How I Learned to Stop Worrying and Build a Modern Detection & Response Program | Black Hat Europe

Channel:
Subscribers:
4,570
Published on ● Video Link: https://www.youtube.com/watch?v=JV_dD3WDPt0



Duration: 34:58
44 views
3


How I Learned to Stop Worrying and Build a Modern Detection & Response Program | A Black Hat Europe 2023 Event Coverage Conversation with Allyn Stott

Guest: Allyn Stott, Senior Staff Engineer

On LinkedIn | https://www.linkedin.com/in/whyallyn/

On Twitter | https://twitter.com/whyallyn

On Mastodon | https://infosec.exchange/@whyallyn

At Black Hat Europe | https://www.blackhat.com/eu-23/briefings/schedule/speakers.html#allyn-stott-42433

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

Episode Notes

In this episode of the ITSPmagazine On Location Event Coverage series, host Sean Martin engages in a thought-provoking conversation with guest Allyn Stott, a seasoned cybersecurity professional and senior staff engineer. The discussion orbits around the challenges and solutions in building a modern detection response program.

Allyn shares his unique perspective on why blue teams often fail. He suggests that the failure is not due to a lack of technical skills, but rather a lack of a broader strategy and understanding of the overall detection response program. He emphasizes the importance of integrating the detection response team into broader business conversations, thereby fostering a more holistic approach to managing risk.

The conversation also explores the role of threat intelligence and the need for continuous learning and adaptation in the face of evolving threats. Allyn underscores the importance of understanding the business's actual risk and aligning the detection response program accordingly.

Allyn also shares his experience in creating a framework to help teams understand their current capabilities and how to evolve towards a more effective detection response program. This framework, he suggests, can help prioritize work within the program and provide a roadmap for reporting out.

This episode is a treasure trove of insights for CISOs, managers, directors, and builders in the cybersecurity field. It provides a roadmap for identifying skill sets, prioritizing work within the program, and reporting out, all crucial elements in building a modern detection response program.

The conversation is a blend of practical advice and philosophical musings on the nature of cybersecurity, making it a must-listen for anyone interested or practicing in the field.

About Allyn's Black Hat Europe 2023 Session, 'How I Learned to Stop Worrying and Build a Modern Detection & Response Program': You haven't slept in days. Pager alerts at all hours. Constant firefights. How do you get out of this mess? This talk gives away all the secrets you'll need to go from reactive chaos to building and running a finely tuned detection & response program (and finally get some sleep).

Gone are the days of buying the ol' EDR/IDS/NGAV combo, throwing some engineers on an on-call rotation, and calling it your incident response team. You need a robust and comprehensive detection and response program to fight modern day attackers. But there are a lot of challenges in the way: alert fatigue, tools are expensive, hiring talent is impossibly difficult, and your current team is overworked from constant firefights.

How do you successfully build a modern detection and response program, all while riding the rocket of never ending incidents and unforgiving on-call schedules?

This talk addresses the lack of a framework, which has led to ineffective, outdated, and after-thought detection and response programs. At the end of this talk, you will walk away with a better understanding of all the capabilities a modern program should have and a framework to build or improve your own.

* How worrying can be a superpower

* Why blue teams fail

* The framework I've developed for building a detection and response program

____________________________

Resources

How I Learned to Stop Worrying and Build a Modern Detection & Response Program: https://www.blackhat.com/eu-23/briefings/schedule/#how-i-learned-to-stop-worrying-and-build-a-modern-detection--response-program-34241

A Security Newsletter with a Cute Cat: https://www.meoward.co/subscribe

Learn more about Black Hat Europe 2023: https://www.blackhat.com/eu-23/

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Black Hat Europe 2023 playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllQXpNVL6L8zfXXDip7JtQY1

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network




Other Videos By ITSPmagazine


2023-12-05Be Your Own Best Advocate | A Conversation with Arti Raman | The Soulful CXO Podcast
2023-12-01Book | The Privacy Leader Compass | A Conversation with Valerie lyons | Redefining CyberSecurity
2023-11-29Exploring the Future at Smart City Expo 2023: with Shawn Butler and Kika Von Klück
2023-11-28Words and Music: Songwriting Inspirations and the Importance of Keeping an Open Mind as a Musician
2023-11-28The Geek in the Rear with the Gear: Andrew Strutt on Supporting Military operations | Cy Beat
2023-11-27Book | Castle Defenders: What Do Cyber Parents Do? | A Pentera Brand Story with Aviv Cohen
2023-11-24Game Changer: How Strategic Pricing Shapes Businesses, Markets and Society | Jean-Manuel Izaret
2023-11-23Navigating the Holidays | A Conversation with Cher Murphy | After 40 Podcast with Dr. Deborah Heiser
2023-11-22The Power of 'What If' in Storytelling Unlocking Imagination in Science | Astrophysicist Neil Comins
2023-11-22We Need to Stop the Temperature From Rising If We Don't Want to Ice the CISO Role | Black Hat Europe
2023-11-22How I Learned to Stop Worrying and Build a Modern Detection & Response Program | Black Hat Europe
2023-11-21The Secret to Business Strategy Success | A Conversation with Jeron Kraaijenbrink
2023-11-21Human-Centered Cybersecurity at NIST | Unlocking the Human Factor with Julie Haney
2023-11-20Innovating for a Secure Connected World | CES 2024 Event Coverage Conversation w/ J. David Grossman
2023-11-16Career Shifts, Historical and Cultural Biases, and Privacy in the upcoming AI Tech-Driven Society
2023-11-16Living Undersea for 100 Days and The Power of Storytelling in Science Education | Dr. Joseph Dituri
2023-11-15Transhumanism | A Conversation with Len Noe | Cyber Cognition Podcast with Hutch
2023-11-14Set Yourself Up to Win | A Conversation with Mike Wilkes | The Soulful CXO Podcast
2023-11-13Why Meaningful Connections Matter | After 40 Podcast with Dr. Deborah Heiser
2023-11-13Design Goals & Cybersecurity Integrity: Redefining the CISO Role to Avoid Failure | Malcolm Harkins
2023-11-09Cybersecurity Challenges in Large Jurisdictions and the Impact of Emerging Technologies | L. Godsey



Tags:
detection response program
blue teams
business risk
threat intelligence
continuous learning
cybersecurity
risk management
operational team
technical capabilities
security architecture
modern detection
technology evolution
cybersecurity strategy
risk calculation
incident response
cybersecurity failures
security program
cybersecurity field
business conversations
technical skills
program framework
risk alignment