Over the past decade, I’ve had the privilege of working across the threat hunting landscape - from endpoint security at Carbon Black to cloud security at AWS. Here’s what I’ve learned about the evolution of threat hunting.

The Journey

My threat hunting journey began in traditional endpoint security, where we focused on:

  • Behavioral analysis of malware
  • Lateral movement detection
  • Ransomware investigation techniques

Key Publications & Research

Some highlights from my research and writing:

Co-Authored Huntpedia

The Huntpedia serves as a comprehensive guide for threat hunters, covering methodologies and best practices I’ve developed over years of hands-on experience.

Carbon Black Blog Series

During my time at Carbon Black, I authored numerous articles on:

  • Ransomware analysis and mitigation
  • Point-of-sale malware investigations
  • Bitcoin mining malware detection
  • SSL/TLS security considerations

Speaking at Scale

From local meetups to international conferences like DerbyCon and SANS summits, I’ve shared insights on:

  • Lateral Movement Detection - My DerbyCon 2017 presentation on hunting for lateral movement
  • Cloud Threat Hunting - Adapting traditional hunting techniques for cloud environments
  • Security Testing - “Doing Bad Things for Good Reasons” at SANS CloudSecNext

The Cloud Evolution

Moving to AWS has opened new frontiers in threat hunting:

  • Cloud-native detection techniques
  • Serverless security considerations
  • API-driven security automation

What’s Next

The field continues to evolve with AI/ML integration and cloud-first architectures. Stay tuned for more insights on these emerging areas.

Want to discuss threat hunting strategies? Reach out - I’m always happy to share knowledge with fellow security practitioners.