Detection at Scale

Panther Labs
  • 5.0 (11)
  • TECHNOLOGY
  • UPDATED WEEKLY
Detection at Scale

The Detection at Scale Podcast is dedicated to helping security practitioners and their teams succeed at managing and responding to threats at a modern, cloud scale. Every episode is focused on actionable takeaways to help you get ahead of the curve and prepare for the trends and technologies shaping the future.

  1. FEB 11

    Salesforce's Mor Levi on Transforming Security Operations with AI Agents

    What does AI in security operations actually look like at scale? In this episode of Detection at Scale, Mor Levi, VP of Detection, Analysis, & Response at Salesforce, shares her team's hands-on experience with Agent Force — from achieving 90% automation in initial case triage to setting ambitious goals for full automation.  Her conversation with Jack goes deep into the practical realities: integrating AI with existing tools, evolving analyst roles, and why human creativity matters more than ever. Through candid discussion and real-world examples, Mor shares both the successes and challenges of bringing AI into enterprise security, offering valuable lessons for teams at any stage of their AI journey. Topics discussed: Implementing generative AI agents for security operations, achieving 90% automation in initial triage while maintaining effectiveness and reliability. Securing LLM implementations through comprehensive threat modeling, focusing on data access controls and potential abuse scenarios. Integrating AI agents with existing SOAR platforms to create powerful automation workflows while maintaining operational control. Evolution of security analyst roles as AI handles routine tasks, emphasizing strategic thinking and hypothesis development. Importance of data quality and systematic implementation in training effective security-focused AI agents. Strategies for maintaining consistency and reliability in AI-driven security operations through proper prompt engineering. Building effective guardrails and controls for AI systems while enabling powerful automation capabilities. Balancing automation with human oversight to ensure security effectiveness and maintain operational integrity. Future trends in AI-driven security operations and the increasing importance of creative problem-solving skills. Practical advice for implementing AI in security operations, emphasizing focused use cases and clear success criteria.

    31 min

  2. 11/27/2024

    Outreach’s Brandon Kovitz on Balancing Human Intuition and AI in Cyber Defense

    In this episode of Detection at Scale, Jack speaks to Brandon Kovitz, Senior Manager of Detection & Response at Outreach, shares his insights on the evolving landscape of cybersecurity. He discusses the critical role of generative AI in enhancing detection and response capabilities, emphasizing the importance of understanding data to maximize security tools’ effectiveness.  Brandon also highlights the balance between human intuition and AI, noting that while AI can analyze vast amounts of data, it lacks the nuanced understanding of intent that only humans can provide. Tune in to learn how organizations can leverage AI while maintaining essential human oversight in their security strategies!  Topics discussed: -The importance of operationalizing detection and response capabilities to enhance security posture in a cloud-native, SaaS-first environment.   -Leveraging generative AI to improve data analysis and streamline detection processes, ultimately enabling faster responses to emerging cyber threats.   -The critical balance between AI capabilities and human intuition, emphasizing that human expertise is essential for understanding intent behind actions in cybersecurity.   -Understanding the data landscape is vital for maximizing the effectiveness of security tools and ensuring a strong return on investment.   -The role of automation in reducing the noise from tier one and tier two security alerts, allowing teams to focus on complex issues.   -Insights on building a detection-as-code pipeline to facilitate rapid implementation of security measures in response to emerging vulnerabilities.   -The significance of collaboration between security teams and privacy experts to ensure compliance and protect customer data in AI initiatives.   -The future of cybersecurity operations, including the potential for AI to automate many routine tasks and enhance overall operational efficiency.   -The necessity for ongoing education and adaptation in the cybersecurity field to keep pace with technological advancements and evolving threats.

