Detection at Scale

By Panther Labs

The Detection at Scale Podcast is dedicated to helping security practitioners and their teams succeed at managing and responding to threats at a modern, cloud scale.

Every episode is focused on acti... more

5

1111 ratings

Download on the App Store

Download on the App Store

Get it on Google Play

FAQs about Detection at Scale:

How many episodes does Detection at Scale have?

The podcast currently has 62 episodes available.

Detection at Scale episodes:

December 21, 2021Cisco Secure‘s J. Wolfgang Goerlich: Rebuilding Trust in Security Tools
Why is SIEM an area of unease for so many security officers?
To make detection and response successful, we need tools capable of upscaling the practitioners as well as equipping them to be successful. We need tools we can rely on.
In today's episode, we had an inspiring conversation with J Wolfgang Goerlich, Advisory CISO at Cisco Secure. We discussed how trust is a determinant factor in building the security tools of the future, why so many CISOs lost trust over SIEMs and what we can do to rebuild it.
Topics discussed in this episode:
Wolf's role as advisory CISO.
How we can use technology to solve business problems
How CISOs perceive SIEMs today and security monitoring as a practice
The investigative side versus the detection side of SIEMs
How the detection personas have changed with the movement to the cloud
Challenges of doing detection in the modern day
The story of when Wolf worked in an open source project
How Wolf advises CISOs on making a build versus buy decision
How detection and response will evolve in the coming years
3 pieces of actionable advice to succeed with building effective detection programs at scale
...more
33min
December 14, 2021Netflix’s Srinath Kuruvadi: Securing The Cloud Footprint With an Adaptive, Agile, and People Leadership Approach
Securing the environment and scaling operations of the world's leading streaming entertainment service is massive.
Srinath Kuruvadi is the head of cloud infrastructure security at Netflix. Before Netflix, he spent more than 15 years building security solutions and leading teams at Google, Facebook, Snapchat, Lyft, and Mapbox.
In today's episode, he shares how his leadership skills have evolved over time, where he puts his focus when approaching infrastructure security, and what he believes are the key ingredients any security team should have today.
Topics discussed in this episode:
How Srinath got his start in security and landed as head of infrastructure cloud security at Netflix
Lessons in leading a team that’s 10+ years old
ConsoleMe and why they built it
Srinath’s unique approach to infrastructure security
Why ‘people challenges’ carry more weight than ‘technical challenges’ when it comes to infrastructure security
Why security teams should seek out the open source tools big tech companies use
His take on trends and tools in the cloud security space
3 pieces of advice to succeed in detection at scale
...more
34min
November 02, 2021Dropbox‘s Matt Jezorek: The Value of Agility and Education For Scaling Security
How does anything scale as a leader?
For today's guest, security has always been a puzzle in which the only variable we do get to control is time; specifically, all the decisions that enable us to control how fast we detect threats.
Am I going to be agile with this tool? How fast can I deploy detection if something happens today? How many hours is it going to take me to understand if it happens again or if it's still happening?
These are some of the questions Matt Jezorek likes to ask himself. Matt is the Vice President of Security and Platform Abuse at Dropbox, an Information Security Executive with multinational fortune 50 experience who can think like an attacker and still speak to the business.
Topics discussed in this episode:
Matt's background and his number one motivator: "taking care of his family"
What he enjoys the most about security (what he likes to call ‘The Grayness of Security’)
Why educating others can help scale security
How Matt keeps up as a security leader
The value of agility in detection at scale
What he considers should be prioritized in automation and problem solving
How we can maintain customer trust
How Matt knows if he is doing a good job as a security leader: hygiene, aspirational and agile metrics.
Why time is the only variable we can control
Lessons learned from bad management experiences
3 pieces of advice for security teams that are working hard to protect customers
...more
37min
October 19, 2021Talkdesk‘s Miguel Viana: Risk Management In a Cloud Environment
Risk management has shifted from a traditional mindset to an integrated view, where engagement of all departments across an enterprise is crucial to address threats properly.
In today's episode we sat down with Miguel Viana from Talkdesk to discuss how security teams provide guidance to identify vulnerabilities and how risk management processes evolve in a fast-paced growing team.
Topics discussed in this episode:
Miguel Viana's background in the security industry
How risk management evolves as company grows
