Threat Hunting Management Workshop: Rethinking Priority

Threat hunting prioritization is fundamentally different from how alerts, incidents, or intelligence are prioritized. It is not about selecting the most severe threat. It is about identifying where visibility is weakest, where detection coverage is incomplete, and where unknown risk may exist.

On March 18, 2026, Scott Poley will outline a structured approach to managing threat hunting as a discovery-driven capability that strengthens the broader security program. This session will cover:

• Why threat hunting priority differs from SOC, intelligence, and detection engineering models
• How prioritization often becomes clearer after execution, not before
• The difference between actor-focused and technique-focused hunting strategies
• How hunting improves detection engineering, telemetry coverage, and architectural maturity
• How structured hunt management enables measurable coverage tracking, gap identification, and program growth

Threat hunting creates value beyond finding threats. When managed systematically, it becomes a force multiplier that improves detection quality, validates exposure to emerging risks, and demonstrates measurable risk reduction to leadership. This session will provide a management-level framework for building a hunting program that compounds security capability over time.

Certification and Resources

Attendees will leave with strategies to position threat hunting as more than a security function and to build momentum for programs that support both organizational resilience and business goals. Those who complete the workshop and final challenge will also earn a certification from Intel 471's Threat Hunting Management Program, which they can display on social media as recognition of their accomplishment.