Detection at Scale

By Panther Labs

The Detection at Scale Podcast is dedicated to helping security practitioners and their teams succeed at managing and responding to threats at a modern, cloud scale.

Every episode is focused on acti... more

5

1010 ratings

Download on the App Store

Download on the App Store

Get it on Google Play

FAQs about Detection at Scale:

How many episodes does Detection at Scale have?

The podcast currently has 54 episodes available.

Detection at Scale episodes:

September 24, 2024Grammarly’s Thijn Bukkems on Working Backwards from Response Strategies
In this episode of Detection at Scale, Jack speaks to Thijn Bukkems, Threat Hunting Lead at Grammarly. Thijn shares his expertise on building a robust security intelligence program, emphasizing the importance of leveraging existing resources and adapting current tools to enhance threat detection.

Thijn discusses the value of working backwards from response strategies to design effective detection mechanisms. He also highlights the necessity of collaboration across teams, urging listeners to avoid silos in decision-making to uncover unexpected insights.

Topics discussed:
- The importance of utilizing current tools and knowledge, adapting them to enhance threat detection rather than starting from scratch.
The value of designing detection mechanisms by first understanding how to respond to potential threats, ensuring proactive preparedness.
The need to avoid silos in decision-making, as insights from various teams can lead to significant improvements in security measures.
The critical aspects of security intelligence, focusing on assessing risks and anticipating potential attacks.
The finite nature of security engineering time and the importance of prioritizing tasks effectively.
How internal threat modeling helps in identifying vulnerabilities and understanding potential attack vectors within the organization.
The balance between analytical research and production-ready work, including the need for code-oriented solutions in security.
The iterative process of collecting and analyzing data to answer broad security questions and develop actionable plans.
The role of automation in optimizing data collection and analysis, improving efficiency in addressing security concerns.
How the security intelligence team provides strategic insights to guide the business in prioritizing security efforts effectively.
Resources Mentioned:
- Thijn Bukkems on LinkedIn
...more
20min
September 04, 2024CRED’s Saksham Tushar on Data Enrichment for Effective Threat Detection
In this episode of Detection at Scale, Jack speaks with Saksham Tushar, Head of Security Operations & Threat Detection Engineering at CRED, about the challenges of compliance in a high-growth environment. Saksham shares their strategy for automating security processes and enriching data to enhance threat detection.
He emphasizes the importance of verifying automated outcomes to ensure accuracy. Saksham also covers how CRED uses Python libraries for efficient incident response and the significance of contextual understanding in security incidents. With a focus on streamlining compliance and leveraging intelligence, Saksham provides valuable insights into building a robust security operations framework in a rapidly evolving landscape.

Topics discussed:
- How CRED distilled complex compliance requirements into a manageable set of common standards to streamline processes.
The importance of correlating various log sources to create a comprehensive view of security incidents.
How automation has transformed security processes, making them more efficient and effective.
The use of threat intelligence and how it is centralized and automated to provide actionable insights for security teams.
The development of internal Python libraries that facilitate quick data queries for incident investigations.
The importance of understanding the context around security incidents to better inform responses and strategies.
How using notebooks for investigations aids in communication and auditing, allowing for clear documentation of processes.
How to organize a team to maintain agility while ensuring diverse skill sets are leveraged effectively.
The necessity of verifying automated processes to ensure they yield accurate and actionable outcomes.
Resources Mentioned:
- Saksham Tushar on LinkedIn
CRED website
...more
26min
August 20, 2024Netflix’s Dan Cao and Brex’s Josh Liburdi on Balancing Big Platforms and Bespoke Tools
In this special episode of Detection at Scale, Jack welcomes security experts Dan Cao, Engineering Manager of Security Incident and Response at Netflix, and returning guest Josh Liburdi, Staff Security Engineer at Brex. They discuss the rise of developer-centric security solutions and the ongoing balance between utilizing big platforms like CrowdStrike and bespoke tools — the build versus buy dilemma.
They highlight the importance of fundamental skills and critical thinking in security engineering, emphasizing the need for continual learning and adaptability. Dan and Josh also share insights on building effective security teams and the significance of mentorship and team culture in fostering innovation and resilience in an evolving tech landscape.

