As Security Operations Centers (SOC) mature, the role of the analyst must evolve. Traditional alert triage and rule-based detection can’t keep pace with adversaries who exploit legitimate tools and blend into normal operations. Mature SOCs recognize that automation and technical controls should handle the routine freeing analysts to focus on proactive, hypothesis-driven threat hunting.
This presentation showcases the Newell Brands SOC’s journey to build a threat hunting program and create a culture that enables all members to participate in threat hunting. Learn about the threat hunting lifecycle from two real world case studies and the value added to an organization by proactively finding threats and visibility gaps, improving technical controls, and how these outputs can be captured to illustrate the progression from reactive defense to proactive detection.
Attendees will learn how to transition analysts from alert responders to threat hunters, develop repeatable hunt methodologies, and measure hunting’s impact on detection engineering and security posture. We’ll discuss practical approaches to automating repetitive work, documenting hunts for knowledge reuse, and fostering a mindset of continuous discovery.
By the end, participants will understand what building a culture of threat hunting means in practice and how empowering analysts to think like adversaries fundamentally strengthens the SOC.
