Canaries In The Wild

Tracebit
  • 0.0 (0)
  • TECHNOLOGY

Conversations with security leaders and practitioners about their real-world experience of canaries and honeypots. Our guests share tactics, detection stories, and lessons learned from production deployments - ranging from technical details to the role deception plays in their defensive strategy, we explore the reality of 'canaries in the wild'. From the team at Tracebit.

Episodes

  1. Kevin Conley - Thinking Like an Attacker and the Psychological Power of Deception

    4D AGO

    Kevin Conley - Thinking Like an Attacker and the Psychological Power of Deception

    Our latest episode features Kevin Conley, Team Lead and Principal Security Engineer of the Deception Technology team at Riot Games, who has built their canary program from the ground up over the past few years. Kevin has spent years deploying and running deception at massive scale - protecting one of the world's largest gaming platforms with hundreds of millions of players. He brings practical experience from building the program and operating it day-to-day. In this episode, Kevin breaks down why thinking like an attacker is fundamental to effective canary placement, how to measure deception program success, and the psychological impact of deception on attackers. Timestamps: 00:00 Intro01:32 Defining terms: canaries, decoys, honeypots, and deception03:40 Kevin's journey to leading deception at Riot Games05:40 Adopting an attacker's perspective: the fundamental mindset shift07:46 Why benign positives validate your canary placement08:50 Catching malicious activity and discovering unexpected environment usage15:06 Measuring success: coverage and validation17:59 Blind red team exercises and attacker awareness20:02 The psychological power of deception on attackers24:29 Catching attackers early in the attack chain25:51 The ROI case: deploying where traditional tools can't reach29:57 What to communicate internally about your deception program38:35 Why the honeypots misconception hurts deception teams39:46 Making the case: why every security team should use canaries41:48 When to adopt deception in your security journey43:58 The future of deception: redefining it as active defense46:47 Closing

    43 min
  2. Mandy Andress: Assume Breach, High Fidelity Alerts and Guardrails for AI Agents

    11/18/2025

    Mandy Andress: Assume Breach, High Fidelity Alerts and Guardrails for AI Agents

    Andy sits down with Mandy Andress (CISO, Elastic) who has been working with deception technology since the early days of honeypots and honeynets.Mandy brings a CISO's perspective on why canaries deserve a much larger role in modern security programs, and shares her views on how the fundamentals of detection are shifting as environments become more complex and threats evolve. Timestamps:00:00 Intro02:05 Honeypots vs canaries—different objectives, different priorities05:22 Why assume breach is foundational in modern security10:45 High fidelity alerts: reducing time to investigation15:50 Practical canary deployments—S3 buckets, file shares, and cloud accounts18:30 No-code vulnerabilities and the coming security challenges19:55 AI agents going rogue—using canaries as guardrails22:11 What to communicate internally about your canary program26:16 Best advice: just get started—it's simpler than you think (edited)

    28 min

  3. 10/13/2025

    Josh Yavor: High Signal, Low Noise - The Case for Early Canary Deception

    Andy sits down with Josh Yavor (CEO, Credible Security) to discuss his experience of a decade of deploying deception technology. From building complex malware analysis environments to protecting sensitive IP during third-party data sharing, Josh explains why canaries deliver high-value signals early in your security journey and shares creative use cases including using canaries during active incident response.  =================🔍 IN THIS EPISODE================= 🪶 Why deception isn’t just for “mature” security programs📡 Real signals vs. industry reports — what matters more🔇 Why absence of alerts doesn’t mean absence of value💡 Creative deployments — from protecting IP to incident response🧭 Lessons from a decade of making deception work in the real world ============================================================ 00:00 Intro02:05 Why deception isn’t just for mature programs06:40 Real signals vs. industry reports10:20 “If it doesn’t fire, is it working?” — why absence of signal doesn’t mean absence of value15:50 Creative deployments — canaries for IP protection & incident response22:10 Lessons from a decade of deception

    39 min

  4. 09/07/2025

    Didier Vandenbroeck: Catching Red Teams, Insider Threat and the ROI of Canaries

    Andy sits down with Didier Vanderbroeck (VP Security & IT, Oleria) to discuss the value he's seen from canaries as a detection mechanism over a 25 year career in security. Ranging from getting caught by Salesforce's honeypots while running red-teaming post-Slack acquisition, to what AI means for the future of deception technology; Didier shares his insights on what it means to Assume Breach with canaries.

    36 min
  • 4 Episodes

About

Conversations with security leaders and practitioners about their real-world experience of canaries and honeypots. Our guests share tactics, detection stories, and lessons learned from production deployments - ranging from technical details to the role deception plays in their defensive strategy, we explore the reality of 'canaries in the wild'. From the team at Tracebit.

Information

  • Creator
    Tracebit
  • Years Active
    2025 - 2026
  • Episodes
    4
  • Rating
    Clean
  • Copyright
    © 2026 Tracebit
  • Show Website
    Canaries In The Wild