You may have heard the term, but do you know what threat hunting is in cybersecurity? A threat hunter is a mid- to senior-level cybersecurity position responsible for proactively detecting, isolating and mitigating threats that have evaded existing security defenses within a network. The threat hunter position utilizes many of the same skills as a cybersecurity analyst or malware analyst, working to identify new threats and stop cyber actors before they attack. While experience and qualifications vary, threat hunters can earn $61,520 to $165,92, according to the U.S. Bureau of Labor Statistics, with a mean annual wage of $113,270. The field is expected to grow by at least 5% annually in the coming years.
What does the threat hunter do?
Threat hunting requires one to be constantly attuned to industry trends, which they use to identify and track advanced cybersecurity threats before their systems are targeted. A threat hunter then uses data analysis, the security operations center (SOC) and security tools to search for cyber threats hiding within system logs or attempting to gain access. Threat hunters also work with other cybersecurity professionals to make predictions for future threats so appropriate resource allocations can be made to match the need. They can then be expected to present their findings to internal stakeholders for resolution.
Many threat hunters also participate in industry-wide events, conferences and data-sharing arrangements with other public and private-sector analysts to stay abreast and ahead of evolving cyber threats, especially from advanced persistent threats.
How can I become a threat hunter?
Most organizations are looking for cyber threat hunters to have a solid foundation as cybersecurity analysts. These professionals often rise through the ranks of junior roles to fill these positions. In addition to this on-the-job experience, threat hunters need to firmly understand operating systems, networking, security tools, technical writing and have a broad grasp of the larger cybersecurity landscape, including evolving TTPs (tactics, techniques procedures). This allows them to quickly work through the cyber threat hunting process and large amounts of data and evidence to identify real, sophisticated threats and quickly associate mitigation strategies to eliminate them.
What education does a threat hunter need?
If you are interested in how to learn threat hunting, formal education in computer science, programming or information security can provide a strong foundation for the threat hunter role. Given the existing critical skills shortage, many employers have lowered how strict this requirement is in making hiring decisions and have placed more focus on technical aptitude and on-the-job experience.
A range of related cybersecurity certification programs can help a professional verify their skills, learn threat hunting tools, such as threat hunting with Splunk, and document the experience that one may have gained in previous roles, including as a cybersecurity analyst, threat intelligence analyst or as SOC analyst. Employers also place weight on the ability of those first entering the field to demonstrate hands-on experience, such as through a cyber range, a threat hunting project or a subscription-based learning program.
Finally, there are plenty of online resources you can use to supplement your formal training if you know where to search. To start, try out: “threat hunting course free.”
What certifications does a threat hunter need?
While there are few widely available threat hunter certifications, there are plenty of related programs that can be used by current or aspiring analysts. For example, CompTIA’s intermediate-level Cybersecurity Analyst (CySA+) certification is a close match given the related skills, especially when combined with more foundational certificates:
- Certified Cyber Threat Hunting Professional (CCTHP)
- CompTIA Network+
- CompTIA Security+
- Certified Ethical Hacker (CEH)
- Certified Penetration Tester (CPT)
- Certified Information Systems Auditor (CISA)
- Offensive Security Certified Professional (OSCP)
If you’re already a threat hunter or existing security professional, but want to further increase your earning potential, the widely-respected Certified Information Systems Security Professional (CISSP) certification is a great next step.
What skills does a threat hunter need?
Threat hunters combine networking, security, incident response and technical writing skills with the ability to conduct technical research. Other essential skills for threat hunters outlined in the NICE Framework include:
- Conducting non-attributable research
- Conducting research using the deep web
- Defining and characterizing all pertinent aspects of the operational environment
- Developing or recommending analytic approaches or solutions to problems and situations for which information is incomplete, or for which no precedent exists
- Evaluating information for reliability, validity and relevance
- Identifying alternative analytical interpretations to minimize unanticipated outcomes
- Identifying critical target elements, to include critical target elements for the cyber domain
Threat hunters also need to be comfortable using and reviewing reports from security monitoring tools, such as firewalls, antivirus software, network monitoring devices and intrusion detection tools. In addition to reviewing these reports for relevant data, threat hunters need to be able to get hands-on and examine end-point data and event logs and use analytical tools to process large amounts of data.
How much can a threat hunter earn?
Earnings for threat hunters align with those of information security analysts, with these professionals able to earn an average salary of $113,270, according to the Bureau of Labor Statistics (BLS). However, a threat hunting salary can range widely based on location and industry, with the top 10% of analysts earning more than $165,920 and the bottom 10% bringing in just under $61,520.
More specifically, threat hunters can earn the following average salaries in these industries:
- Finance and insurance: $142,070
- Computer systems design and related services $110,450
- Management of companies and enterprises $108,000
- Management and technical consulting services $110,780
- Scientific Research and Development Services $100,870
Where does the threat hunter work?
BLS lists Virginia, Texas, Maryland, New York and Florida as the states with the highest number of employed information security analysts, which includes professionals that provide cyberthreat hunting services.
Payscale reports the majority of U.S.-based security analysts work for firms like Northrop Grumman Corporation, Accenture and Holmes Murphy & Associates. Security analysts in Seattle, Washington DC, Houston, Chicago and Atlanta typically earn the highest salaries among all security analysts.
Related careers and job titles
Threat hunters can also be referred to as information security analysts, IT security analysts, cybersecurity analysts and senior security analysts. Professionals who work as threat hunters for several years can, however, advance to more senior roles:
- Network architect
- Computer and information systems manager
- Computer systems analyst
- Network and computer system administrator
- Chief information security officer
Training resources for threat hunters
Ready to start cyber threat hunting training and grow your threat hunting skills? Interested in building a threat hunting program or even finding some of the best threat hunting books? Whether you are a career changer, junior practitioner or recently graduated, review our Infosec threat hunting resources and programs and get certified right now. On our site, you can also look for opportunities to build and validate hands-on skills with a security-focused learning program to get hands-on with each technique of threat hunting. These experiences can help prepare you for upcoming interviews, assessments and the early months of your new career.