Offered a threat hunting job - double my salary but ...

CyberCop123CyberCop123 Posts: 274Member ■■■■□□□□□□
I've been offered a job as a Threat Hunting manager ... it's a new team in a very big company which is based in 8 countries. There will be about 4-5 people under me.

Im really worried I may be under qualified. Mainly as:

- I've never used any SIEM tools
- never worked in any soc environment
- never worked as a threat hunter
- never done malware analysis other than some basic stuff in my own time

my experience is within digital forensics and incident response.

The job description does say other stuff like Python which I've used a fair bit, forensics which I have done, some pen testing (I have oscp but never used these skills outside of labs).

Am i just lacking confidence?
Or am I setting myself for failure?
My Aims
2017: OSCP -
2018: CISSP -

Possible Others: OSCE, MCSA, CCNA, CISM


  • PCTechLincPCTechLinc Senior Member King City, CAPosts: 541Member ■■■■□□□□□□
    It is quite possible that you are short-changing your skillset based on your self evaluation. What I always go back to is comparing my skills to the job description, and if I have been completely honest with the company about the skills I have. If I tell them what I CAN do and what I CANNOT do but can learn and they STILL offer me the position, then I don't see a problem.
    Master of Business Administration in Information Technology Management - Western Governors University
    Master of Science in Information Security and Assurance - Western Governors University
    Bachelor of Science in Network Administration - Western Governors University
    Associate of Applied Science x4 - Heald College
  • TLeTourneauTLeTourneau Posts: 613Member
    There was a reason they offered you the position. If you were straight forth with your CV and interviews I would trust that they want you. Also, a management position contains more, well, management and that may be a reason you were selected.
    Thanks, Tom

    B.S: IT - Network Design & Management
    M.S. - CSIA (Started 3/1/2017)Progress T1: C688, JIT2; T2:TFT2, C700, VLT2; T3: C701, C702; T4: C706, FXT2, LQT2
    Black = Not Started, Blue = In Progress, Red = Complete
  • DatabaseHeadDatabaseHead Posts: 2,285Member ■■■■■■■■□□
    That's the best part of IT, is the gaps and trying to make them up. I have never felt comfortable transitioning to a new role, and quite frankly I like that. Get's me going.....

    My first database job I was a complete joke.... I thought I was going to get fired, come COLA time I got a 5.5% for my effort and how fast I grew. Like others have mentioned if you were honest, you are fine.

    You'll be fine.....
  • gespensterngespenstern Posts: 1,243Member ■■■■■■■□□□
    Just accept the offer.
  • mikey88mikey88 Senior Member USAPosts: 294Member ■■■□□□□□□□
    "If you think you can or if you think you can't, you're probably right".
    Certs: CySA+, Security+, Network+ | 2018 Goals: CISSP

  • josephandrejosephandre Posts: 314Member ■■■■□□□□□□
    literally the only part of that that sounds like it will be remotely challenging is the malware analysis part, and that will come with exposure and time.

    take it, enjoy the first few months of getting comfortable and congrats on your efforts bearing fruit.
  • UnixGuyUnixGuy Are we having fun yet? Posts: 3,823Mod Mod
    It will take some time to catch up with the SIEM tool they use but it's not super challenging really. You said it's a multi-national company, so you'll probably have a chance to work with your colleagues on some of the problems initially just to get your hands wet.

    Take it and learn as you go, you have OSCP, Digital forensics, incident response, you're not a beginner
    Goal: MBA, March 2020
  • volfkhatvolfkhat Posts: 944Member ■■■■■■■□□□
    mikey88 wrote: »
    "If you think you can or if you think you can't, you're probably right".

    ^^ Yep

    ^^ or maybe this :P
  • NotHackingYouNotHackingYou Posts: 1,452Member ■■■■■■■■□□
    Take the gig!
    When you go the extra mile, there's no traffic.
  • LionelTeoLionelTeo Posts: 509Member ■■■■■■□□□□
    I can see why you feel that you wouldn't be able to do it due to your background. What is the impression of the culture of the new firm? The culture is more important as your hiring manager should understand the situation with your background and give you time to pick it up. Secondly, why do you think that they hire you over other candidates? I think it is necessary for you to evaluate this, there may be rare cases whereby the manager purposely hires a wrong candidate due to competition reasons, deliberately setting up the department to fail so to secure jobs for their own department.

    After considering the culture and the hiring reason, you should prepare for the move to the new team. You shouldn't worry threathunting or technical aspects of the work. As a manager, you should be thinking about ideas and asking for feedbacks from people under you. Think of ways to ask for advice from the team, engage with them and help build the culture with constant communication and casual chats. People come to work for a living, getting them into casual conversations before and after any serious discussion can help to bring up the culture. Try to rethink the approach as in driving up the culture and how you will be getting the best ideas to drive threathunting. Lots of googling for threathunt frameworks help. Communicate the idea with the team and move forward with the best one.
  • E Double UE Double U Posts: 1,467Member ■■■■■■■□□□

    Am i just lacking confidence?
    Or am I setting myself for failure?

    Both, but I think you should still do it icon_smile.gif
    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • McxRisleyMcxRisley Eye of Barad-dûr Posts: 435Member ■■■■□□□□□□
    Stop second guessing yourself, you never will get anywhere by doing that. In fact, you are already the best threat hunting manager that company has ever seen, hell, maybe even in the entire world ( see what I did there). Man up, embrace the challenge and profit.
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
Sign In or Register to comment.