    30 min

  3. 11/14/2024

    Rootly’s JJ Tang on Transforming Incident Management Culture

    In this episode of Detection at Scale, Jack speaks to JJ Tang, CEO and Co-founder of Rootly, about revolutionizing incident management in tech organizations. JJ shares his journey from practitioner to founder and emphasizes the importance of viewing incident management as a cultural and collaborative effort rather than just a tooling issue.    JJ touches on breaking down silos between security and other teams to enhance communication and reliability, and empowering security practitioners to take on educator roles within their organizations. He also offers actionable insights on creating a culture of reliability and improving incident response strategies!    Topics discussed: The importance of viewing incident management as a cultural shift rather than just a tooling problem, focusing on people and processes.   Strategies for breaking down silos between security teams and other departments to foster collaboration and improve incident response effectiveness.   The role of security practitioners as educators, helping other teams understand best practices and the importance of security in incident management.   The significance of collecting and analyzing data on repeat incidents to identify root causes and prevent future occurrences.   Insights on how to create a culture of reliability within organizations, making incident management a shared responsibility across teams.   The challenges faced during the transition from a practitioner role to a founder and CEO in the tech industry.   The impact of AI and automation on incident management, including how these technologies can improve response times and learning from incidents.   The necessity of having a clear governance framework in place to ensure data privacy and security during incident management processes.     Resources Mentioned:  JJ Tang on LinkedIn Rootly website

    26 min

  4. 09/24/2024

    Grammarly’s Thijn Bukkems on Working Backwards from Response Strategies

    In this episode of Detection at Scale, Jack speaks to Thijn Bukkems, Threat Hunting Lead at Grammarly. Thijn shares his expertise on building a robust security intelligence program, emphasizing the importance of leveraging existing resources and adapting current tools to enhance threat detection.  Thijn discusses the value of working backwards from response strategies to design effective detection mechanisms. He also highlights the necessity of collaboration across teams, urging listeners to avoid silos in decision-making to uncover unexpected insights.  Topics discussed: The importance of utilizing current tools and knowledge, adapting them to enhance threat detection rather than starting from scratch. The value of designing detection mechanisms by first understanding how to respond to potential threats, ensuring proactive preparedness. The need to avoid silos in decision-making, as insights from various teams can lead to significant improvements in security measures. The critical aspects of security intelligence, focusing on assessing risks and anticipating potential attacks. The finite nature of security engineering time and the importance of prioritizing tasks effectively. How internal threat modeling helps in identifying vulnerabilities and understanding potential attack vectors within the organization. The balance between analytical research and production-ready work, including the need for code-oriented solutions in security. The iterative process of collecting and analyzing data to answer broad security questions and develop actionable plans. The role of automation in optimizing data collection and analysis, improving efficiency in addressing security concerns. How the security intelligence team provides strategic insights to guide the business in prioritizing security efforts effectively.

    19 min

  5. 09/04/2024

    CRED’s Saksham Tushar on Data Enrichment for Effective Threat Detection

    In this episode of Detection at Scale, Jack speaks with Saksham Tushar, Head of Security Operations & Threat Detection Engineering at CRED, about the challenges of compliance in a high-growth environment. Saksham shares their strategy for automating security processes and enriching data to enhance threat detection.  He emphasizes the importance of verifying automated outcomes to ensure accuracy. Saksham also covers how CRED uses Python libraries for efficient incident response and the significance of contextual understanding in security incidents. With a focus on streamlining compliance and leveraging intelligence, Saksham provides valuable insights into building a robust security operations framework in a rapidly evolving landscape. Topics discussed: - How CRED distilled complex compliance requirements into a manageable set of common standards to streamline processes. - The importance of correlating various log sources to create a comprehensive view of security incidents. - How automation has transformed security processes, making them more efficient and effective. - The use of threat intelligence and how it is centralized and automated to provide actionable insights for security teams. - The development of internal Python libraries that facilitate quick data queries for incident investigations. - The importance of understanding the context around security incidents to better inform responses and strategies. - How using notebooks for investigations aids in communication and auditing, allowing for clear documentation of processes. - How to organize a team to maintain agility while ensuring diverse skill sets are leveraged effectively. - The necessity of verifying automated processes to ensure they yield accurate and actionable outcomes.

    25 min

  6. 08/20/2024

    Netflix’s Dan Cao and Brex’s Josh Liburdi on Balancing Big Platforms and Bespoke Tools

