding new technologies,” Warner added. “Doing this will expose you to the technologies relevant to your interests and introduce you to the complexities people run into often.”
If that’s not enough, there are several certifications that potential threat hunters can earn to help distinguish themselves, including the CompTIA Security+ certification, the GIAC Penetration Tester (GPEN) certification, as well as the Certified Ethical Hacker (CEH) certificate, among others.