Samanthan Hill

Topic

Cyberspace Vigilante or Security Sleuth: Understanding the Threat Hunter Persona

Department of Computer Engineering

Date & location

• Tuesday, August 27, 2024

• 10:00 A.M.

• Engineering Computer Science Building

• Room 555

Reviewers

Supervisory Committee

• Dr. Margaret-Anne Storey, Department of Computer Science, University of Victoria (Supervisor)

• Dr. Yvonne Coady, Department of Computer Science, UVic (Member) 

External Examiner

• Dr. Issa Traoré, Department of Electrical and Computer Engineering, University of Victoria 

Chair of Oral Examination

• Dr. Sarah Macoun, Department of Psychology, UVic

   

Abstract

Threat hunters are essential to the cybersecurity. Anticipating, identifying, and intercepting potential threats makes threat hunters an indispensable part of an organization’s security strategy. Though essential, the human aspects of threat hunting are often overlooked, leaving threat hunters to face difficult challenges in an intense

environment. Through a qualitative study, involving interviews with 20 threat hunters, I aimed to better understand who threat hunters are, how they work, and the challenges they face. I identified 17 key dimensions of threat hunters and constructed four unique threat hunter personas that capture the lived experiences of threat hunters. I discuss the findings in the context of the literature, the implications of the novel findings, the adaptability the threat hunting role in response to an evolving threat landscape, the utility and drawbacks of personas for supporting threat hunters, and recommend directions for future work. By providing a comprehensive understanding of the human aspects of threat hunting and humanizing the role, this research lays the foundation for the design of user-centered support tools that will ultimately improve the well-being of threat hunters and cybersecurity strategies as a whole.