Every other week, Spencer and his team put aside dedicated threat hunt time to work together to uncover anomalies on Threat Hunt Thursdays.
“We just all get in a room together and decide on a topic, and we try to not only learn about it, but see what could be wrong in our own environments regarding that topic,” he explains. They dig around and see what kinds of things could crawl out as they methodically kick over rocks in the system.
“My favorite thing is getting into the weeds on something,” says Spencer. “Some of my favorite things about my job are the threat hunting pieces where me and the team just really get into something, and it’s a puzzle. We’re trying to figure it out, and eventually we come to a conclusion [and understand] that this is what we should do.”