EPISODE · Aug 9, 2025 · 47 MIN
Detect threats like never before (WHY2025)
from Chaos Computer Club - recent events feed · host Kseniia Ignatovych
Let's dive deep into the threat detection engineering topic and how does the detection engineer's job looks like in 2025. I work with threat researchers, detection engineering, and engineering managers, and we'll talk about it all: from query languages to tuning, from managing detections as code to content management, from maturity of processes to human skills augmentation. This talk provides a comprehensive overview of the modern mature detection engineering process, exploring the essential steps organizations must follow and how successful implementation is defined and measured in today's threat landscape. What You'll Learn: We'll examine the complete detection engineering lifecycle, covering the key phases that transform security teams from reactive alert-chasers into proactive threat hunters. You'll understand how to build, implement, and continuously improve detection capabilities that actually work at enterprise scale. Key topics: - Detection Engineering Process Deep Dive: Walk through the step-by-step process that mature organizations follow, from threat modeling to deployment to continuous improvement and practical use of AI - Maturity Framework Analysis: Compare popular detection engineering maturity frameworks, understanding their key differences, strengths, and how to choose the right approach for your organization - Detection as Code Adoption: Understand the growing trend toward treating detection rules as code, including version control, testing, and deployment automation that's transforming how security teams operate - Success Metrics and Measurement: Discover how to properly define and measure the success of your detection engineering program with meaningful KPIs and assessment criteria This session is for security engineers, SOC analysts, detection engineers, and security leaders who want to understand and implement modern detection engineering practices. Whether you're starting your detection engineering journey or looking to mature your existing program, you'll gain practical insights and actionable frameworks to elevate your organization's threat detection capabilities. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/8GWVTN/
What this episode covers
Let's dive deep into the threat detection engineering topic and how does the detection engineer's job looks like in 2025. I work with threat researchers, detection engineering, and engineering managers, and we'll talk about it all: from query languages to tuning, from managing detections as code to content management, from maturity of processes to human skills augmentation. This talk provides a comprehensive overview of the modern mature detection engineering process, exploring the essential steps organizations must follow and how successful implementation is defined and measured in today's threat landscape. What You'll Learn: We'll examine the complete detection engineering lifecycle, covering the key phases that transform security teams from reactive alert-chasers into proactive threat hunters. You'll understand how to build, implement, and continuously improve detection capabilities that actually work at enterprise scale. Key topics: - Detection Engineering Process Deep Dive: Walk through the step-by-step process that mature organizations follow, from threat modeling to deployment to continuous improvement and practical use of AI - Maturity Framework Analysis: Compare popular detection engineering maturity frameworks, understanding their key differences, strengths, and how to choose the right approach for your organization - Detection as Code Adoption: Understand the growing trend toward treating detection rules as code, including version control, testing, and deployment automation that's transforming how security teams operate - Success Metrics and Measurement: Discover how to properly define and measure the success of your detection engineering program with meaningful KPIs and assessment criteria This session is for security engineers, SOC analysts, detection engineers, and security leaders who want to understand and implement modern detection engineering practices. Whether you're starting your detection engineering journey or looking to mature your existing program, you'll gain practical insights and actionable frameworks to elevate your organization's threat detection capabilities. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/8GWVTN/
NOW PLAYING
Detect threats like never before (WHY2025)
No transcript for this episode yet
Similar Episodes
Apr 21, 2026 ·73m
Apr 18, 2026 ·95m
Apr 15, 2026 ·55m
Apr 13, 2026 ·68m
Apr 11, 2026 ·59m
Apr 9, 2026 ·66m