    In this special episode of Detection at Scale, Jack welcomes security experts Dan Cao, Engineering Manager of Security Incident and Response at Netflix, and returning guest Josh Liburdi, Staff Security Engineer at Brex. They discuss the rise of developer-centric security solutions and the ongoing balance between utilizing big platforms like CrowdStrike and bespoke tools — the build versus buy dilemma.  They highlight the importance of fundamental skills and critical thinking in security engineering, emphasizing the need for continual learning and adaptability. Dan and Josh also share insights on building effective security teams and the significance of mentorship and team culture in fostering innovation and resilience in an evolving tech landscape.  Topics discussed: The shift towards security operations and incident response that prioritize developer involvement and custom coding solutions. How to effectively integrate large security platforms like Crowdstrike with tailored, in-house security tools. The need for critical and abstract thinking skills in security engineering to solve complex problems. Strategies for leveraging team strengths and addressing skill gaps to create robust security teams. The role of mentorship and a positive team culture in fostering growth and innovation within security teams. The importance of mastering the basics of technology and cybersecurity as a foundation for advanced problem-solving. The need for security professionals to stay adaptable and continually update their skills in a rapidly evolving tech landscape. The difficulties small security teams face when managing and integrating diverse security tools and platforms. The effectiveness and limitations of using commercial security solutions for large and small organizations.

    41 min

  7. 08/06/2024

    ThoughtSpot’s Alessio Faiella on Building Forward-Looking Security Programs

    In this episode of Detection at Scale, Jack speaks to Alessio Faiella, Director of Security Engineering & Security Operations at ThoughtSpot, to discuss building forward-looking security programs for 2024.  Alessio dives into the dynamic and ephemeral nature of modern security environments and the importance of understanding the nuances of the product and user base. He also highlights how ThoughtSpot leverages AI to enhance detection and response capabilities. Additionally, Alessio shares insights on codifying playbooks and prioritizing core focuses to ensure a robust cybersecurity posture.    Topics discussed: The importance of defining clear goals and laying strong foundations for scalable security programs. Emphasizing the need for security teams to deeply understand the product they are defending and the behaviors of its user base. The significance of developing and prioritizing detailed playbooks to guide detection and response efforts effectively. How AI can assist in real-time response, log data parsing, and providing actionable recommendations during security incidents. Identifying and focusing on critical areas like persistence, lateral movement, and data exfiltration to optimize security efforts with limited resources. Techniques for evaluating the success of security playbooks and ensuring they align with the organization's goals and infrastructure. Combining automated processes with human oversight to enhance the efficiency and accuracy of security operations. The difficulties in gathering and integrating data from various sources to enable quick and informed security responses. Crafting security rules that are tailored to the specific needs and priorities of the organization’s environment. Advice on maintaining focus and ensuring foundational security practices are in place for a strong and resilient cybersecurity posture.

    24 min

  8. 07/23/2024

    Sprinklr’s Roger Allen on Preventing Team Burnout in Cybersecurity

    In this episode of Detection at Scale, Jack speaks to Roger Allen, Senior Director, Global Head of Detection and Response at Sprinklr, to explore the complexities of running a modern SOC. Roger shares his expertise on prioritizing alerts with contextual understanding, the importance of crafting a robust data strategy, and preventing team burnout.  From integrating adversary testing to ensuring team alignment with organizational goals, Roger also offers actionable insights and practical advice for enhancing cybersecurity defenses. Topics discussed: The importance of understanding adversaries’ TTPs (Tactics, Techniques, and Procedures) and leveraging them to improve detection and response capabilities. Discussing the critical role of adversary simulation and testing in writing effective detection rules and enhancing overall security posture. Strategies for prioritizing alerts based on contextual understanding and the sequence of events, moving beyond mere alert volume. The necessity of a well-defined data strategy, including standardizing logging formats and implementing data enrichment techniques to improve incident response. Addressing team burnout by ensuring balanced workloads, regular reviews, and meaningful conversations to align team goals with organizational objectives. The role of integration and unit testing in validating security rules and ensuring their effectiveness from multiple perspectives. How security teams can bridge the gap between understanding the tech stack and the business objectives, ensuring security measures align with business priorities. The importance of bringing in relevant data for incident response and the collaboration needed between different security functions to optimize data usage.

    25 min
See All (56)

5
out of 5
11 Ratings

About

The Detection at Scale Podcast is dedicated to helping security practitioners and their teams succeed at managing and responding to threats at a modern, cloud scale. Every episode is focused on actionable takeaways to help you get ahead of the curve and prepare for the trends and technologies shaping the future.

Information

  • Creator
    Panther Labs
  • Years Active
    2021 - 2025
  • Episodes
    56
  • Rating
    Clean
  • Copyright
    © Copyright 2021 All rights reserved.
  • Show Website
    Detection at Scale

You Might Also Like

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes, and get the latest updates.
Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada