Wow, it’s hard to believe that October is almost around the corner.  With all of the craziness that we have gone through so far this year, it is hard to believe that the time has gone by so fast.  It truly will be interesting to see what Q4 hold for all of us, especially in the way of another COVID19 stimulus bill and the Presidential Election that is coming up soon. 

But one thing for sure is that the Cyber Landscape will still keep getting more dynamic and crazier than ever before.

One way that it is doing so is not so much in the threat variants that are coming out, but also in the trends that are happening.  One big one that is constantly reappearing over and over again in the news headlines is that of the severe shortage of Cybersecurity workers.  I have written about this before not just for this blog site, but for other clients as well.

The bottom line is that there are skilled workers out there . . . the problem is that Corporate America only wants seasoned professionals, not newbies.  We will elaborate this point in a future blog posting.  But, if you ever peruse the openings through any job board, you will see many of them are for Cyber analysts, Threat Hunters, Pen Testers, etc. 

But there is one title which most people probably have never even heard of before, and it is that of the Threat Researcher.

What exactly does a Threat Researcher do?  Well, it can involve a wide range of duties, depending upon the breadth and experience of the IT Security Team in general.  But these individuals are primarily tasked in researching the new variants that are lurking on the horizon, and what their potential impact could be if they are not mitigated and contained on time. 

Of course, one of their other responsibilities is to also examine in greater detail just how the new variants actually came about, and if there are other vectors that can originate from them as well.

This individual could also be involved with protective duties as well, and helping to make sure that the company they work for are in compliance with the GDPR, CCPA, HIPAA, etc.  Becoming a Threat Researcher takes a very unique skillset.  It is one that requires persistence, and most of all, inquisitiveness. 

You have to possess the ability to critically think, and as the role implies, be able to conduct research at very deep levels.  Although having a scientific background would be helpful in this instance, your formal education type does not really matter – as long as you can do the needed research and have the ability to communicate your findings to your superiors.

But with the way the world is going, the Threat Researcher also has to have other important skills as they do their jobs.  Here is a breakdown of some them:

*Think about the image of your company:

The world of a Threat Researcher often connotates a person that is locked in a dark room all day, looking at various computer screens.  While this may be true in the movies, this is actually far from the reality.  Many Threat Researchers are now interacting more with the IT Security team hand in hand, especially as they tackle the Remote Workforce issues.  But they still have the tendency to be loners, and think in only certain ways, which is the logical one (for lack of a better term, thinking like a Vulcan from Star Trek). But the Threat Researcher of today needs to think much more in macro terms.  For example, instead of just thinking how a certain threat variant will impact the lines of defense, what will it also mean to the business in general?  For example, what could the potential impact be to brand reputation and customers?  In other words, as you present your findings to the higher ups, not only should you be able to communicate the technical things, but the business side of things as well.  That is what will resonate more with management and get your team that boost in the budget which is needed so badly these days.  Although you might be doing it already for your job, also try to spend some more time on the Dark Web and determine where all of those heisted Personal Identifiable Information (PII) datasets go.  This is yet another huge topic in today’s Cyber headlines.  Also in this regard, try to cultivate personal relationships with other colleagues in your company outside of your team.  Use this to get an idea of how their current level of Cyber Hygiene, in order to guide your research from the “Human Factors” approach.

*Think like a Cyberattacker:

The thinking here is that this mindset is often left to the Penetration Tester and the Threat Hunter.  After all, these are the individuals and the teams that have to take this kind of thinking, because they are the ones that are breaking down the walls of defenses of any given business (of course, in a legal and ethical way) in order to find the unknown vulnerabilities which may exist.  But as a Threat Researcher, you also need to take this kind of mindset as well.  For example, instead of thinking in black and white terms, and using a linear based methodology, take a more outside of the box approach, and think just how like the actual Cyberattacker would.  For example, what targets are your profiling, how will you gain entry, and what is your ultimate goal?  By thinking like how a Cyberattacker would, you will be able to give a much more, real world approach to your findings, which is something that the C-Suite will understand much better as well.  And because of that, there is a good chance that your IT Security Team will get the approval that they need to get the tools and technologies that are on the wish list.  In other words, take a macro-based approach in your thinking, and your findings.  Remember, a threat variant also has social implications as well, which can be far more impacting.

*Don’t get bogged down in the detail:

Researching where a threat variant comes from (determining its origin) and determining where it is going to land at takes not only a lot time, but a lot of data as well.  In this regard, one of the prime data sources that you will use to build up the profile of a threat vector are the alerts and warnings that come through your network security devices (such as the firewalls, network intrusion devices, routers, etc.).  Many of these happen to be false positives and combing through all of them can be cause a huge nightmare for just anybody which is also known as “Alert Fatigue”.  In order to help you to further optimize your research, you should seriously consider making use of AI and ML tools so that only the real warnings and alarms are presented to you, so you do not have to sift through all of the other “crap” (for lack of a better term) which comes through. 

My Thoughts On This

Well there you have it, some tips on how to further sharpen your skills as a Cyber Threat Researcher.  Of course, these traits can be used by just about any other Cybersecurity job title as well.  But with everybody WFH and the anxieties that still persist from it, you need to be able to understand both the business and psychological impacts as well.

Just given how interconnected everything is, you need to have both skillsets:  The quantitative and the qualitative.