Suz Hinton

And so it's more about knowledge and knowing patterns and being able to then be incredibly agile and with being able to get ahead of the, I guess, the attacker.

And so it's more about knowledge and knowing patterns and being able to then be incredibly agile and with being able to get ahead of the, I guess, the attacker.

That sounds really cool. That sounds really cool.

That sounds really cool. That sounds really cool.

It can be everything from did this person switch to a specific language keyboard. It can be the specific actual hacking tool. So, for example, let's think of a hacking tool like Bloodhound or Mimi Cats or something like that, you know. what specific tools are they using and in conjunction with other tools.

It can be everything from did this person switch to a specific language keyboard. It can be the specific actual hacking tool. So, for example, let's think of a hacking tool like Bloodhound or Mimi Cats or something like that, you know. what specific tools are they using and in conjunction with other tools.

It can also be things like, okay, does this country have a major national holiday and was there zero hacking activity on this machine that day? And then it resumed the next day. Okay, well, maybe they're located in a specific country then, which narrows it down to a smaller collection of threat actors, right? And so...

It can also be things like, okay, does this country have a major national holiday and was there zero hacking activity on this machine that day? And then it resumed the next day. Okay, well, maybe they're located in a specific country then, which narrows it down to a smaller collection of threat actors, right? And so...

There are all these little sort of bits and pieces that come together and, you know, a threat hunter needs to be able to find something that happened, piece together what actually happened and be able to inform future, you know, detections.

There are all these little sort of bits and pieces that come together and, you know, a threat hunter needs to be able to find something that happened, piece together what actually happened and be able to inform future, you know, detections.

Yeah. So I think you're also thinking of things like forensics. I am. I think that's probably more the appropriate discipline. Threat hunting is not exactly quite like that. It's more sort of data sifting than anything. And so I'm just being really careful about my NDA right now.

Yeah. So I think you're also thinking of things like forensics. I am. I think that's probably more the appropriate discipline. Threat hunting is not exactly quite like that. It's more sort of data sifting than anything. And so I'm just being really careful about my NDA right now.

I knew can tell, like there are certain things I'm sharing that are very vague because I don't know what would be considered proprietary information. I don't talk about this topic very often. So it is very difficult for me to delineate that.

I knew can tell, like there are certain things I'm sharing that are very vague because I don't know what would be considered proprietary information. I don't talk about this topic very often. So it is very difficult for me to delineate that.

But yeah, I think you're talking more about forensics and that's something that I learned in college, how to successfully image a hard drive without actually changing a single bit. which is harder than it sounds. It is. And I think this is also a lot of incident response too.

But yeah, I think you're talking more about forensics and that's something that I learned in college, how to successfully image a hard drive without actually changing a single bit. which is harder than it sounds. It is. And I think this is also a lot of incident response too.

So incident response and forensics are a little bit different to threat hunting in that they tend to be doing the hands-on work and actually getting into the machines and doing that. I think threat hunters are taking information after the fact that's being collected and they're not necessarily doing that work.

So incident response and forensics are a little bit different to threat hunting in that they tend to be doing the hands-on work and actually getting into the machines and doing that. I think threat hunters are taking information after the fact that's being collected and they're not necessarily doing that work.

So yeah, like I said, cybersecurity is really broad and so you can split these skill sets out into different focuses. Yeah.

So yeah, like I said, cybersecurity is really broad and so you can split these skill sets out into different focuses. Yeah.