Scott Poley and Tom Kostura are joined by Ben McGavin, Threat Hunting Team Lead at RSM Defense, and Justin Dolgos, Senior Threat Hunter at RSM Defense, for a conversation on what it takes to build and run a threat hunting program inside an MSSP.



They walk through how their team prioritizes hunts, manages detection logic across multi-tenant environments, and scales their approach through SoC collaboration and hypothesis-driven routines. Ben shares how the program was built from scratch, and Justin breaks down the lessons learned moving from alert triage into full-time threat hunting. They also cover tooling gaps, visibility challenges, and how custom detections have become a key success metric for their team.



This episode offers practical insight from two hunters operating at the heart of a fast-moving MSSP environment.



Watch this podcast on YouTube here: https://youtu.be/YQtmMomoUbU



----------



Stay in Touch!

Twitter: https://twitter.com/Intel471Inc

LinkedIn: https://www.linkedin.com/company/intel-471/

YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg

Discord: https://discord.gg/DR4mcW4zBr

Facebook: https://www.facebook.com/Intel471Inc/