In this episode of Detection at Scale, Jack speaks with Saksham Tushar, Head of Security Operations & Threat Detection Engineering at CRED, about the challenges of compliance in a high-growth environment. Saksham shares their strategy for automating security processes and enriching data to enhance threat detection.

He emphasizes the importance of verifying automated outcomes to ensure accuracy. Saksham also covers how CRED uses Python libraries for efficient incident response and the significance of contextual understanding in security incidents. With a focus on streamlining compliance and leveraging intelligence, Saksham provides valuable insights into building a robust security operations framework in a rapidly evolving landscape.

Topics discussed:

• How CRED distilled complex compliance requirements into a manageable set of common standards to streamline processes.
• The importance of correlating various log sources to create a comprehensive view of security incidents.
• How automation has transformed security processes, making them more efficient and effective.
• The use of threat intelligence and how it is centralized and automated to provide actionable insights for security teams.
• The development of internal Python libraries that facilitate quick data queries for incident investigations.
• The importance of understanding the context around security incidents to better inform responses and strategies.
• How using notebooks for investigations aids in communication and auditing, allowing for clear documentation of processes.
• How to organize a team to maintain agility while ensuring diverse skill sets are leveraged effectively.
• The necessity of verifying automated processes to ensure they yield accurate and actionable outcomes.

Resources Mentioned:

• Saksham Tushar on LinkedIn
• CRED website

In this special episode of Detection at Scale, Jack welcomes security experts Dan Cao, Engineering Manager of Security Incident and Response at Netflix, and returning guest Josh Liburdi, Staff Security Engineer at Brex. They discuss the rise of developer-centric security solutions and the ongoing balance between utilizing big platforms like CrowdStrike and bespoke tools — the build versus buy dilemma.

They highlight the importance of fundamental skills and critical thinking in security engineering, emphasizing the need for continual learning and adaptability. Dan and Josh also share insights on building effective security teams and the significance of mentorship and team culture in fostering innovation and resilience in an evolving tech landscape.

Topics discussed:

• The shift towards security operations and incident response that prioritize developer involvement and custom coding solutions.
• How to effectively integrate large security platforms like Crowdstrike with tailored, in-house security tools.
• The need for critical and abstract thinking skills in security engineering to solve complex problems.
• Strategies for leveraging team strengths and addressing skill gaps to create robust security teams.
• The role of mentorship and a positive team culture in fostering growth and innovation within security teams.
• The importance of mastering the basics of technology and cybersecurity as a foundation for advanced problem-solving.
• The need for security professionals to stay adaptable and continually update their skills in a rapidly evolving tech landscape.
• The difficulties small security teams face when managing and integrating diverse security tools and platforms.
• The effectiveness and limitations of using commercial security solutions for large and small organizations.

Resources Mentioned:

Dan Cao on LinkedIn

Josh Liburdi on LinkedIn

In this episode of Detection at Scale, Jack speaks to Alessio Faiella, Director of Security Engineering & Security Operations at ThoughtSpot, to discuss building forward-looking security programs for 2024.

Alessio dives into the dynamic and ephemeral nature of modern security environments and the importance of understanding the nuances of the product and user base. He also highlights how ThoughtSpot leverages AI to enhance detection and response capabilities. Additionally, Alessio shares insights on codifying playbooks and prioritizing core focuses to ensure a robust cybersecurity posture.

Topics discussed:

• The importance of defining clear goals and laying strong foundations for scalable security programs.
• Emphasizing the need for security teams to deeply understand the product they are defending and the behaviors of its user base.
• The significance of developing and prioritizing detailed playbooks to guide detection and response efforts effectively.
• How AI can assist in real-time response, log data parsing, and providing actionable recommendations during security incidents.
• Identifying and focusing on critical areas like persistence, lateral movement, and data exfiltration to optimize security efforts with limited resources.
• Techniques for evaluating the success of security playbooks and ensuring they align with the organization's goals and infrastructure.
• Combining automated processes with human oversight to enhance the efficiency and accuracy of security operations.
• The difficulties in gathering and integrating data from various sources to enable quick and informed security responses.
• Crafting security rules that are tailored to the specific needs and priorities of the organization’s environment.
• Advice on maintaining focus and ensuring foundational security practices are in place for a strong and resilient cybersecurity posture.