I think one of the most common questions that gets asked in our webinars, our fireside chats, and random emails that come in from up-and-coming threat hunters is “what kind of threat hunting certification is out there?” And it is a fair question. Whether you love it, or hate it, the cyber security industry is a bit obsessed with certificates, qualifications, and post-nomials. And with a growing field like threat hunting, having some level of qualification that “proves” you have the chops to be a threat hunter can often be a foot in the door for threat hunting positions. So, with that, I’ve sat down with some of our threat hunters and come up with some courses and certifications that new threat hunters can check out.
The Challenge with Threat Hunting
Before we jump into the list, one of the things that has ground my gears for the last few years is the near-total lack of formal threat hunting training. This isn’t to say that the industry cannot threat hunt without a formal qualification – certainly most threat hunters have leaned on their experience in digital forensics, security analysis, and incident response while learning on the job. However, the lack of formalization can have some negative consequences, such as extraordinarily loose definitions of what constitutes threat hunting, and what should be expected as a baseline of knowledge. The list of resources includes material that I believe best represents true threat hunting.
With that being said, let’s get after it…
Cyborg Security Workshops
Cost: FREE
I would of course be remiss to start a list of threat hunting certification and courses without first mentioning the Cyborg Security Threat Hunting Workshop series (Part 1 & Part 2). These are two full interactive workshops that allow threat hunters of all skill levels to learn the trade in a fan, safe, and immersive environment. Every student gets access to a full threat hunting environment, including tons of real-world data, and then our threat hunting instructors walk the participants through various threat hunting scenarios. All the participants also get exclusive access to the HUNTER platform where they can take the hunting content, they use during the webinars home with them to deploy in their SIEM, EDR, NDR, or XDR platforms.
But that’s not all!
Cyborg Security is also thrilled to launch our own Threat Hunting Certifications. For those participants that can finish the challenge at the end of our upcoming workshop, Persistence is Futile, they will be issued their own threat hunting credential (Persistence – Level 1) that they can post to their profile on social media!
SANS Courses
Cost: Pricey (check their website for the latest pricing)
Probably one of the most well-known cyber security training providers on the market is SANS, and for good reason. Their courses are normally some of the best in the industry (if also some of the priciest). Right now, SANS doesn’t have a specific stream for threat hunters, but they do offer two specific courses that introduce some of the fundamentals of threat hunting and build on that training: SANS FOR508 & FOR608. These courses are more focused on forensics and incident response, however the material they present proves invaluable in threat hunting.
SANS FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
This course covers several fundamental skills to forensics, incident response, and threat hunting, while also demonstrating to students how they can use information gained from forensics engagements or IR cases to hunt down adversaries.
SANS FOR608: Enterprise-Class Incident Response & Threat Hunting
SANS FOR608 builds on the concepts introduced in FOR508 but scales up the complexity of engagements to events occurring in enterprise-sized environments.
Black Hills Information Security
Cost: FREE
This next one isn’t really a certification or course, per se. However, Black Hills information Security has a few podcasts and webinars that cover interesting technical threat hunting material. The webinars cover basic threat hunting concepts, technical analysis of tools like CobaltStrike, and threat hunting using some open source software.
Active Countermeasures
Cost: FREE* (For the lab materials)
Active Countermeasures is a company that offers live threat hunting training courses. However, they also put most of their training material up on their website that allows curious folks to dive into the material on their own time. The material covers the basics of getting the lab environment stood up, some hunting methodology material, and network and endpoint hunting.
Black Hat Webcasts
I might be a bit biased on this webcast but Neil Wyler does one of the best jobs introducing the basic concepts of threat hunting while providing some practical threat hunting strategies. Now, for full disclosure, we sponsored the webcast, but we still think it has a lot of great unbiased information!
Hopefully this list gives you a few starting points to some threat hunting certification, courses, and materials!