Managing security for a device that can autonomously interact with third-party services presents unique orchestration challenges that go beyond traditional IoT security models. In this episode of Detection at Scale, Matthew Domko, Head of Security at Rabbit, gives Jack an in-depth look at building security programs for AI-powered hardware at scale.   He details how his team achieved 100% infrastructure-as-code coverage while maintaining the agility needed for rapid product iteration. Matt also challenges conventional approaches to scaling security operations, advocating for a serverless-first architecture that has fundamentally changed how they handle detection engineering. His insights on using private LLMs via Amazon Bedrock to analyze security events showcase a pragmatic approach to AI adoption, focusing on augmentation of existing workflows rather than wholesale replacement of human analysis.  Topics discussed: How transitioning from reactive SIEM operations to a data-first security approach using AWS Lambda and SQS enabled Rabbit's team to handle complex orchestration monitoring without maintaining persistent infrastructure.  The practical implementation of LLM-assisted detection engineering, using Amazon Bedrock to analyze 15-minute blocks of security telemetry across their stack.  A deep dive into security data lake architecture decisions, including how their team addressed the challenge of cost attribution when security telemetry becomes valuable to other engineering teams.  The evolution from traditional detection engineering to a "detection-as-code" pipeline that leverages infrastructure-as-code for security rules, enabling version control, peer review, and automated testing of detection logic while maintaining rapid deployment capabilities. Concrete examples of integrating security into the engineering workflow, including how they use LLMs to transform security tickets to match engineering team nomenclature and communication patterns. Technical details of their data ingestion architecture using AWS SQS and Lambda, showing how two well-documented core patterns enabled the team to rapidly onboard new data sources and detection capabilities without direct security team involvement. A pragmatic framework for evaluating where generative AI adds value in security operations, focusing on specific use cases like log analysis and detection engineering where the technology demonstrably improves existing workflows rather than attempting wholesale process automation.  Listen to more episodes:  Apple  Spotify  YouTube Website

Mor Levi, VP of Detection, Analysis, & Response at Salesforce, shares her expertise on integrating AI in security operations. She reveals how Agent Force achieved 90% automation in triage while maintaining effectiveness. Topics include securing AI implementations, the evolving roles of security analysts, and the importance of data quality. Mor discusses the balance between AI efficiency and human creativity, emphasizing the need for strategic thinking in an increasingly automated landscape. Real-world examples provide insights into both the challenges and successes of AI in enterprise security.

In this episode of Detection at Scale, Jack speaks to Brandon Kovitz, Senior Manager of Detection & Response at Outreach, shares his insights on the evolving landscape of cybersecurity. He discusses the critical role of generative AI in enhancing detection and response capabilities, emphasizing the importance of understanding data to maximize security tools' effectiveness.    Brandon also highlights the balance between human intuition and AI, noting that while AI can analyze vast amounts of data, it lacks the nuanced understanding of intent that only humans can provide. Tune in to learn how organizations can leverage AI while maintaining essential human oversight in their security strategies!    Topics discussed: The importance of operationalizing detection and response capabilities to enhance security posture in a cloud-native, SaaS-first environment.   Leveraging generative AI to improve data analysis and streamline detection processes, ultimately enabling faster responses to emerging cyber threats.   The critical balance between AI capabilities and human intuition, emphasizing that human expertise is essential for understanding intent behind actions in cybersecurity.   Understanding the data landscape is vital for maximizing the effectiveness of security tools and ensuring a strong return on investment.   The role of automation in reducing the noise from tier one and tier two security alerts, allowing teams to focus on complex issues.   Insights on building a detection-as-code pipeline to facilitate rapid implementation of security measures in response to emerging vulnerabilities.   The significance of collaboration between security teams and privacy experts to ensure compliance and protect customer data in AI initiatives.   The future of cybersecurity operations, including the potential for AI to automate many routine tasks and enhance overall operational efficiency.   The necessity for ongoing education and adaptation in the cybersecurity field to keep pace with technological advancements and evolving threats.     Resources Mentioned:  Brandon Kovitz on LinkedIn Outreach website

JJ Tang, CEO and Co-founder of Rootly and former Instacart innovator, shares his insights on transforming incident management. He discusses why it's crucial to view incident management as a cultural shift rather than just a tooling problem. Tang emphasizes breaking down silos between security and other teams to improve communication. He highlights the role of security practitioners as educators, the importance of data analysis in preventing incidents, and strategies to foster a culture of reliability across organizations.

Thijn Bukkems, Threat Hunting Lead at Grammarly, shares his expertise in building robust security intelligence programs. He emphasizes working backwards from response strategies to create effective threat detection mechanisms. Collaboration across teams is crucial to avoid silos and uncover valuable insights. Thijn discusses maximizing existing resources, enhancing security efficiency through adaptable tools, and the importance of internal threat modeling. He highlights the need to prioritize tasks and balance analytical research with practical solutions in the ever-evolving landscape of cybersecurity.

Saksham Tushar, the Head of Security Operations & Threat Detection Engineering at CRED, dives into the intricacies of compliance in a fast-paced tech environment. He discusses how CRED streamlines complex compliance requirements and leverages automation to enhance threat detection. Saksham highlights the importance of verifying automated outcomes and using Python libraries for swift incident investigations. Additionally, he emphasizes the need for contextual understanding of security incidents and the integration of threat intelligence to create a robust security operations framework.

Dan Cao is the Engineering Manager of Security Incident and Response at Netflix, and Josh Liburdi is a Staff Security Engineer at Brex. They dive into the shift toward developer-centric security operations and the challenge of balancing big platforms with bespoke tools. The importance of critical thinking and foundational skills in cybersecurity is emphasized. They share strategies for building resilient security teams through effective mentorship and culture, highlighting the need for adaptability in our ever-evolving tech landscape.

Alessio Faiella, the Director of Security Engineering & Security Operations at ThoughtSpot, shares his expertise on building forward-looking security initiatives. He emphasizes the importance of understanding product nuances and user behavior in security strategy. Alessio discusses how AI enhances detection and response, offering real-time recommendations during incidents. He highlights the need for detailed playbooks to optimize resource allocation and covers the balance between automation and human oversight to strengthen security operations.

Roger Allen, Senior Director and Global Head of Detection and Response at Sprinklr, delves into the complexities of cybersecurity. He emphasizes the importance of understanding adversaries' tactics to enhance detection capabilities. Roger discusses integrating adversary simulations to strengthen security measures and improve response strategies. He addresses team burnout through balanced workloads and meaningful discussions. With actionable insights on data management and alert prioritization, he provides a roadmap for building resilient security operations.

Christopher Watkins from WP Engine shares insights on efficient logging with native tools and API gateways. Strategies for cost-effective threat hunting and optimizing queries. Importance of mental well-being in cybersecurity. Tips on data management across cloud services.