2023 Survey Event | Threat Hunting: Focusing on the Hunters and How Best to Support Them

2023_04_WB_SANS Threat Hunting Survey Focusing on the Hunters ON-DEMAND


As vendors develop new software or tools for threat hunting, we need to remember that threat hunting is predominantly a human-based activity in looking for incidents that our automated tools have not yet found, or cannot yet detect.

This year, our survey will focus on the hunters themselves and how their organizations support threat hunting. Are hunters asked to complete multiple tasks at once? How much focus is given to threat hunting compared with other cybersecurity tasks?

We look further at the skills that threat hunters must hone as they are just starting out and to skillsets of those who have been hunting for many years. We again will compare year-on-year trends to see how organizations have shifted their perspectives on threat hunting.

Watch the recorded webinar

John Gamble - image


John Gamble

Director of Product Marketing, Corelight

John Gamble is Director of Product Marketing at Corelight and has spent more than a decade in the data protection industry representing cybersecurity, privacy and identity verification solutions, including his most recent role as Director of Product Marketing at Lookout, a mobile endpoint security company.

Mathias Fuchs - image


Mathias Fuchs

Head of Investigation & Intelligence, InfoGuard AG

"Renaissance man" may be the most fitting description of SANS instructor Mathias Fuchs, who is the Head of Investigation & Intelligence at the Swiss firm InfoGuard AG as well as a volunteer paramedic and a pilot. Mathias began his career teaching Linux administration and general IT security and quickly moved into penetration testing and red teaming. 

Chris Hall - image


Chris Hall

Cloud Security Researcher, Lacework

Chris is a Security Researcher with 20 years of combined experience in both intelligence analysis and cybersecurity. Prior to joining Lacework, Chris worked as a defense contractor for NSA and Cyber Command before co-founding a threat-intelligence startup in 2013. Chris specializes in reverse engineering malware, threat hunting, and the development of intelligence-collection capabilities.

Josh Lemon - image


Josh Lemon

Managed Detection and Response Team Director, Uptycs

Today, as Director of the global Managed Detection and Response team at Uptycs, Josh helps to protect some of the largest international brands from cyberattacks. In addition to his role at Uptycs, Josh also works as an independent digital forensics and incident response expert in Australia, providing advice to legal, government, and commercial clients.

Stephen Morrow - image


Stephen Morrow

Global Vice President of Solution Engineering, Devo

Stephen Morrow is the Global Vice President of Solution Engineering for Devo leading a passionate team of security professionals to address the challenges in the industry.  He has worked in the technology field for over 20 years in several disciplines of which security is his current passion focus. 


Corelight provides security teams with network evidence so they can protect the world's most critical organizations and companies.