BSidesSATX 2023

Gone are the days of buying the ol’ EDR/IDS/NGAV combo, throwing some engineers on an on-call rotation, and calling it your incident response team. You need a robust and comprehensive detection and response program to fight the modern day attackers that threaten to disable, disrupt, degrade, destroy, and steal from the enterprise you protect. But there’s a lot of challenges: alert fatigue, budgets, hiring talent, and your current team is burned out.

How do you successfully build a modern detection and response program, all while riding the rocket of never ending incidents and unforgiving on-call schedules?

This talk addresses the lack of a framework for building a modern detection and response program, which has led to ineffective, outdated, and after-thought programs.

Who will enjoy this talk?

• A CISO that wants to better understand what modern detection and response should look like and how it fits into their overall program
• Managers and directors building processes and hiring the people executing this type of work
• Engineers that want to understand the bigger picture of how all the tools, capabilities, and processes should fit together and drive business value
• Program managers and project managers supporting detection and response teams
• Anyone interested in learning more about detection and response

Key Takeaways

• A framework to guide leadership and engineers in building or improving a modern detection and response program
• A better understanding of what processes, capabilities, and skill sets are needed to detect and respond to modern threats
• Methods to measure and report on the effectiveness, efficiency, and threat coverage of a detection and response program (and how to identify failures or inefficiencies early and course correct)
• Lessons learned on how to empower your teams to succeed and overcome operational timesinks