Detection at Scale

What does it take to shape an early-stage security project into a product that solves real problems?  Understanding your customers is a key first step. Knowing the personas who can use your product and the leverage they can get out of it, it's what ultimately brings value to security teams and even other teams that can seize their benefits. We had a great conversation with Joren McReynolds who is the VP of Engineering, IT and Security at Panther Labs. In today's episode he shares the experiences and lessons over the course of his journey at Facebook, Airbnb, and how they shaped his knowledge on what building a great product takes. Topics discussed: What led to the creation of osquery and why open source. What the progression was to build that as an MVP. Joren's approach to building the IR Team at Airbnb. How different Airbnb's cloud-based environment was from Facebook's. How Joren's past experience at Facebook influenced his work at Airbnb. Joren’s thought process around implementing security monitoring. What inspired StreamAlert. 3 pieces of actionable advice to security teams looking to excel in detection at scale.

Clint Gibler is the Head of Security Research for r2c, the company behind SEMGREP, a popular open-source static analysis security scanning tool used by teams all over the world. He joined r2c to help build and shape the future of AppSec; one that includes secure defaults along with lightweight enforcement of those defaults. In today's episode, Clint talks about SEMGREP, operationalization of tools for security teams, intersection between AppSec and D&R as well as tips to succeed in AppSec at scale.   More topics discussed in this episode: SEMGREP's origin story and benefits. The security startup creation pattern of recent years. Trend shift to developers operating security problems at scale. r2c's mission and products in addition to open source. How application logs are useful in detection and response. Type of vulnerabilities Clint is seeing more often. Application security developments he is most excited about. Other resources: tl;dr Sec Newsletter: tldrsec.com

Robin Smith is the Head of Cyber and Information Security at Aston Martin and he brings a fresh and unique voice to the security industry. He advocates for a lean, progressive security mindset where it's crucial thinking around processes to make sure that organizations are not unnecessarily wasting resources while committing to continuous improvement at the same time. Tune in to learn more about what lean security is, why Robin has always seen security as an asset, and how you can embed that value into your organization. Topic discussed in this episode: How Robin arrived in information security. Why he believes we need new voices in the industry. The time he wrote 'The Lean Information Management Toolkit'. Why he considers security as an asset and how to embed that value across an organization. What the concept of lean security implies. How lean security applies to security monitoring and detection. Desired outcomes for security detection platforms. Metrics for a lean security program. The approach of practicality when deploying technology. 3 Pieces of advice to succeed at effective detection at scale.

If you were building a detection program today, what would be your top resources to start with? As we head into a cloud-based future, the ability of handling increased data sets becomes crucial, teams need to have processes in place that cover the entire detection lifecycle, and develop skills necessary to help build, grow and improve a successful detection program. In today's episode, we had an insightful conversation with Snowflake’s Global Threat Intelligence and Detection Engineering Leader, Haider Dost and Senior Security Engineer, Daniel Wyleczuk-Stern where we discovered why data and being able to query that data is a critical first step. Topics discussed in this episode: Haider's and Daniel's background in security. The precursors and skills necessary to becoming an engineer. A high level approach to building strong detection teams. The importance of collecting and correlating log sources for a proper incident response. How to be proactive when building your detection baseline. What a detection lifecycle process is and why every team should have one. What the biggest challenges of building a detection program are. Why it’s critical that responders or analysts have a sense of ownership on the detections that are being built. How security teams at Fortune 500 and Silicon Valley companies differ from each other.

Have you ever thought you could find more assets in your network that you thought you would have? Do you have segments that haven't been scanned yet? Or maybe subnets that you have ignored? These and much more is what asset discovery brings to the table to any security team, helping to prevent the next big incident. In today's episode we sat down with Chris Kirsch, CEO and co-founder of Rumble and chatted about why covering the basics, like having a full inventory of your network with all the managed and unmanaged devices, is a best practice to secure any environment. Topics discussed in this episode: Rumble's founding story and background Why Rumble's engine is very benign to the network Where customers that migrate to Rumble come from Why vulnerability scanners don't tell much about what a particular asset is A two point approach for asset discovery in a cloud environment How customers use Rumble in a response style situation 3 Pieces of advice to succeed at asset management and device security in the future.

