In this episode of the Detection at Scale podcast, Jack speaks to Daniel Wiley, Head of Threat Management and Chief Security Advisor at Check Point Software, to discuss the intricacies of balancing technology and human analytics in cybersecurity.

Daniel shares his experiences in building three successful internal startups at Check Point and emphasizes the importance of continuous learning throughout one’s career. He also touches on effective incident response strategies for small- to medium-sized businesses, and the vital role of adaptable data schemas in managing large-scale security operations.

Topics discussed:

• The highs and lows experienced in the cybersecurity startup journey, including the importance of quick decision-making and team-building.
• Strategies for developing effective IR playbooks tailored for small- to medium-sized businesses to handle security threats efficiently.
• The integration of machine analytics and human expertise to manage and interpret large volumes of cybersecurity data.
• Managing 24/7 global SOCs, including the challenges of shift rotations and ensuring analysts are not overloaded.
• Techniques for determining which data is crucial for cybersecurity efforts and how to handle terabytes of data per second.
• The necessity of ongoing education and staying updated with the latest in cybersecurity to maintain effectiveness in the field.
• The significance of hiring the right team from the start and making swift, decisive personnel changes when necessary.
• Check Point's focus on maintaining high operational margins and its impact on the business's success and sustainability.

Resources Mentioned:

• Daniel Wiley on LinkedIn
• Check Point Software website
• The Hard Thing About Hard Things by Ben Horowitz
• Cyber for Builders by Ross Haleliuk

In our latest episode of Detection at Scale, Jason Waits, CISO at Inductive Automation, shares insights learned in his journey from network administration to cybersecurity and the importance of SCADA systems.

He dives into the value of automation, ML, and AI in security operations, highlighting the need for asking the right questions for efficient data analysis. Jason also discusses building a security team with a focus on detection and response, leveraging automation for faster investigations.

Topics discussed:

• The role of SCADA systems in various industries and the importance of security in OT environments.
• The challenges and strategies in building a security program for scale, focusing on automation and infrastructure as code.
• The impact of IT-OT convergence on security issues and the need for enhanced controls and monitoring in interconnected systems.
• Embracing automation in security operations, including detection engineering and automating response actions for efficiency and scalability.
• Utilizing enrichment techniques for contextual data analysis and the significance of data sources for effective security investigations.
• The use of ML and AI in security operations, particularly in natural language querying and data analysis for actionable insights.
• Jason's advice on building a successful security team, emphasizing automation, staying informed on industry trends, and fostering collaboration with engineering teams.

Resources Mentioned:

• Jason Waits on LinkedIn
• Inductive Automation website
• Detection Engineering Weekly newsletter

In our recent special Hot Ones-style episode of Detection at Scale, Panther CEO Will Lowe and Founder & CTO Jack Naglieri sit down to taste hot sauces and talk hot topics in the field of cybersecurity. Jack shares his evolution from security professionals to founders, emphasizing the importance of experience and understanding attacker profiles.

Jack also gives his insights on the foundational skills to becoming a detection engineer, including building detection engineering functions and having war room experience. He also discusses the evolving role of AI in the security field, such as its usefulness in generating code for detection programs.

Topics discussed:

• Jack’s transition from practitioner to company founder, emphasizing the importance of saying yes to opportunities and keeping an open mind.
• Building detection engineering functions with a focus on understanding what needs to be detected and why.
• The significance of measurement in detection engineering and the importance of a growth mindset for continuous improvement.
• The importance of understanding the experiences of security practitioners and software engineers.
• The role of war room experience in understanding attacker profiles and the importance of incident response strategies to prepare for a role as a detection engineer.
• The importance of sharing knowledge and experiences within the cybersecurity community.

Resources Mentioned: Jack Naglieri’s Substack