In this episode, Jack Naglieri speaks to Jeff Bollinger, Director of Incident Response and Detection Engineering at LinkedIn, who shares valuable insights on his journey in security, key technological shifts he's witnessed, and his approach to threat intelligence, incident response, and monitoring.

Jeff highlights the importance of contextual understanding in security operations and emphasized the critical role of human intuition, adaptability, and creativity in addressing security challenges. He also discussed the need for a balanced team with diverse skill sets and his views on the evolving role of AI in security operations.

Topics discussed:

• Technological shifts in the field of incident response and detection engineering, from the Y2K era to the present.
• The nuances of monitoring behaviors and moving towards higher-level monitoring: it’s useful but imperfect because humans can be unpredictable.
• Automation in security operations and how human analysts are still important and relevant because they have intuition that AI does not.
• Incorporating threat intelligence effectively in security programs: knowing what your scale is and what threats correspond to it.
• Building effective incident response programs and key considerations in security operations.

In this episode, Jack Naglieri speaks to Josh Liburdi, Staff Security Engineer at Brex. Josh explains the process of developing their new security data pipeline toolkit, Substation and how it has been working. He also discusses the importance of quality data, highlighting the impact of data transformation.

Josh also shares his insights on the value of human analysis in SecOps and modern incident response strategies, from handling alerts to understanding program gaps.

Topics discussed:

• The development process of Substation, a security data pipeline toolkit to enhance log collection and data quality for threat detection
• The importance of quality data in security operations and how sometimes it is helpful to collect it even if you don’t analyze it right away.
• The data transformation process and its impact on threat detection, as well as how it’s made the team at Brex more efficient.
• Enhancing the ability to write better rules after implementing Substation.
• Josh's advice for security practitioners: it’s ok to seek help and “soft skills” are important.

On this week's episode of the Detection at Scale podcast, Jack talks with Matthew Valites, Director of Threat Detection & Operational Strategy at SAP. They discuss which threat detection approach works the best, what metrics Matthew uses to gauge his programs, and why Matthew is a proponent of using detection as code.

Matthew also looks to the future and gives his prediction on what role technology such as GenAI will play in the security landscape. They close out their conversation with some actionable lessons from Matthew's book, Crafting the Infosec Playbook.

Topics discussed:

• Which threat-detection approach works the best (hint: it's usually the one that provides the most visibility).
• How Matthew manages the different logic in different environment using tailored macros.
• What metrics Matthew uses to gauge his programs and how he keeps track of those metrics.
• Why Matthew is a huge proponent of using detection as code, including the CIDC element it brings.
• What makes GenAI so exciting, and what its role might be in the future.
• How Matthew tries to take care of his team's mental and physical health.
• Actionable lessons from the book Matthew co-authored, “Crafting the Infosec Playbook”, such as espousing the values of a service-based approach.