What does it really take to bring threat hunting to your organization?

For as long as I can remember, I've loved to find ways to create order and simplicity. Happy Threat Hunting allows me to ideate on operationalizing blue teams, and I love having the chance to share my passions with the infosec community. Explore my musings, and enjoy.

Please reload


Please reload


Please reload

Recent Posts

March 8, 2018

Dear Cybersecurity Vendors,

Thank you for the information, technology and services you provide. I appreciate all your efforts to bring us the latest and greatest and to make my team better defenders. This letter comes from this place of gratitude, even if it comes acros...

November 11, 2017

"People make themselves appear ridiculous when they are trying to know obscure things before they know themselves." (Phaedrus, Plato)

I originally wrote most of this post as the first post I was going to write, but I got so excited about the models that I published that...

November 8, 2017

I recently watched the Vice News Tonight hour long show on the Paradise Papers. If you have HBO I highly recommend you give your time to this episode. If you don't have HBO, maybe try one of those free trials and still give it a try and then binge watch Game of Thrones...

October 29, 2017

After talking about scaling a hunt team with the concept of "Pack Hunting" in my last post, now I want to approach a topic that has been weighing on my mind as the year comes to a close.

How do I build a kickass hunt program? And how would I know if I did?

Admittedly, th...

October 9, 2017

I have been busy celebrating weddings with families and friends for a few weekends, but I am back with the latest hurdle in program building - scalability. I haven't stopped working on the hunt analytic repo, but I have switched to playing in AWS DynamoDB.


September 3, 2017

In my first post I went over some threat hunting models. For the R&D hunts, I mentioned that it would require every hunt to be cataloged. Then I started to try to create the outcome document from an R&D Hunt to share it with everyone and ran into a terminology roadbloc...

August 26, 2017

Thanks everyone for the encouraging comments on my first post and for taking the time to let me know it helped you out! 😁  Now for the next edition.

Hunting is a form of detection. It's not monitoring, but it is detection. So let's take a quick look at creating a...

August 19, 2017

A successful threat hunting program can't be a black box to the organization. The expense of such elite programs demand executives easily comprehend the value to the organization. Of course, as the program develops, executive comprehension alone will not suffice and me...

Please reload

Virginia, USA

©2017 by Happy Threat Hunting.  

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.