Detection at Scale

GreenSky's Ken Bowles on Auditing Controls before They Silently Fail

Listen Later

Over his 15-year journey through healthcare and financial services security, Ken Bowles, now Director of Security Operations at GreenSky, has collected a plethora of practical strategies for prioritizing crown jewels, managing cloud over-permissions, and building SOCs that scale effectively. He reflects on transforming security operations through AI and intelligent automation and discusses how AI is reducing analyst investigation time dramatically.

Ken also asserts the importance of auditing security controls before they silently fail. The conversation touches on the evolving role of the MITRE framework, the concept of signaling versus alerting, and why embracing AI might be the best career move for security professionals navigating rapid technological change in cloud environments.

Topics discussed:

  • Building security operations programs around crown jewels and scaling outward to manage the most critical assets first.
  • Managing over-permissions in cloud environments that have snowballed across multiple administrators without proper governance.
  • Using AI to reduce analyst investigation time from 30 minutes to seconds through intelligent data enrichment and context.
  • Creating true single-pane-of-glass visibility by connecting security tools and data sources for more effective threat detection.
  • Training new security analysts with AI assistance to bridge knowledge gaps in SQL, SOAR platforms, and log analysis.
  • Documenting institutional knowledge while encouraging analysts to trust their intuition when something doesn't look right.
  • Understanding the limitations of impossible travel alerts and using AI to establish user behavior baselines for accurate detection.
  • Applying the MITRE framework as a guideline rather than gospel, adapting detection strategies to specific organizational needs.
  • Implementing signaling approaches that label security-relevant events without creating alert fatigue for security operations teams.
  • Auditing security controls regularly to catch configuration drift and ensure protective measures remain effective over time. 

    • Listen to more episodes: 

    Apple 

    Spotify 

    YouTube

    Website

    ...more
    View all episodesView all episodes
    Download on the App Store
    Detection at ScaleBy Panther Labs
    • 5
    • 5
    • 5
    • 5
    • 5

    5

    11 ratings

    More shows like Detection at Scale

    View all
    Risky Business by Patrick Gray

    Risky Business

    371 Listeners

    SpyCast by SpyCast

    SpyCast

    1,534 Listeners

    SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

    SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

    649 Listeners

    The Defender's Advantage Podcast by Mandiant

    The Defender's Advantage Podcast

    33 Listeners

    Science Vs by Spotify Studios

    Science Vs

    12,117 Listeners

    Smashing Security by Graham Cluley

    Smashing Security

    320 Listeners

    Darknet Diaries by Jack Rhysider

    Darknet Diaries

    8,086 Listeners

    All-In with Chamath, Jason, Sacks & Friedberg by All-In Podcast, LLC

    All-In with Chamath, Jason, Sacks & Friedberg

    10,073 Listeners

    Dwarkesh Podcast by Dwarkesh Patel

    Dwarkesh Podcast

    531 Listeners

    Cybersecurity Headlines by CISO Series

    Cybersecurity Headlines

    139 Listeners

    Cloud Security Podcast by Google by Anton Chuvakin

    Cloud Security Podcast by Google

    40 Listeners

    Risky Bulletin by risky.biz

    Risky Bulletin

    44 Listeners

    The Economics of Everyday Things by Freakonomics Network & Zachary Crockett

    The Economics of Everyday Things

    1,686 Listeners

    Prof G Markets by Vox Media Podcast Network

    Prof G Markets

    1,444 Listeners

    Sources & Methods by NPR

    Sources & Methods

    847 Listeners