Cloud Security Podcast by Google

EP181 Detection Engineering Deep Dive: From Career Paths to Scaling SOC Teams

Jul 15, 2024

Zack Allen, Senior Director at Datadog, discusses challenges in detection engineering and advice for aspiring engineers. Topics include the role of detection engineers, balancing vendor-made vs. custom detections, and tips for building effective detection rules. The podcast explores the importance of connecting detection efforts with business objectives and provides recommended reading materials to enhance detection engineering skills.

30:32

Creator website

Episode guests

Zack Allen

AI Summary

Highlights

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Detection engineering requires software, subject matter, and statistics skills to handle scaling challenges.

Balancing vendor-made and custom detections is crucial for effective threat detection and resource allocation.

Deep dives

The Challenges of Detection Engineering

Detection engineering involves honing skills in software engineering, subject matter expertise, and statistics to handle the scaling challenges presented by threats and logs. To effectively scale, individuals and organizations must focus on developing and balancing these three essential skills to manage large rule sets and operational demands.

Balancing the Use of Vendor and Custom Detections

01:08

Intro

4min

Detection Engineering Economics and Skill Sets

12min

Optimizing Detection Rules in Cybersecurity

8min

Importance of Connecting with the Business in Detection Engineering

3min

Enhancing Detection Engineering Practice with Recommended Reading and Tips

4min

Guest:

Zack Allen, Senior Director of Detection & Research @ Datadog, creator of Detection Engineering Weekly

Topics:

What are the biggest challenges facing detection engineers today?
What do you tell people who want to consume detections and not engineer them?
What advice would you give to someone who is interested in becoming a detection engineer at her organization?
So, what IS a detection engineer? Do you need software skills to be one? How much breadth and depth do you need?
What should a SOC leader whose team totally lacks such skills do?
You created Detection Engineering Weekly. What motivated you to start this publication, and what are your goals for it? What are the learnings so far?
You work for a vendor, so how should customers think of vendor-made vs customer-made detections and their balance?
What goes into a backlog for detections and how do you inform it?

Resources:

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Cloud Security Podcast by Google

EP181 Detection Engineering Deep Dive: From Career Paths to Scaling SOC Teams

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Challenges of Detection Engineering

Balancing Engineering and Consuming Detections

Economics and Decision-Making in Detection Engineering

Optimizing Rule Quality and Precision in Detection Engineering

Balancing the Use of Vendor and Custom Detections

Remember Everything You Learn from Podcasts