WP Engine’s Christopher Watkins on Cost-Effective Threat Hunting Strategies

Jul 9, 2024

Christopher Watkins from WP Engine shares insights on efficient logging with native tools and API gateways. Strategies for cost-effective threat hunting and optimizing queries. Importance of mental well-being in cybersecurity. Tips on data management across cloud services.

Ask episode

Chapters

Transcript

Episode notes

Intro

00:00 • 3min

Optimizing Threat Detection in Cloud Environments

02:31 • 11min

Automating Response Workflows in Cybersecurity

13:15 • 3min

Exploring Strategies for Balancing Stress and Avoiding Burnout in Incident Response

16:17 • 2min

Morning Routines, Community, and Security Advice

18:00 • 3min

In this episode of Detection at Scale, Jack welcomes Christopher Watkins, Senior Staff Cloud Security Engineer at WP Engine, to discuss innovative logging solutions and efficient data management across multiple cloud platforms. Chris reveals how WP Engine leverages native tools and robust API gateways to streamline logging processes.

He shares strategies for cost-effective threat hunting, such as optimizing large-scale queries through table partitioning. Chris also emphasizes the importance of mental and physical well-being, and the role of community support in maintaining a sustainable career in cybersecurity.

Topics discussed:

How WP Engine uses native tools and robust API gateways to manage logging across multiple cloud platforms efficiently.
Strategies for optimizing large-scale queries, such as table partitioning and avoiding costly operations, to maintain efficiency and reduce expenses.
Techniques for moving data efficiently across different cloud services, ensuring consistency and reliability in data management.
The importance of partitioning tables and being selective with queries to enhance threat detection and incident response efforts.
The role of a well-designed schema in speeding up threat detection by understanding key value pairs frequently used in security data.
Leveraging best practices from data teams to optimize queries and improve security use cases.
Ensuring human oversight with two-person reviews of scripts and dry runs to maintain accuracy and reliability in automated processes.
The importance of mental, physical, and spiritual health routines to manage the stress of incident response and avoid burnout.
The role of community and trusted conversations in sharing experiences about breaches, vulnerabilities, and other challenges in the cybersecurity field.
How WP Engine's mantra of "detection as code" and "pipelines as code" extends to response workflows for increased efficiency and effectiveness.

Resources Mentioned:

Chris Watkins on LinkedIn
WP Engine website