In this episode of Detection at Scale, Jack welcomes Christopher Watkins, Senior Staff Cloud Security Engineer at WP Engine, to discuss innovative logging solutions and efficient data management across multiple cloud platforms. Chris reveals how WP Engine leverages native tools and robust API gateways to streamline logging processes. 

He shares strategies for cost-effective threat hunting, such as optimizing large-scale queries through table partitioning. Chris also emphasizes the importance of mental and physical well-being, and the role of community support in maintaining a sustainable career in cybersecurity. 

Topics discussed:

• How WP Engine uses native tools and robust API gateways to manage logging across multiple cloud platforms efficiently.
• Strategies for optimizing large-scale queries, such as table partitioning and avoiding costly operations, to maintain efficiency and reduce expenses.
• Techniques for moving data efficiently across different cloud services, ensuring consistency and reliability in data management.
• The importance of partitioning tables and being selective with queries to enhance threat detection and incident response efforts.
• The role of a well-designed schema in speeding up threat detection by understanding key value pairs frequently used in security data.
• Leveraging best practices from data teams to optimize queries and improve security use cases.
• Ensuring human oversight with two-person reviews of scripts and dry runs to maintain accuracy and reliability in automated processes.
• The importance of mental, physical, and spiritual health routines to manage the stress of incident response and avoid burnout.
• The role of community and trusted conversations in sharing experiences about breaches, vulnerabilities, and other challenges in the cybersecurity field.
• How WP Engine's mantra of "detection as code" and "pipelines as code" extends to response workflows for increased efficiency and effectiveness.

Resources Mentioned: 

• Chris Watkins on LinkedIn
• WP Engine website