Topics discussed:
- The shift towards security operations and incident response that prioritize developer involvement and custom coding solutions.
How to effectively integrate large security platforms like Crowdstrike with tailored, in-house security tools.
The need for critical and abstract thinking skills in security engineering to solve complex problems.
Strategies for leveraging team strengths and addressing skill gaps to create robust security teams.
The role of mentorship and a positive team culture in fostering growth and innovation within security teams.
The importance of mastering the basics of technology and cybersecurity as a foundation for advanced problem-solving.
The need for security professionals to stay adaptable and continually update their skills in a rapidly evolving tech landscape.
The difficulties small security teams face when managing and integrating diverse security tools and platforms.
The effectiveness and limitations of using commercial security solutions for large and small organizations.
Resources Mentioned:
Dan Cao on LinkedIn
Josh Liburdi on LinkedIn
...more
41min
August 06, 2024ThoughtSpot’s Alessio Faiella on Building Forward-Looking Security Programs
In this episode of Detection at Scale, Jack speaks to Alessio Faiella, Director of Security Engineering & Security Operations at ThoughtSpot, to discuss building forward-looking security programs for 2024.
Alessio dives into the dynamic and ephemeral nature of modern security environments and the importance of understanding the nuances of the product and user base. He also highlights how ThoughtSpot leverages AI to enhance detection and response capabilities. Additionally, Alessio shares insights on codifying playbooks and prioritizing core focuses to ensure a robust cybersecurity posture.

Topics discussed:
- The importance of defining clear goals and laying strong foundations for scalable security programs.
Emphasizing the need for security teams to deeply understand the product they are defending and the behaviors of its user base.
The significance of developing and prioritizing detailed playbooks to guide detection and response efforts effectively.
How AI can assist in real-time response, log data parsing, and providing actionable recommendations during security incidents.
Identifying and focusing on critical areas like persistence, lateral movement, and data exfiltration to optimize security efforts with limited resources.
Techniques for evaluating the success of security playbooks and ensuring they align with the organization's goals and infrastructure.
Combining automated processes with human oversight to enhance the efficiency and accuracy of security operations.
The difficulties in gathering and integrating data from various sources to enable quick and informed security responses.
Crafting security rules that are tailored to the specific needs and priorities of the organization’s environment.
Advice on maintaining focus and ensuring foundational security practices are in place for a strong and resilient cybersecurity posture.
...more
24min
July 23, 2024Sprinklr’s Roger Allen on Preventing Team Burnout in Cybersecurity
In this episode of Detection at Scale, Jack speaks to Roger Allen, Senior Director, Global Head of Detection and Response at Sprinklr, to explore the complexities of running a modern SOC. Roger shares his expertise on prioritizing alerts with contextual understanding, the importance of crafting a robust data strategy, and preventing team burnout.
From integrating adversary testing to ensuring team alignment with organizational goals, Roger also offers actionable insights and practical advice for enhancing cybersecurity defenses.

Topics discussed:
- The importance of understanding adversaries' TTPs (Tactics, Techniques, and Procedures) and leveraging them to improve detection and response capabilities.
Discussing the critical role of adversary simulation and testing in writing effective detection rules and enhancing overall security posture.
Strategies for prioritizing alerts based on contextual understanding and the sequence of events, moving beyond mere alert volume.
The necessity of a well-defined data strategy, including standardizing logging formats and implementing data enrichment techniques to improve incident response.
Addressing team burnout by ensuring balanced workloads, regular reviews, and meaningful conversations to align team goals with organizational objectives.
The role of integration and unit testing in validating security rules and ensuring their effectiveness from multiple perspectives.
How security teams can bridge the gap between understanding the tech stack and the business objectives, ensuring security measures align with business priorities.
The importance of bringing in relevant data for incident response and the collaboration needed between different security functions to optimize data usage.
...more
25min
July 09, 2024WP Engine’s Christopher Watkins on Cost-Effective Threat Hunting Strategies
In this episode of Detection at Scale, Jack welcomes Christopher Watkins, Senior Staff Cloud Security Engineer at WP Engine, to discuss innovative logging solutions and efficient data management across multiple cloud platforms. Chris reveals how WP Engine leverages native tools and robust API gateways to streamline logging processes.

