Your Next Move: Threat Hunter

Threat hunters are IT professionals who proactively find cybersecurity threats and mitigate them before they compromise an organization.

YNM Threat Hunter
This article is part of an IT Career News series called
Your Next Move. These articles take an inside look at the roles related to CompTIA certifications. Each article will include the responsibilities, qualifications, related job titles and salary range for the role. As you consider the next move in your IT career, check back with CompTIA to learn more about your job prospects and how to get there.

Threat hunters are IT professionals who proactively find cybersecurity threats and mitigate them before they compromise an organization. It is a newer extension of the cybersecurity analyst job role intended to neutralize advanced threats that might evade the security operations center (SOC). If you like to search for new threats and stop cybercriminals in their path before they attack, then threat hunter may be the right cybersecurity job for you.

What Is a Threat Hunter?

Threat hunters identify advanced threats, and then track and mitigate them before organizational IT systems are attacked. Advanced threats may constitute up to 10% of cyber threats, and not all advanced threats are detected solely with SOC solutions. Threat hunters are needed for that very purpose.

A threat hunter continuously detects, analyzes and combats advanced threats. The job role includes detecting vulnerabilities and mitigating the associated cybersecurity risk before it affects the organization.

A threat hunter might be tasked with the following:

  • Search for cyber threats and risks hiding inside the data before attacks occur
  • Gather as much information on threat behavior, goals and methods as possible
  • Organize and analyze the collected data to determine trends in the security environment of the organization
  • Make predictions for the future and eliminate the current vulnerabilities

Threat hunters are usually found in large, enterprise organizations with more than 1,000 employees. They do not work on known cyber threats. Instead, they find new threats and coordinate with the SOC team and cybersecurity manager to ensure incident response and mitigation.

For small- to medium-sized businesses, threat hunter services are usually performed by managed service providers (MSPs) that may subscribe to threat feeds or join an Information Sharing and Analysis Organizations (ISAOs) for threat intelligence. MSPs may have a threat hunter on staff to serve dozens of these organizations, or they might expect their cybersecurity analysts to perform the threat hunter job role. CompTIA offers an ISAO tailored to the needs of MSPs with access to multiple threat feeds, a threat-hunting platform and a forum where trusted peers in the industry share cybersecurity best practices. Learn more about the CompTIA ISAO.

Why Are Threat Hunters Important?

Predicting the next cyberattack is difficult because advanced threats have no defined indicators – we don’t know what to look for. The only way to defend the organization is to apply newer threat hunter and security analysis techniques to find the threats before they find you.

Splunk found that in many cases, threat actors use 100% valid credentials for these attacks. The case study, by Splunk and Johns Hopkins Applied Physics Laboratory, demonstrates how to “get ahead” of an adversary using threat hunting tactics and provides excellent insight into the threat hunter job role.

Here are some more averages from Splunk’s findings:

  • Threat actors typically access 40 systems
  • It takes a median 143 days before threats are detected
  • Two-thirds of victims are notified by an external entity

In an ideal world, threats would be identified by threat hunters and cybersecurity analysts inside the organization, not by outsiders.   

How to Become a Threat Hunter

Most companies hiring a threat hunter are looking for someone with a cybersecurity analyst background and possibly a bachelor’s degree in computer science, cybersecurity, programming or a related field.

Many threat hunters previously worked as security analysts. Certifications like CompTIA Cybersecurity Analyst (CySA+) prove that you have the skills to be a threat hunter or security analyst. Check out the CompTIA Career Roadmap to see what other certifications can help you become a threat hunter.

The Details

Threat Hunter Salary Range

$57,810 to $158,860 with a median annual wage of $99,730 according to the U.S. Bureau of Labor Statistics (BLS)

Threat Hunter Job Outlook

From 2018 to 2028, CompTIA projects an increase of 32% for information security analysts, with 112,300 net new jobs expected during that 10-year period.

Job Titles Related to Threat Hunter

Will your next move be threat hunter? If so, check out CompTIA Cybersecurity Analyst (CySA+) to get the skills to get you there.

Email us at blogeditor@comptia.org for inquiries related to contributed articles, link building and other web content needs.

Read More from the CompTIA Blog

Leave a Comment