November 08, 2024

T. Rowe Price’s Matthew Winters on Threat Hunting as the Scientific Method

Listen Later

19 minutes

In our latest episode of the Future of Threat Intelligence podcast, David speaks with Matthew Winters, Lead Threat Hunter at T. Rowe Price. Matthew shares his unconventional journey into cybersecurity, highlighting the importance of soft skills and creativity in threat hunting that he has picked up along the way.

He explains that threat hunting is akin to applying the scientific method to networks, starting with hypotheses rather than alerts. Matthew and David also explore the critical role of threat intelligence in shaping effective hunting strategies and the essential skills needed to build a successful threat hunting team. Tune in for valuable insights on enhancing your cybersecurity posture!

Topics discussed:

Threat hunting as applying the scientific method, starting with hypotheses instead of relying solely on alerts.

The importance of threat intelligence as a foundational element for effective threat hunting and proactive defense strategies.

Key skills for threat hunters include technical knowledge, creativity, and the ability to reassess and redefine problem statements.

A hybrid approach to data analysis is recommended, utilizing both network and endpoint data for comprehensive threat visibility.

The challenges of measuring threat hunting effectiveness, and suggestions for metrics like defenses created and impact on adversaries.

Key Takeaways:

Explore veteran programs to facilitate career transitions into cybersecurity, leveraging the unique skills and experiences of military personnel.

Adopt the scientific method in threat hunting by formulating hypotheses before analyzing data, ensuring a structured approach to investigations.

Utilize threat intelligence to inform your threat hunting strategies, focusing on real-world adversary behaviors and techniques relevant to your organization.

Encourage creativity within your team by identifying individuals with a "MacGyver Drive" who can think outside the box to solve complex problems.

Implement a hybrid data analysis approach by integrating both network and endpoint data to gain comprehensive visibility into potential threats.

Define clear boundaries between threat hunting, incident response, and red teaming to maintain focus and effectiveness in each discipline.

Measure the effectiveness of your threat hunting program by tracking metrics such as defenses created and the impact on adversaries.

Foster a culture of continuous learning within your threat hunting team to enhance skills and adapt to evolving cybersecurity challenges.

Leverage tools like graph databases to analyze relationships between threats and improve the precision of your hunting efforts.

Challenge your team to reassess problem statements regularly, ensuring they are asking the right questions to drive effective threat hunting.

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Future of Threat Intelligence

By Team Cymru

4.5

1111 ratings

November 08, 2024

T. Rowe Price’s Matthew Winters on Threat Hunting as the Scientific Method

Listen Later

19 minutes

In our latest episode of the Future of Threat Intelligence podcast, David speaks with Matthew Winters, Lead Threat Hunter at T. Rowe Price. Matthew shares his unconventional journey into cybersecurity, highlighting the importance of soft skills and creativity in threat hunting that he has picked up along the way.

He explains that threat hunting is akin to applying the scientific method to networks, starting with hypotheses rather than alerts. Matthew and David also explore the critical role of threat intelligence in shaping effective hunting strategies and the essential skills needed to build a successful threat hunting team. Tune in for valuable insights on enhancing your cybersecurity posture!

Topics discussed:

Threat hunting as applying the scientific method, starting with hypotheses instead of relying solely on alerts.

The importance of threat intelligence as a foundational element for effective threat hunting and proactive defense strategies.

Key skills for threat hunters include technical knowledge, creativity, and the ability to reassess and redefine problem statements.

A hybrid approach to data analysis is recommended, utilizing both network and endpoint data for comprehensive threat visibility.

The challenges of measuring threat hunting effectiveness, and suggestions for metrics like defenses created and impact on adversaries.

Key Takeaways:

Explore veteran programs to facilitate career transitions into cybersecurity, leveraging the unique skills and experiences of military personnel.

Adopt the scientific method in threat hunting by formulating hypotheses before analyzing data, ensuring a structured approach to investigations.

Utilize threat intelligence to inform your threat hunting strategies, focusing on real-world adversary behaviors and techniques relevant to your organization.

Encourage creativity within your team by identifying individuals with a "MacGyver Drive" who can think outside the box to solve complex problems.

Implement a hybrid data analysis approach by integrating both network and endpoint data to gain comprehensive visibility into potential threats.

Define clear boundaries between threat hunting, incident response, and red teaming to maintain focus and effectiveness in each discipline.

Measure the effectiveness of your threat hunting program by tracking metrics such as defenses created and the impact on adversaries.

Foster a culture of continuous learning within your threat hunting team to enhance skills and adapt to evolving cybersecurity challenges.

Leverage tools like graph databases to analyze relationships between threats and improve the precision of your hunting efforts.

Challenge your team to reassess problem statements regularly, ensuring they are asking the right questions to drive effective threat hunting.

...more

More shows like Future of Threat Intelligence

Global News Podcast by BBC World Service

Global News Podcast

7,710 Listeners

WSJ What’s News by The Wall Street Journal

WSJ What’s News

4,357 Listeners

WSJ Tech News Briefing by The Wall Street Journal

WSJ Tech News Briefing

1,637 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

637 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,023 Listeners

The Daily by The New York Times

The Daily

112,427 Listeners

Click Here by Recorded Future News

Click Here

415 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

8,013 Listeners

Talkin' About [Infosec] News, Powered by Black Hills Information Security by Black Hills Information Security

Talkin' About [Infosec] News, Powered by Black Hills Information Security

94 Listeners

True Spies: Espionage | Investigation | Crime | Murder | Detective | Politics by SPYSCAPE

True Spies: Espionage | Investigation | Crime | Murder | Detective | Politics

1,963 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

137 Listeners

Security Matters by CyberArk

Security Matters

22 Listeners

Bloomberg Tech by Bloomberg

Bloomberg Tech

60 Listeners

Microsoft Threat Intelligence Podcast by Microsoft

Microsoft Threat Intelligence Podcast

22 Listeners

Better Offline by Cool Zone Media and iHeartPodcasts

Better Offline

548 Listeners