He shares strategies for cost-effective threat hunting, such as optimizing large-scale queries through table partitioning. Chris also emphasizes the importance of mental and physical well-being, and the role of community support in maintaining a sustainable career in cybersecurity.

Topics discussed:
- How WP Engine uses native tools and robust API gateways to manage logging across multiple cloud platforms efficiently.
Strategies for optimizing large-scale queries, such as table partitioning and avoiding costly operations, to maintain efficiency and reduce expenses.
Techniques for moving data efficiently across different cloud services, ensuring consistency and reliability in data management.
The importance of partitioning tables and being selective with queries to enhance threat detection and incident response efforts.
The role of a well-designed schema in speeding up threat detection by understanding key value pairs frequently used in security data.
Leveraging best practices from data teams to optimize queries and improve security use cases.
Ensuring human oversight with two-person reviews of scripts and dry runs to maintain accuracy and reliability in automated processes.
The importance of mental, physical, and spiritual health routines to manage the stress of incident response and avoid burnout.
The role of community and trusted conversations in sharing experiences about breaches, vulnerabilities, and other challenges in the cybersecurity field.
How WP Engine's mantra of "detection as code" and "pipelines as code" extends to response workflows for increased efficiency and effectiveness.
Resources Mentioned:
- Chris Watkins on LinkedIn
WP Engine website
...more
22min
June 25, 2024Elastic’s Darren LaCasse on Cutting Alert Volumes in Half By Automating Responses
In this episode of Detection at Scale, Jack Naglieri chats with Darren LaCasse, Director of Threat Intelligence, Incident Response, & Threat Detection at Elastic. Darren offers insights into the innovative project around detection as code, shedding light on the methodologies Elastic employs to enhance security operations.
Darren touches on the challenges of managing massive amounts of data, the importance of prioritization in security tasks, and how automation has revolutionized their response strategies. He also shares practical advice on conducting gap analyses to focus on what truly matters.

Topics discussed:
- The importance of prioritizing security tasks to focus on critical business-impacting elements, ensuring a resilient security framework.
Strategies for handling and analyzing large volumes of security data to maintain effective monitoring and response capabilities.
How automation has halved alert volumes, freeing analysts from repetitive tasks and enhancing overall productivity.
Conducting regular gap analyses and attack path discussions to visualize vulnerabilities and direct security efforts effectively.
The role of tagging and context-aware responses in streamlining security operations and making analysts' lives easier.
Prioritizing security efforts based on the criticality of vendors and data, focusing first on restricted and critical vendors.
The importance of conducting at least annual reviews to reassess and improve security controls and monitoring strategies.
Using metrics to measure the effectiveness of security measures and guide continuous improvement efforts.

