Guest:
- Zack Allen, Senior Director of Detection & Research @ Datadog, creator of Detection Engineering Weekly
Topics:
SIEM and SOCTopics covered:
- What are the biggest challenges facing detection engineers today?
- What do you tell people who want to consume detections and not engineer them?
- What advice would you give to someone who is interested in becoming a detection engineer at her organization?
- So, what IS a detection engineer? Do you need software skills to be one? How much breadth and depth do you need?
- What should a SOC leader whose team totally lacks such skills do?
- You created Detection Engineering Weekly. What motivated you to start this publication, and what are your goals for it? What are the learnings so far?
- You work for a vendor, so how should customers think of vendor-made vs customer-made detections and their balance?
- What goes into a backlog for detections and how do you inform it?
Resources:
- Video (LinkedIn, YouTube)
- Zacks’s newsletter: https://detectionengineering.net
- EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil
- EP117 Can a Small Team Adopt an Engineering-Centric Approach to Cybersecurity?
- The SRE book
- “Detection Spectrum” blog
- “Delivering Security at Scale: From Artisanal to Industrial” blog (and this too)
- “Detection Engineering is Painful — and It Shouldn’t Be (Part 1)” blog series
- “Detection as Code? No, Detection as COOKING!” blog
- “Practical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilities” book
- SpecterOps blog