2023-06-10, 13:00–13:45, Track 3 (Moody Rm 102)
You haven’t slept in days. Pager alerts at all hours. Constant firefights. How do you get out of this mess? How do you successfully build a modern detection and response program, all while riding the rocket of never ending incidents and unforgiving on-call schedules? This talk gives away all the secrets you’ll need to go from reactive chaos to building and running a finely tuned detection & response program (and finally get some sleep).
Gone are the days of buying the ol’ EDR/IDS/NGAV combo, throwing some engineers on an on-call rotation, and calling it your incident response team. You need a robust and comprehensive detection and response program to fight the modern day attackers that threaten to disable, disrupt, degrade, destroy, and steal from the enterprise you protect. But there’s a lot of challenges: alert fatigue, budgets, hiring talent, and your current team is burned out.
How do you successfully build a modern detection and response program, all while riding the rocket of never ending incidents and unforgiving on-call schedules?
This talk addresses the lack of a framework for building a modern detection and response program, which has led to ineffective, outdated, and after-thought programs.
Who will enjoy this talk?
- A CISO that wants to better understand what modern detection and response should look like and how it fits into their overall program
- Managers and directors building processes and hiring the people executing this type of work
- Engineers that want to understand the bigger picture of how all the tools, capabilities, and processes should fit together and drive business value
- Program managers and project managers supporting detection and response teams
- Anyone interested in learning more about detection and response
- A framework to guide leadership and engineers in building or improving a modern detection and response program
- A better understanding of what processes, capabilities, and skill sets are needed to detect and respond to modern threats
- Methods to measure and report on the effectiveness, efficiency, and threat coverage of a detection and response program (and how to identify failures or inefficiencies early and course correct)
- Lessons learned on how to empower your teams to succeed and overcome operational timesinks
Allyn Stott is a senior staff engineer at Airbnb on the infosec technology leadership team, where he works on threat detection and incident response. Over the past decade, he has built and run detection and response programs at companies including Delta Dental of California, MZ, and Palantir. Red team tears are his testimonials.