Resources Mentioned:
- Darren LaCasse on LinkedIn
Elastic Security Solution website
...more
28min
June 11, 2024Check Point’s Daniel Wiley on Balancing Technology and Human Analytics in Cybersecurity
In this episode of the Detection at Scale podcast, Jack speaks to Daniel Wiley, Head of Threat Management and Chief Security Advisor at Check Point Software, to discuss the intricacies of balancing technology and human analytics in cybersecurity.
Daniel shares his experiences in building three successful internal startups at Check Point and emphasizes the importance of continuous learning throughout one’s career. He also touches on effective incident response strategies for small- to medium-sized businesses, and the vital role of adaptable data schemas in managing large-scale security operations.
Topics discussed:
- The highs and lows experienced in the cybersecurity startup journey, including the importance of quick decision-making and team-building.
Strategies for developing effective IR playbooks tailored for small- to medium-sized businesses to handle security threats efficiently.
The integration of machine analytics and human expertise to manage and interpret large volumes of cybersecurity data.
Managing 24/7 global SOCs, including the challenges of shift rotations and ensuring analysts are not overloaded.
Techniques for determining which data is crucial for cybersecurity efforts and how to handle terabytes of data per second.
The necessity of ongoing education and staying updated with the latest in cybersecurity to maintain effectiveness in the field.
The significance of hiring the right team from the start and making swift, decisive personnel changes when necessary.
Check Point's focus on maintaining high operational margins and its impact on the business's success and sustainability.
Resources Mentioned:
- Daniel Wiley on LinkedIn
Check Point Software website
The Hard Thing About Hard Things by Ben Horowitz
Cyber for Builders by Ross Haleliuk
...more
45min
May 28, 2024Inductive Automation’s Jason Waits on Building Scalable Security Programs Through Automation
In our latest episode of Detection at Scale, Jason Waits, CISO at Inductive Automation, shares insights learned in his journey from network administration to cybersecurity and the importance of SCADA systems.
He dives into the value of automation, ML, and AI in security operations, highlighting the need for asking the right questions for efficient data analysis. Jason also discusses building a security team with a focus on detection and response, leveraging automation for faster investigations.
Topics discussed:
- The role of SCADA systems in various industries and the importance of security in OT environments.
The challenges and strategies in building a security program for scale, focusing on automation and infrastructure as code.
The impact of IT-OT convergence on security issues and the need for enhanced controls and monitoring in interconnected systems.
Embracing automation in security operations, including detection engineering and automating response actions for efficiency and scalability.
Utilizing enrichment techniques for contextual data analysis and the significance of data sources for effective security investigations.
The use of ML and AI in security operations, particularly in natural language querying and data analysis for actionable insights.
Jason's advice on building a successful security team, emphasizing automation, staying informed on industry trends, and fostering collaboration with engineering teams.
Resources Mentioned:
- Jason Waits on LinkedIn
Inductive Automation website
Detection Engineering Weekly newsletter
...more
20min
May 21, 2024Panther’s Jack Naglieri on Navigating the New Role of Detection Engineering in Cybersecurity (Special Episode)
In our recent special Hot Ones-style episode of Detection at Scale, Panther CEO Will Lowe and Founder & CTO Jack Naglieri sit down to taste hot sauces and talk hot topics in the field of cybersecurity. Jack shares his evolution from security professionals to founders, emphasizing the importance of experience and understanding attacker profiles.
Jack also gives his insights on the foundational skills to becoming a detection engineer, including building detection engineering functions and having war room experience. He also discusses the evolving role of AI in the security field, such as its usefulness in generating code for detection programs.
Topics discussed:
- Jack’s transition from practitioner to company founder, emphasizing the importance of saying yes to opportunities and keeping an open mind.
Building detection engineering functions with a focus on understanding what needs to be detected and why.
The significance of measurement in detection engineering and the importance of a growth mindset for continuous improvement.
The importance of understanding the experiences of security practitioners and software engineers.
The role of war room experience in understanding attacker profiles and the importance of incident response strategies to prepare for a role as a detection engineer.
The importance of sharing knowledge and experiences within the cybersecurity community.
Resources Mentioned: Jack Naglieri’s Substack
...more
24min

FAQs about Detection at Scale:

How many episodes does Detection at Scale have?

The podcast currently has 54 episodes available.

More shows like Detection at Scale

Security Now (Audio) by TWiT

Security Now (Audio)

1,918 Listeners

Risky Business by Patrick Gray

Risky Business

352 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

608 Listeners

The Twenty Minute VC (20VC): Venture Capital | Startup Funding | The Pitch by Harry Stebbings

The Twenty Minute VC (20VC): Venture Capital | Startup Funding | The Pitch

509 Listeners

Acquired by Ben Gilbert and David Rosenthal

Acquired

3,069 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

981 Listeners

Malicious Life by Malicious Life

Malicious Life

909 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,617 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

180 Listeners

Lex Fridman Podcast by Lex Fridman

Lex Fridman Podcast

12,647 Listeners

All-In with Chamath, Jason, Sacks & Friedberg by All-In Podcast, LLC

All-In with Chamath, Jason, Sacks & Friedberg

7,204 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

101 Listeners

Risky Business News by risky.biz

Risky Business News

31 Listeners

BG2Pod with Brad Gerstner and Bill Gurley by BG2Pod

BG2Pod with Brad Gerstner and Bill Gurley

311 Listeners

No Such Podcast by National Security Agency (NSA)

No Such Podcast

191 Listeners