Detection at Scale

In this episode, Jack Naglieri speaks to Jeff Bollinger, Director of Incident Response and Detection Engineering at LinkedIn, who shares valuable insights on his journey in security, key technological shifts he's witnessed, and his approach to threat intelligence, incident response, and monitoring. Jeff highlights the importance of contextual understanding in security operations and emphasized the critical role of human intuition, adaptability, and creativity in addressing security challenges. He also discussed the need for a balanced team with diverse skill sets and his views on the evolving role of AI in security operations. Topics discussed:

In this episode, Jack Naglieri speaks to Josh Liburdi, Staff Security Engineer at Brex. Josh explains the process of developing their new security data pipeline toolkit, Substation and how it has been working. He also discusses the importance of quality data, highlighting the impact of data transformation. Josh also shares his insights on the value of human analysis in SecOps and modern incident response strategies, from handling alerts to understanding program gaps. Topics discussed:

On this week's episode of the Detection at Scale podcast, Jack talks with Matthew Valites, Director of Threat Detection & Operational Strategy at SAP. They discuss which threat detection approach works the best, what metrics Matthew uses to gauge his programs, and why Matthew is a proponent of using detection as code. Matthew also looks to the future and gives his prediction on what role technology such as GenAI will play in the security landscape. They close out their conversation with some actionable lessons from Matthew's book, Crafting the Infosec Playbook. Topics discussed:

On this week's episode of the Detection at Scale podcast, Jack talks with Justin Anderson, Security Engineering Manager, Detection & Response at Meta. They discuss how Meta has built its detection engineering program, how it treats detection-as-code like software, and how it gauges risk by assessing the TTPs applicable to the environment. They also talk about where AI is able to help out in development, the greater need for engineering and investigation skills, and three things to remember when building a security program. Topics discussed:

On this week's episode of the Detection at Scale podcast, Jack talks with Justin Anderson, Security Engineering Manager, Detection & Response at Meta. They discuss how Meta has built its detection engineering program, how it treats detection-as-code like software, and how it gauges risk by assessing the TTPs applicable to the environment. They also talk about where AI is able to help out in development, the greater need for engineering and investigation skills, and three things to remember when building a security program. Topics discussed:

On this week's episode of the Detection at Scale podcast, Jack talks with Charles Anderson, Director, Global SOC at Sony. They discuss better approaches to risk-based alerting that leverage metadata, how they fine tune detections across a global organization, and what factors to use when determining thresholds. They also talk about how to use Time to Detect to improve your strategies, how LLMs can help with baseline detection, and why it's key to not lose sight of risk in pursuit of threat. Topics discussed:

On this week's episode of the Detection at Scale podcast, Jack talks with Jason Craig, Director - Threat Detection & Response at Remitly. They discuss the common TTPs of threat actors and how organizations can better protect against them by adopting hardware-backed authentication, a risk-based approach to logging, and building their threat modeling. They also talk about why organizations should move away from cellular MFA, the need for more behavioral profiling, and advice for security professionals. Topics discussed:

On this week's episode of the Detection at Scale podcast, Jack talks with Drew Gatchell, Director, Detection Engineering at AppOmni. They discuss how to overcome the challenges to detection on SaaS platforms and how they're building strategies upon alerting and detection frameworks. They also talk about how generative AI can help with normalizing inputs, the benefits of data lakes for D&R, and why it's key to have a measurable plan for detection. Topics discussed:

On this week's episode of the Detection at Scale podcast, Jack talks with Emanueal Mulatu, Senior Engineering Manager - Detection & Response at Block. Together, they discuss what success means in security, the most rewarding things about security, and how to address and prevent one of the biggest challenges today: burnout. They also talk about ways to increase productivity through automation, the potential for AI and large language models, and why creating a great workplace starts with a healthy work-life balance. Topics discussed:

On this week's episode of the Detection at Scale podcast, Jack talks with Dr. Anton Chuvakin, Senior Security Staff at the Office of the CISO at Google Cloud. They dig deeper into the conversation taking place online around decoupled SIEMs, which both Jack and Anton wrote about. They discuss what a decoupled SIEM is, the evolution of data platforms and security capabilities, if decoupled SIEMs will work broadly with current customer demands, and if having backend data lakes is the best solution for fast, real-time querying. Topics discussed: Resources Mention: Decoupled SIEM: Brilliant or Stupid?The Transition from Monolithic SIEMs to Data Lakes for Security Monitoring

