Optimizing Detection Rules in Cybersecurity

Guest:

• Zack Allen, Senior Director of Detection & Research @ Datadog, creator of Detection Engineering Weekly

Topics:

• What are the biggest challenges facing detection engineers today?

• What do you tell people who want to consume detections and not engineer them?

• What advice would you give to someone who is interested in becoming a detection engineer at her organization?

• So, what IS a detection engineer? Do you need software skills to be one? How much breadth and depth do you need?

• What should a SOC leader whose team totally lacks such skills do?

• You created Detection Engineering Weekly. What motivated you to start this publication, and what are your goals for it? What are the learnings so far?

• You work for a vendor, so how should customers think of vendor-made vs customer-made detections and their balance?

• What goes into a backlog for detections and how do you inform it?

Resources:

• Video (LinkedIn, YouTube)

• Zacks's newsletter: https://detectionengineering.net

• EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil

• EP117 Can a Small Team Adopt an Engineering-Centric Approach to Cybersecurity?

• The SRE book

• "Detection Spectrum" blog

• "Delivering Security at Scale: From Artisanal to Industrial" blog (and this too)

• "Detection Engineering is Painful — and It Shouldn't Be (Part 1)" blog series

• "Detection as Code? No, Detection as COOKING!" blog

• "Practical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilities" book

• SpecterOps blog