Detection at Scale

GreenSky's Ken Bowles on Auditing Controls before They Silently Fail

Listen Later

Over his 15-year journey through healthcare and financial services security, Ken Bowles, now Director of Security Operations at GreenSky, has collected a plethora of practical strategies for prioritizing crown jewels, managing cloud over-permissions, and building SOCs that scale effectively. He reflects on transforming security operations through AI and intelligent automation and discusses how AI is reducing analyst investigation time dramatically.

Ken also asserts the importance of auditing security controls before they silently fail. The conversation touches on the evolving role of the MITRE framework, the concept of signaling versus alerting, and why embracing AI might be the best career move for security professionals navigating rapid technological change in cloud environments.

Topics discussed:

  • Building security operations programs around crown jewels and scaling outward to manage the most critical assets first.
  • Managing over-permissions in cloud environments that have snowballed across multiple administrators without proper governance.
  • Using AI to reduce analyst investigation time from 30 minutes to seconds through intelligent data enrichment and context.
  • Creating true single-pane-of-glass visibility by connecting security tools and data sources for more effective threat detection.
  • Training new security analysts with AI assistance to bridge knowledge gaps in SQL, SOAR platforms, and log analysis.
  • Documenting institutional knowledge while encouraging analysts to trust their intuition when something doesn't look right.
  • Understanding the limitations of impossible travel alerts and using AI to establish user behavior baselines for accurate detection.
  • Applying the MITRE framework as a guideline rather than gospel, adapting detection strategies to specific organizational needs.
  • Implementing signaling approaches that label security-relevant events without creating alert fatigue for security operations teams.
  • Auditing security controls regularly to catch configuration drift and ensure protective measures remain effective over time. 

    • Listen to more episodes: 

    Apple 

    Spotify 

    YouTube

    Website

    ...more
    View all episodesView all episodes
    Download on the App Store
    Detection at ScaleBy Panther Labs
    • 5
    • 5
    • 5
    • 5
    • 5

    5

    11 ratings

    More shows like Detection at Scale

    View all
    Risky Business by Patrick Gray

    Risky Business

    374 Listeners

    SpyCast by SpyCast

    SpyCast

    1,535 Listeners

    SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

    SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

    653 Listeners

    The Defender's Advantage Podcast by Mandiant

    The Defender's Advantage Podcast

    33 Listeners

    Science Vs by Spotify Studios

    Science Vs

    12,225 Listeners

    Smashing Security by Graham Cluley

    Smashing Security

    318 Listeners

    Darknet Diaries by Jack Rhysider

    Darknet Diaries

    8,039 Listeners

    All-In with Chamath, Jason, Sacks & Friedberg by All-In Podcast, LLC

    All-In with Chamath, Jason, Sacks & Friedberg

    9,927 Listeners

    Dwarkesh Podcast by Dwarkesh Patel

    Dwarkesh Podcast

    511 Listeners

    Cyber Security Headlines by CISO Series

    Cyber Security Headlines

    138 Listeners

    Cloud Security Podcast by Google by Anton Chuvakin

    Cloud Security Podcast by Google

    40 Listeners

    Risky Bulletin by risky.biz

    Risky Bulletin

    44 Listeners

    The Economics of Everyday Things by Freakonomics Network & Zachary Crockett

    The Economics of Everyday Things

    1,654 Listeners

    Prof G Markets by Vox Media Podcast Network

    Prof G Markets

    1,427 Listeners

    Sources & Methods by NPR

    Sources & Methods

    798 Listeners