When most people think of Feudal Japan, images of samurai warriors and shuriken-wielding ninjas tend to pop into their heads. But many tend to overlook an equally important, yet infinitely more subtle agent of war and peace: the Metsuke.
The Metsuke were the go-to source of internal espionage for their Shogun (Commander-in-Chief). They specialized in detecting subtle anomalies within their city’s population, predicting and preventing acts of enemy subterfuge and deception. For example, if a member of their populace was suspected of being an undercover enemy ninja, the Metsuke would covertly survey them until their true intentions were revealed.
In the modern world, threat actors (bad hackers) don’t always strike immediately. They will often infiltrate a network and lie dormant, waiting for vulnerabilities to expose themselves. While firewalls are capable of catching a large percentage of threats, sophisticated actors require an equally, if not more sophisticated pursuer. Enter the world of the security hunt analyst.
What does a security hunt analyst do?
A security hunt analyst is responsible for defensive cyber counter-infiltration operations against Advanced Persistent Threats (APT). In other words, they’re tasked with searching for hackers who have already burrowed deep within their company’s network. Their goal is to reduce the amount of time a threat actor can remain undetected (dwell time). The longer the dwell time, the more damage the actors can do. Hunt analysts are essentially challenged with the scrupulous, yet rewarding task of finding and removing the sharpest needles from the needle stack.
Once a threat or an anomaly is found within their network, the hunt analyst must assess the situation and come up with an effective response. Their deductions will lead to a cohesive solution that they can then share with the rest of the cybersecurity team, thus augmenting their network’s security efficiency. Coming up with a solution to a threat requires the hunt analyst to ask themselves several questions: “Is this threat worth investigating? How did it get into our network? How can we stop it? Can we automate a response and prevent similar future threats?” The more questions a hunt analyst can answer, the better they can address the threats they’ve uncovered.
Skills you’ll need when you’re on the hunt.
Technical skills will always prove advantageous in the cybersecurity field, but a hunt analyst must boast more than just textbook crypto-knowledge.
Combing through seemingly normal networks and unearthing deep-seated abnormalities requires an impeccable attention to detail, outside-the-box thinking, and a strong passion for problem solving. Hunt analysts are relentless puzzle solvers who refuse to give up until they find a solution to the problem at hand. Experience in research and analysis comes in handy here.
But finding the threat is only half the battle. Being able to effectively communicate your findings with the rest of the security team is an equally important component of the job. For this reason, strong interpersonal communication skills are a must-have for hunt analysts. A passion for problem solving, an analytically focused mind and a natural interest in programming are also great soft skills to have when you’re on the hunt. Due to the variety of skills required, it’s no surprise that hunt analysts come from a diverse range of technical as well as non-technical backgrounds.
Heroes reap many rewards.
As if Metsuke-style heroics and saving the world from digital warfare were not enough reward, an average starting salary, for entry-level hunt positions, can range anywhere from $50,000 to $70,000 per year. This range in base salary is dependent on previous experience, technical abilities and job location. It should also be noted that drive and work ethic play a large role in determining the level of success hunt analysts can reach.
Hunt analysts are used in a wide variety of industries due to the fact that virtually all companies are vulnerable to security breaches. If there’s a company that you’d love to work for, chances are, they could use a hunt analyst. In a more traditional sense, the largest cybersecurity companies in the world boast extensive analyst crews to complement their engineering teams.
A complete picture of a security team.
The advancement of cyber threats has led many organizations to develop their own Security Operations Center (SOC). A SOC consists of a cohesive cyber-team made of security engineers, penetration testers, security analysts and data scientists. Each member of the team brings a unique skill set that assists in the efforts of preventing, detecting, analyzing and responding to security threats.
The engineers are the technical experts that build and secure the networks and the detection tools of the company. The data scientists analyze the mass data that a company produces, in an effort to discover network insights. Analysts use these discoveries to actively search for anomalies in their network that might indicate malicious activity. When anomalies are spotted, analysts work with the engineers to set traps and contain threats. These traps can also be set preemptively in what’s known as “active defense.” Penetration testers are white-hat hackers who simulate cyber attacks on their own network to discover its vulnerabilities. They report their findings to the team, so that together, they can fill the network’s security gaps.
Every team member in the SOC is an essential piece to the ongoing battle against cyber threats. The question is “which team member do you want to be?”
Where does the hunt analyst fit into the team?
Hunt analysts work in very close relation with their team’s data scientists and security engineers. The hunt analyst uses the findings of the data scientists to hone their search for network anomalies. When threats are found (or predicted to be found), engineers build tools for analysts to use as a weapon against these threats. In other words, hunt analysts set the traps that engineers build.
Here’s how you get started.
Flatiron School Cybersecurity, formerly SecureSet (acquired 2019), provides the most complete, immersive and compressed cybersecurity programs out there. Our Cybersecurity Analytics Program teaches the technical and analytical skills necessary to be an effective hunt analyst. Our programs are a balance of classroom theory and hands-on lab time. This ensures that our students graduate with the level of skill and confidence needed to leave our academy job-ready. A majority of our students are hired within a few months of graduation (many before getting their diploma).
If you’re feeling overwhelmed and lack technical experience, we’ve got you covered. We offer a preparatory workshop called Hacking 101. You’ll get the introduction that you’ll need, to Systems, Networking and Python, to be a rockstar in our Programs.
Are you ready to join the hunt?
The security hunt analyst position has been formed under the realization that a purely defensive strategy is no longer a viable option when it comes to managing security breaches. Hunt Analysts are the true personification of the old adage “the best defense is a good offense.” If you go gaga for solving puzzles, outthinking others, or you’re just ready to catch some cyber-ninjas, a job as a security hunt analyst is for you. Are you ready to join the hunt?