My own research methods are a tad different to normal research methods,
My approach is normally on finding new types of adware/malware/trojens.
On a daily basis I often stumble across malware while searching across perfectly normal sites, social media pages and server logs. Once you discover a potential threat on sites use checkers such as Virustotal, Malwr.com and urlquery to try and see if the threat has been actively scanned upon. If they are and vendors are proactively blocking the files in question you can move onto the next case, however if they arn't then it's time to talk to the community, provide your evidence to them including the MD5 hashes (so these can be looked up files for verification, an MD5 Hash is a digital finger print of a file.)
Some advice i can offer (still pretty new at searching for APTs)
Start to get to know research toolkits. WinHex can do wonders for in-depth forensics analysis of files at the Binary level, Open forensics toolkits such as the TSK Autopsy Kit.
Start to learn Linux/Unix systems, Ubuntu is a good/safe operating system to do checks behind with cuckosandbox. I would recommend running rkhunter on the system after you have done any tests inside a virtual computer. Normally a good VM for malware analysis is Oracle Virtualbox (free to download)
Start to read information security news sources (Darkreading is an excellent place to get information about emerging threats.)
Look into active malware hunting communities, Project Honeypot is a great example of communities across the world working together to discover malware.
Start to read books on coding, A good first language to learn is Python, Then move up to C#/.NET (which is becoming open source shortly so the demand for C# researchers will come in handy).
Finally Remember with great power comes great responsablity!
Not sure if this helped, if it did awesome!