Threat modeling in the risk management process
Typical security threats that worry Talkdesk the most
The importance of due diligence in third party management
Miguel’s advocacy for security education programs
How to build a strong security culture in a company
...more
19min
October 12, 2021Gusto’s Fredrick Lee: Why Trust Is Critical To Building a Scalable Security Team
"The people who actually work with me (not for me), do their jobs better"
Gusto is a People Platform and as the Chief Information Security Officer, Fredrick Lee (AKA Lee) knows company value starts with your employees. If you don't take care of your employees, you can't take care of your customers.
Being a great leader is not only about inspiring your team and making them want to do more but also, and more importantly, is about transparency and building trust.
Tune in into today's episode for a master class on how to lead a security organization from the trenches.
Topics discussed in this episode:
What makes a great security leader
The power of transparency in leadership.
Why it is important that security leaders have experience practicing beyond management.
What inspired Flee to make the jump from being a practitioner to being a leader.
How to join a new company and build a security program from zero.
What security teams can do when working in a hypergrowth environment.
Why Flee trusts people but not computers.
3 Pieces of advice to security leaders that you can't miss!
...more
38min
October 05, 2021OutSystems’s Gilbert Martin: How Using Tools Can Help Promote Strong Cloud Infrastructure Security
Not so long ago security was 'more manual' and therefore, riskier. Important systems would drift in their configuration, people would go on and change things manually.
Over the past decade, there has been a shift from tools that were doing infrastructure as code to immutable infrastructure. Technology now allows you to be updated, gives you the ability to retrain, and have a repeatable process.
Gilbert Martin is the Head of Cloud Security at OutSystems and a big believer in taking a developer first approach to a lot of the things that we do in security. One of those is creating an image pipeline.
In today's episode, Gilbert walks us through the idea of how using the right tools can help you promote better cloud infrastructure security.
Topics discussed in this episode:
Gilbert’s background in security.
What the cloud environment was when he started.
How immutable infrastructure has helped remove unpredictability and insecurity.
Why it's important for any organization to have a software asset inventory.
Gilbert's approach to dealing with systems that he finds some issue/ violation.
How he uses Kubernetes and Serverless: pros and cons.
Why visibility is essential for doing security at scale.
Keys to interact with instant response teams.
How to succeed at applying cloud security at scale in the future.
...more
24min
September 28, 2021Snowflake’s Omer Singer: What Security Data Can Tell You About Detection and Response
Cyber security is difficult. It's asymmetric and the advantage falls on the attacker side.
When Omer Singer realized this, he felt inspired to join the military service in Israel. After what he saw by being on the offensive side, moving to the defense was challenging. How would he reconcile both sides of the same coin?
Omer Singer is now Head of Cyber Security Strategy at Snowflake and in this episode, he shares what was the game changing approach that made him flip into doing detection.
Listen to Omer for great insights and advice on how to break into today's data driven cyber security industry.
Topics discussed in this episode:
Omer's beginnings and background in penetration testing.
How Omer made the flip into doing detection.
How joining Snowflake changed his perspective about being on the defense side.
The power of data in security and how it tells you things you didn't know how to ask for.
When Snowflake started their security journey.
Omer's approach on building a high fidelity system and retaining high fidelity alerting.
Advice on how to build a strategy around data when you're starting from scratch.
How security programs and systems scale along with data growth.
First objectives when he started leading Snowflake cyber security.
3 Pieces of actionable advice to succeed at detection at scale.
...more
31min
September 21, 2021ServiceTitan’s Cassio Goldschmidt: Navigating Security Team Roles
Cassio Goldschmidt is the Senior Director and CISO at ServiceTitan. Awarded for his leadership in cyber security, he has over 20 years of experience in various technology companies. He has been a speaker at the most respected international conferences and even helped improve the security integrity of Brazil's voting system.
In today's episode, Cassio shared unique insights on the importance of bringing the right people for your company needs, whether you are a startup or a fortune 500.
Who is best for what? When is the right time for outsourcing? What kind of experts should you bring to your team in the beginning? We asked Cassio these questions and also dove into leadership, decision making, and what the future demands for security teams will be.