On this week's episode of the Detection at Scale podcast, Jack talks with Dhruv Majumdar, Director, Cyber Risk & Advisory at Deloitte. They discuss common challenges when transitioning from a traditional SOC to a detection and response program, what questions to ask when building a threat modeling strategy, and the benefits data lakes can unlock for D&R. They also talk about how LLMs are helping detect exfiltration and –the need for security controls, policies, and good partnerships. Topics discussed:

On this week's episode of the Detection at Scale podcast, Jack talks with Anton Chuvakin, Security Advisor at the Office of the CISO at Google Cloud, and Timothy Peacock, Senior Product Manager at Google. Together, they discuss some of the needs and trends in cybersecurity today, including how to know what level of D&R your organization needs, the use cases for AI today, and how LLMs and SIEMs will handle data at scale. They also talk about the need for more creative solutions to misconfiguration management, three things security practitioners can do to improve cloud security, and why cybersecurity is the "most intellectually stimulating profession on the planet." Topics discussed:

In this episode, Jack speaks with David Seidman, Head of Detection and Response at Robinhood. David has worked for large tech companies like Google, Microsoft, and Salesforce in a variety of D&R roles. During this episode, David shares his tactical advice on how his team is building the pipes and engines of security at Robinhood, his top tools to improve fidelity of detections, and what he’s learned in his career that’s made him a better practitioner and leader. Topics discussed:

In this episode, Jack chats with Christopher Witter (aka Witter), Engineering Manager, Detection & Response at Spotify and a founding member and former lead for Crowdstrike’s Falcon OverWatch managed hunting service. Witter has nearly two decades of experience in incident response and information security, holding leadership roles on computer security and incident response teams (CSIRT) with both a top five global bank and a top ten defense contractor. During this episode, Witter shares his behind the scenes experiences helping build the Falcon Overwatch Team at Crowdstrike, why it’s critical to measure queries in seconds, not minutes, his tips on running highly effective D&R teams at scale, and more! Topics discussed:

In this episode, Jack Naglieri speaks to Kelly Jackson Higgins, Editor-in-Chief at Dark Reading. During the episode, they share their thoughts about how cyber threats have changed over the years. Topics discussed:

In this episode of the Detection at Scale, Jack speaks with Michael Hanley, Chief Security Officer and SVP of Engineering at GitHub. He also spent five years at Duo Security building their security program, and is passionate about making security easy and accessible for everyone. Topics include: Resources: LinkedIn

Adeel Saeed is VP of Technology Strategy and Execution Management at Kyndryl and is a former CISO/CIO at large financial services companies, aviation companies, and more. Adeel is an experienced technology strategist and digital transformation leader with extensive hands-on technology and information security management experience and has led multiple large-scale complex technology transformation projects. Topics include: Resources: Keep in touch with Adeel on LinkedIn: https://www.linkedin.com/in/adeelsaeed/

Chris Hodson is the CISO at Contentful, which helps digital teams assemble content and deliver experiences, faster. Prior to Contentful, Chris was at Zscaler and Tanium and also busy writing a book called Cyber Risk Management: Prioritize Threat, Identify Vulnerabilities, and Apply Controls. Chris builds and runs cybersecurity organizations that manage technology risks and helps product teams develop security solutions that work. As comfortable in the server room as the board room, he tailors cybersecurity strategy to organizational risk appetite and business objectives. Topics include: Resources: https://www.linkedin.com/in/christopherjhodson/?originalSubdomain=ukhttps://cybersecuritymattersdotblog.wordpress.com/my-books/https://www.enterprisedb.com/blog/4cs-security-model-kubernetes

Thomas Owen is CISO at Grafana and an advisor to startups who helped build the security team at Snyk and is especially excited about fostering conversations around ethics, sustainability, mental health, and inclusivity. A cloud-native, innovative and strategic security leader with a blend of people, policy and technical experience and a strong product affinity, Thomas and Jack discuss how to build a team from the ground up, the attributes of a modern security team, how to gauge value of security, and his advice for practitioners around basic hygiene. Topics include: Keep in touch with Thomas on LinkedIn: https://www.linkedin.com/in/thomas-rhys-owen/?originalSubdomain=uk

Mike Saxton is Technical Director of Defensive Cyber Operations at Booz Allen Hamilton. His primary focus is on implementing technical solutions to protect against vulnerabilities, exploit software or hardware, data threats and other emerging risks that may threaten critical system operations. Not only an endurance athlete and classically trained musician, Mike is a long time proponent of detections as code and in today's episode he and Jack discuss everything from getting started on your detection journey, to broader cloud security adoption, the use of open source in government, and more! Topics include: Keep in touch with Mike on LinkedIn at: https://www.linkedin.com/in/mikesaxton/