Snowflake’s Haider Dost and Daniel Wyleczuk-Stern: Why Querying Your Data Properly is Critical to Scaling Your Detection Program

If you were building a detection program today, what would be your top resources to start with?

As we head into a cloud-based future, the ability of handling increased data sets becomes crucial, teams need to have processes in place that cover the entire detection lifecycle, and develop skills necessary to help build, grow and improve a successful detection program.

In today's episode, we had an insightful conversation with Snowflake’s Global Threat Intelligence and Detection Engineering Leader, Haider Dost and Senior Security Engineer, Daniel Wyleczuk-Stern where we discovered why data and being able to query that data is a critical first step.

Topics discussed in this episode:

• Haider's and Daniel's background in security.
• The precursors and skills necessary to becoming an engineer.
• A high level approach to building strong detection teams.
• The importance of collecting and correlating log sources for a proper incident response.
• How to be proactive when building your detection baseline.
• What a detection lifecycle process is and why every team should have one.
• What the biggest challenges of building a detection program are.
• Why it’s critical that responders or analysts have a sense of ownership on the detections that are being built.
• How security teams at Fortune 500 and Silicon Valley companies differ from each other.