Topics discussed in this episode:
How Cassio got into security and became a security leader.
The differences of building a modern security team in established companies and startups.
How to decide when it’s the right moment to do it yourself as a first security hire vs hiring other teams.
What kind of experts you want to bring in to your team at early stages.
Recommendations on the composition of a detection team.
Cassio's approach for getting around false positives.
Major challenges with implementing SIEMs.
Metrics to gauge the effectiveness of a detection program.
How security demands will evolve over time.
3 pieces of actionable advice to succeed at effective detection at scale.
...more
27min
September 14, 2021BlackLine’s Cynthia Moore: How to Build Scalable Security Teams
'Don't make assumptions. Ask the question.'
That's what today’s guest advises to her team on how to differentiate what's normal from abnormal in an evolving threat environment.
Cynthia Moore is the Senior Director of Information Security at BlackLine but she started out in infrastructure operations building telecoms systems. Coming from a non-traditional security background has given Cynthia a true leverage and the versatility not only to better empathize with clients' needs but also to speak their language.
In today's episode, you will get to understand the mindset of a great security leader and learn her secret recipe on how to encourage teams to turn 'impossible' problems into possible outcomes.
Topics discussed in this episode:
The biggest differences in running security for Disney and BlackLine.
Building and staffing a team out in a cloud-based environment.
What challenges Cynthia is facing as a security leader in BlackLine.
How to detect, respond, and prevent breaches.
The value of having transparency and an open dialogue with clients in SaaS businesses.
How speaking a language that is not purely security helps empathize with clients and creates a feedback loop.
Cynthia’s thoughts on tools to be successful at scale.
Keys to augmenting your security team: outsourcing vs hiring.
How you don't always need to hire security people to do security
...more
27min
September 07, 2021Sisense’s Ty Sbano: What Application and Product Security (Really) Is
Today's guest shared an eye-opening definition: "Application security is an evolving narrative. It's all about collaborating and interacting with the people building the business."
When Ty Sbano started, application security wasn't really called application security. He was fortunate enough to be one of the early folks that had a formal degree in information technology with a focus on security from Penn State University.
From JP Morgan to Capital One to the startup field, Ty collects over 15 years of experience in security. Today, he is Chief Trust and Security Officer at Sisense and he sat down with us to discuss all things AppSec, how to build early, robust security teams, and how to lead with empathy in an evolving agile environment.
Topics discussed in this episode:
Ty’s background in the financial/fintech industry and his current focus on data science and the conversions of security.
What application and product security means and why it’s really important to enable businesses to move fast.
The importance of choosing one vertical in information security and being an expert at it.
How an agile methodology and manifesto help ship product features and engage engineers.
How security practical programs differ between large enterprises and startups.
Security tooling: Building vs Buying
Building early security teams: good patterns that are important to get established in the beginning.
The relationship between an application security function and an incident response function.
3 pieces of actionable advice for security teams.
...more
50min

FAQs about Detection at Scale:

How many episodes does Detection at Scale have?

The podcast currently has 62 episodes available.

More shows like Detection at Scale

Security Now (Audio) by TWiT

Security Now (Audio)

1,966 Listeners

Risky Business by Patrick Gray

Risky Business

360 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

628 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

367 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,014 Listeners

Smashing Security by Graham Cluley & Carole Theriault

Smashing Security

314 Listeners

Click Here by Recorded Future News

Click Here

392 Listeners

Hacking Humans by N2K Networks

Hacking Humans

313 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

78 Listeners

Dwarkesh Podcast by Dwarkesh Patel

Dwarkesh Podcast

352 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

118 Listeners

The Ezra Klein Show by New York Times Opinion

The Ezra Klein Show

15,037 Listeners

Cloud Security Podcast by Google by Anton Chuvakin

Cloud Security Podcast by Google

40 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

33 Listeners

No Priors: Artificial Intelligence | Technology | Startups by Conviction

No Priors: Artificial Intelligence | Technology | Startups

129 Listeners