On this week's episode of the Detection at Scale podcast, Jack talks with Justin Anderson, Security Engineering Manager, Detection & Response at Meta. They discuss how Meta has built its detection engineering program, how it treats detection-as-code like software, and how it gauges risk by assessing the TTPs applicable to the environment. They also talk about where AI is able to help out in development, the greater need for engineering and investigation skills, and three things to remember when building a security program.

Topics discussed:

How Meta gauges risk by assessing the TTPs applicable to the environment and measuring coverage across those TTPs.

How they built out their detection platform on a custom infrastructure and treat detection-as-code like software.

Why they take a shift left approach to detection, starting with TTPs hypotheses and then eliminating as much noise as possible.

How taking a page from the vulnerability management playbook helps reduce noise around detections.

AI’s current limitations in detection and response, yet how it helps with writing code and speeding up development times.

Why there's a greater need for stronger engineering and investigation skills, in addition to coding skills.

Advice to security professionals to focus on understanding, identifying, and executing when building out their program.