Today's featured interview is with Lewie Wilkinson, senior integration engineer at Pondurance. Pondurance helps customers improve their security posture by providing a managed threat hunting and response solution, including a 24/7 SOC. Lewie joined me via Skype to talk a lot about a topic I'm fascinated with: incident response! I had a slew of questions and topics I wanted to discuss, including:

  • Fundamentals of threat hunting

  • What is threat hunting?

  • What are the fundamentals to start mastering?

  • How can someone start developing the core skills to get good at it?

  • How can sysadmins/network admin, who have a busy enough time already just keeping the digital lights on, handle the mounting pressure to also shoulder security responsibilities as part of their job duties?

  • What training/cert options are good to build skills in threat hunting?

  • Lets say you know one of your users has clicked something icky and you suspect compromised machine/creds. You pull the machine off the network and rebuild it. How do you know that you've found/limited the extent of the damage?

  • Are attackers on networks typically wiping logs on systems as the bounce around laterally?

  • Anything to add to the low-hanging hacker fruit list?

  • Why is it so critical to not just have logs, but have verbose logs with rich data you need in an investigation?

  • When does it make sense to outsource some security responsibilities to a third party?

Learn more about Pondurance at their Web site and Twitter.