Why is SIEM an area of unease for so many security officers? To make detection and response successful, we need tools capable of upscaling the practitioners as well as equipping them to be successful. We need tools we can rely on. In today's episode, we had an inspiring conversation with J Wolfgang Goerlich, Advisory CISO at Cisco Secure. We discussed how trust is a determinant factor in building the security tools of the future, why so many CISOs lost trust over SIEMs and what we can do to rebuild it. Topics discussed in this episode: Wolf's role as advisory CISO. How we can use technology to solve business problems How CISOs perceive SIEMs today and security monitoring as a practice The investigative side versus the detection side of SIEMs How the detection personas have changed with the movement to the cloud Challenges of doing detection in the modern day The story of when Wolf worked in an open source project How Wolf advises CISOs on making a build versus buy decision How detection and response will evolve in the coming years 3 pieces of actionable advice to succeed with building effective detection programs at scale

Securing the environment and scaling operations of the world's leading streaming entertainment service is massive. Srinath Kuruvadi is the head of cloud infrastructure security at Netflix. Before Netflix, he spent more than 15 years building security solutions and leading teams at Google, Facebook, Snapchat, Lyft, and Mapbox. In today's episode, he shares how his leadership skills have evolved over time, where he puts his focus when approaching infrastructure security, and what he believes are the key ingredients any security team should have today. Topics discussed in this episode: How Srinath got his start in security and landed as head of infrastructure cloud security at Netflix  Lessons in leading a team that’s 10+ years old ConsoleMe and why they built it  Srinath’s unique approach to infrastructure security  Why ‘people challenges’ carry more weight than ‘technical challenges’ when it comes to infrastructure security  Why security teams should seek out the open source tools big tech companies use His take on trends and tools in the cloud security space  3 pieces of advice to succeed in detection at scale 

How does anything scale as a leader?  For today's guest, security has always been a puzzle in which the only variable we do get to control is time; specifically, all the decisions that enable us to control how fast we detect threats. Am I going to be agile with this tool? How fast can I deploy detection if something happens today? How many hours is it going to take me to understand if it happens again or if it's still happening?  These are some of the questions Matt Jezorek likes to ask himself. Matt is the Vice President of Security and Platform Abuse at Dropbox,  an Information Security Executive with multinational fortune 50 experience who can think like an attacker and still speak to the business.  Topics discussed in this episode: Matt's background and his number one motivator: "taking care of his family" What he enjoys the most about security (what he likes to call ‘The Grayness of Security’) Why educating others can help scale security How Matt keeps up as a security leader The value of agility in detection at scale What he considers should be prioritized in automation and problem solving How we can maintain customer trust How Matt knows if he is doing a good job as a security leader: hygiene, aspirational and agile metrics. Why time is the only variable we can control Lessons learned from bad management experiences 3 pieces of advice for security teams that are working hard to protect customers

Risk management has shifted from a traditional mindset to an integrated view, where engagement of all departments across an enterprise is crucial to address threats properly. In today's episode we sat down with Miguel Viana from Talkdesk to discuss how security teams provide guidance to identify vulnerabilities and how risk management processes evolve in a fast-paced growing team. Topics discussed in this episode: Miguel Viana's background in the security industry How risk management evolves as company grows Threat modeling in the risk management process Typical security threats that worry Talkdesk the most  The importance of due diligence in third party management Miguel’s advocacy for security education programs How to build a strong security culture in a company

"The people who actually work with me (not for me), do their jobs better" Gusto is a People Platform and as the Chief Information Security Officer, Fredrick Lee (AKA Lee) knows company value starts with your employees. If you don't take care of your employees, you can't take care of your customers. Being a great leader is not only about inspiring your team and making them want to do more but also, and more importantly, is about transparency and building trust. Tune in into today's episode for a master class on how to lead a security organization from the trenches. Topics discussed in this episode: What makes a great security leader The power of transparency in leadership. Why it is important that security leaders have experience practicing beyond management. What inspired Flee to make the jump from being a practitioner to being a leader. How to join a new company and build a security program from zero. What security teams can do when working in a hypergrowth environment. Why Flee trusts people but not computers. 3 Pieces of advice to security leaders that you can't miss!