Today’s featured interview is with Lewie Wilkinson, senior integration engineer at Pondurance. Pondurance helps customers improve their security posture by providing a managed threat hunting and response solution, including a 24/7 SOC. Lewie joined me via Skype to talk a lot about a topic I’m fascinated with: incident response! I had a slew of questions and topics I wanted to discuss, including:

• Fundamentals of threat hunting

• What is threat hunting?

• What are the fundamentals to start mastering?

• How can someone start developing the core skills to get good at it?

• How can sysadmins/network admin, who have a busy enough time already just keeping the digital lights on, handle the mounting pressure to also shoulder security responsibilities as part of their job duties?

• What training/cert options are good to build skills in threat hunting?

• Lets say you know one of your users has clicked something icky and you suspect compromised machine/creds. You pull the machine off the network and rebuild it. How do you know that you’ve found/limited the extent of the damage?

• Are attackers on networks typically wiping logs on systems as the bounce around laterally?

• Anything to add to the low-hanging hacker fruit list?

• Why is it so critical to not just have logs, but have verbose logs with rich data you need in an investigation?

• When does it make sense to outsource some security responsibilities to a third party?

Learn more about Pondurance at their Web site and Twitter.