HAPPY THREAT HUNTING
Musings on building a kickass threat hunting program
READING LIST
Technical
I got lucky. I got to learn from some of the best, including Pepe and Luttgens. This book is filled with examples of evidence across platforms and does a great job of not focusing on any technology. Whether alerting, hunting, or doing IR the details of digital evidence are the same. It remains my go to book for those looking to get into the field.
Round out your knowledge of investigating by extending beyond what the filesystem has to offer. This can be a rich source for hunting since you aren't stuck looking for what happened some 200 days ago, but what might be happening right now in your environment.
When you have the chance to learn from someone as smart as Siko, you take it. While most hunting sees itself as looking for attackers and not malware, it is a tool that is used for persistence by the attacker, so you have to understand it. This book does a good job of making malware analysis approachable.
Lacking moderns tools to aid you in a quick response? This manual provides methods to get the data you need and also can be used to get some perspective on what living off the land might look like for internal recon.
Want to know what attacker commands look like and what to look for when hunting or detecting? This manual is a good start for those without frontline experience.
Leadership
I am a pretty avid Ted Talk watcher and I first stumbled on Simon Sinek from his talk "How great leaders inspire action". Since then I have read all of his books. He has given me a language I can use to talk to others in my organization about being good leaders without it sounding "soft" coming from a female.
I had an old boss give me this book and while it is intense, the premise about understanding the true burden of being a leader rings truer because of it. Highly recommend the audio version of this book.
I struggle with the line of leadership and wanting so badly to remain a doer. Amy Jen Su did a great job of helping me find a way to prioritize. Part of my "personal operating system" to repurpose her phrase. I often use her quadrant to determine what to work on both at home and at work.
Building a Kickass Team
I have an amazing mother. She instilled upon me the lesson from Bambi, "If you don't have anything nice to say, don't say anything at all." Now if anyone needed to hear this growing up, it was me. The advice served me well, when I decided to follow it, but it took Kim Scott's book to get me to understand that as a boss, saying the things that weren't nice was now my responsibility. She gave me a language I could use to help my team become their best.
Building an elite team can land you with many experienced members. As a leader of that team, you will need to make sure they know when to rely on their experience and when to pry and dig deeper. This book explores using thinking fast and thinking slow and when to use these to your advantage.
The greatest strength you can give your team is a growth mindset. Give them the space to fail and learn. Teach them how to think of failure in terms of just not getting it right... yet. Everyone can improve.