Guest:

• Adam Bateman, Co-founder and CEO, Push Security

Topics:

• What is Identity Threat Detection and Response (ITDR)? How do you define it?

• What gets better at a client organization once ITDR is deployed?

• Do we also need “ISPM” (parallel to CDR/CSPM), and what about CIEM?

• Workload identity ITDR vs human identity ITDR? Do we need both? Are these the same?

• What are the alternatives to using ITDR? Can’t SIEM/UEBA help - perhaps with browser logs?

• What are some of the common types of identity-based threats that ITDR can help detect?

• What advice would you give to organizations that are considering implementing ITDR?

Resources:

• ITDR Definition

• ITDR blog by Push / solve problem

Guest:

• Zack Allen, Senior Director of Detection & Research @ Datadog, creator of Detection Engineering Weekly

Topics:

• What are the biggest challenges facing detection engineers today?

• What do you tell people who want to consume detections and not engineer them?

• What advice would you give to someone who is interested in becoming a detection engineer at her organization?

• So, what IS a detection engineer? Do you need software skills to be one? How much breadth and depth do you need?

• What should a SOC leader whose team totally lacks such skills do?

• You created Detection Engineering Weekly. What motivated you to start this publication, and what are your goals for it? What are the learnings so far?

• You work for a vendor, so how should customers think of vendor-made vs customer-made detections and their balance?

• What goes into a backlog for detections and how do you inform it?

Resources:

• Video (LinkedIn, YouTube)

• Zacks’s newsletter: https://detectionengineering.net

• EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil

• EP117 Can a Small Team Adopt an Engineering-Centric Approach to Cybersecurity?

• The SRE book

• “Detection Spectrum” blog

• “Delivering Security at Scale: From Artisanal to Industrial” blog (and this too)

• “Detection Engineering is Painful — and It Shouldn’t Be (Part 1)” blog series

• “Detection as Code? No, Detection as COOKING!” blog

• “Practical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilities” book

• SpecterOps blog

Guests:

• Mitchell Rudoll, Specialist Master, Deloitte

• Alex Glowacki, Senior Consultant, Deloitte

Topics:

• The paper outlines two paths for SOCs: optimization or transformation. Can you elaborate on the key differences between these two approaches and the factors that should influence an organization's decision on which path to pursue?

• The paper also mentions that alert overload is still a major challenge for SOCs. What are some of the practices that work in 2024 for reducing alert fatigue and improving the signal-to-noise ratio in security signals?

• You also discuss the importance of automation for SOCs. What are some of the key areas where automation can be most beneficial, and what are some of the challenges of implementing automation in SOCs? Automation is often easier said than done…

• What specific skills and knowledge will be most important for SOC analysts in the future that people didn’t think of 5-10 years ago?

• Looking ahead, what are your predictions for the future of SOCs? What emerging technologies do you see having the biggest impact on how SOCs operate?

Resources:

• “Future of the SOC: Evolution or Optimization —Choose Your Path” paper and highlights blog

• “Meet the Ghost of SecOps Future” video based on the paper

• EP58 SOC is Not Dead: How to Grow and Develop Your SOC for Cloud and Beyond

• The original Autonomic Security Operations (ASO) paper (2021)

• “New Paper: “Future of the SOC: Forces shaping modern security operations” (Paper 1 of 4)”

• “New Paper: “Future of the SOC: SOC People — Skills, Not Tiers” (Paper 2 of 4)”

• “New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of 4)”