Detection at Scale

Not so long ago security was 'more manual' and therefore, riskier. Important systems would drift in their configuration, people would go on and change things manually. Over the past decade, there has been a shift from tools that were doing infrastructure as code to immutable infrastructure. Technology now allows you to be updated, gives you the ability to retrain, and have a repeatable process.  Gilbert Martin is the Head of Cloud Security at OutSystems and a big believer in taking a developer first approach to a lot of the things that we do in security. One of those is creating an image pipeline. In today's episode, Gilbert walks us through the idea of how using the right tools can help you promote better cloud infrastructure security. Topics discussed in this episode: Gilbert’s background in security. What the cloud environment was when he started. How immutable infrastructure has helped remove unpredictability and insecurity. Why it's important for any organization to have a software asset inventory. Gilbert's approach to dealing with systems that he finds some issue/ violation. How he uses Kubernetes and Serverless: pros and cons. Why visibility is essential for doing security at scale. Keys to interact with instant response teams. How to succeed at applying cloud security at scale in the future.

Cyber security is difficult. It's asymmetric and the advantage falls on the attacker side. When Omer Singer realized this, he felt inspired to join the military service in Israel. After what he saw by being on the offensive side, moving to the defense was challenging. How would he reconcile both sides of the same coin?  Omer Singer is now Head of Cyber Security Strategy at Snowflake and in this episode, he shares what was the game changing approach that made him flip into doing detection.  Listen to Omer for great insights and advice on how to break into today's data driven cyber security industry. Topics discussed in this episode: Omer's beginnings and background in penetration testing. How Omer made the flip into doing detection. How joining Snowflake changed his perspective about being on the defense side. The power of data in security and how it tells you things you didn't know how to ask for. When Snowflake started their security journey. Omer's approach on building a high fidelity system and retaining high fidelity alerting. Advice on how to build a strategy around data when you're starting from scratch. How security programs and systems scale along with data growth. First objectives when he started leading Snowflake cyber security. 3 Pieces of actionable advice to succeed at detection at scale.

Cassio Goldschmidt is the Senior Director and CISO at ServiceTitan. Awarded for his leadership in cyber security, he has over 20 years of experience in various technology companies. He has been a speaker at the most respected international conferences and even helped improve the security integrity of Brazil's voting system.  In today's episode, Cassio shared unique insights on the importance of bringing the right people for your company needs, whether you are a startup or a fortune 500.  Who is best for what? When is the right time for outsourcing? What kind of experts should you bring to your team in the beginning? We asked Cassio these questions and also dove into leadership, decision making, and what the future demands for security teams will be. Topics discussed in this episode: How Cassio got into security and became a security leader. The differences of building a modern security team in established companies and startups. How to decide when it’s the right moment to do it yourself as a first security hire vs hiring other teams. What kind of experts you want to bring in to your team at early stages. Recommendations on the composition of a detection team. Cassio's approach for getting around false positives. Major challenges with implementing SIEMs. Metrics to gauge the effectiveness of a detection program. How security demands will evolve over time. 3 pieces of actionable advice to succeed at effective detection at scale.

'Don't make assumptions. Ask the question.' That's what today’s guest advises to her team on how to differentiate what's normal from abnormal in an evolving threat environment. Cynthia Moore is the Senior Director of Information Security at BlackLine but she started out in infrastructure operations building telecoms systems. Coming from a non-traditional security background has given Cynthia a true leverage and the versatility not only to better empathize with clients' needs but also to speak their language. In today's episode, you will get to understand the mindset of a great security leader and learn her secret recipe on how to encourage teams to turn 'impossible' problems into possible outcomes. Topics discussed in this episode: The biggest differences in running security for Disney and BlackLine. Building and staffing a team out in a cloud-based environment. What challenges Cynthia is facing as a security leader in BlackLine. How to detect, respond, and prevent breaches. The value of having transparency and an open dialogue with clients in SaaS businesses. How speaking a language that is not purely security helps empathize with clients and creates a feedback loop. Cynthia’s thoughts on tools to be successful at scale.  Keys to augmenting your security team: outsourcing vs hiring. How you don't always need to hire security people to do security

Today's guest shared an eye-opening definition: "Application security is an evolving narrative. It's all about collaborating and interacting with the people building the business." When Ty Sbano started, application security wasn't really called application security. He was fortunate enough to be one of the early folks that had a formal degree in information technology with a focus on security from Penn State University. From JP Morgan to Capital One to the startup field, Ty collects over 15 years of experience in security. Today, he is Chief Trust and Security Officer at Sisense and he sat down with us to discuss all things AppSec, how to build early, robust security teams, and how to lead with empathy in an evolving agile environment. Topics discussed in this episode: Ty’s background in the financial/fintech industry and his current focus on data science and the conversions of security. What application and product security means and why it’s really important to enable businesses to move fast. The importance of choosing one vertical in information security and being an expert at it. How an agile methodology and manifesto help ship product features and engage engineers. How security practical programs differ between large enterprises and startups. Security tooling: Building vs Buying Building early security teams: good patterns that are important to get established in the beginning.  The relationship between an application security function and an incident response function. 3 pieces of actionable advice for security teams.

Attackers are always ahead of the game and today you need more than having a lock on your front door. Modern security requires organizations to think outside the box, re-architect their environment, and be able to scale more efficiently and effectively. In this first episode, we sat down with Brad LaPorte to discuss Endpoint Detection and Response (EDR) in depth. Brad has spent time in US Cyber Intelligence, large technology companies like IBM, research firm Gartner, and today as partner at High Tide Advisors a firm specializing in go-to-market consulting. Topics discussed in this episode: Topics discussed in this episode: How Brad has seen endpoint detection and response evolve over the last 5 years. How attackers are always well financed and resourced. Organizations’ struggles with application control. What caused the shift from AV to EDR products and tools. How detection as code is critical for many reasons. The biggest challenges Brad has seen when deploying EDR in a large organization. The importance of educating your leadership, have a proper plan, use case, and assess your operational readiness when implementing EDR.  Recommendations for engineers looking to build their own version of an EDR platform. Tools and technologies that Brad is paying attention to like zero trust architecture. 3 pieces of advice for security teams looking to succeed at EDR at scale.

Welcome to the Detection at Scale Podcast! My name is Jack Naglieri, CEO and founder of Panther Labs and more importantly, I'm also a security practitioner.  When I was part of the Airbnb and Yahoo security teams, I experienced firsthand the challenges of high-scale security monitoring. In 2018, I left Airbnb to fully dedicate myself to solving this problem. In this short episode, I will cover: - Who we are - Why we are doing this podcast - What you can expect on future episodes We can promise you one thing: this is NOT a podcast about selling you what Panther can do. The #1 reason we are doing this, it's because we want to help demystify a lot of techniques that we use to operate effectively at scale.  Thank you for listening and very excited to start this journey together!