Detection Engineering Dispatch

KC Yerrid joins Detection Dispatch to break down SCOUT — a local-first, open-source analyst cockpit built around atomic notes, entity relationships, and structured investigation memory.The SCOUT Project Github: https://github.com/kcyerrid/SCOUTIn this episode, we explore:Why static investigation notes rarely get referenced again and why tribal knowledge evaporates after every incidentWhy “everything is an entity” is a massive shift for analystsHow graph-based sensemaking helps visualize relationships, dashboards can’tWhy brittle SOAR playbooks fail (investigations aren’t linear — you can’t pre-plan every branch)Why investigations don’t fit neatly into tickets and timelinesAnd how better documentation makes AI actually useful laterPlus: junior analysts can level up faster with entity-based thinking.If you have to keep re-learning the same lessons every quarter… this one’s for you.Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

Detection engineering has the same problem as UFO sightings....sometimes we think we’re seeing something, but we’re not sure what.In this UFO-themed special, Alex Hurtado and David Burkett break down the new definition of visibility, the evolving role of IOCs, and the rise of EDR evasion exploiting blind spots in our tools, data, and assumptions. 🛸Shownote references:https://www.liesabove.com/https://www.magonia.io/Signal Detection Theory: https://www.magonia.io/blog/vintage-detection-radar-research-cyber-threats/The Evolving Role of IOCs: https://www.magonia.io/blog/maximizing-the-value-of-threat-indicators-and-reimagining-their-role-in-modern-detection/The New Definition of Visibility: https://www.magonia.io/blog/what-is-cybersecurity-visibility/Decoding Fuzzy Hashes:  https://www.magonia.io/blog/what-is-cybersecurity-visibility/Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

In this episode, we hop in the time machine with my old friends Matt Konwiser and Chris Liccardi to break down the evolution of the SOC and explore what actually got better, what got worse, and why alert fatigue may be the normalized thing no one wants to do anything about.What’s inside:The ghost of SOCs past: linear, manageable, maybe even… boring?IAM, UBA, VPCs, and other buzzwords that broke the workflow also UBA is the bridesmaid of security and why it should include an A for AI behavior.UBA’s glow-up potential (or lack thereof)Real-life horror stories from the modern alert trenchesDetection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

A Chloe Burton special on the very human side of detection engineering. From a nonlinear path into security (neuroscience, psychology, Splunk era chaos) to leading a DE team today, Chloe and Alex break down why context beats checklists, why so many detections cluster in the middle of the MITRE ATT&CK framework, and how telemetry availability quietly shapes what we defend.We dig into detection fundamentals that don’t get talked about enough: avoiding the myth of the perfect rule, resisting over-tuning, rotating across domains to prevent stagnation, and staying grounded while the sky always feels like it’s falling. Chloe also shares leadership unlearns—raising flags early, saying “no” with strategy, and creating teams that feel safe to fail forward.We also discuss how to get leadership to give a f**ck and overall how to best escalate problems and gaps up the chain.Finally, if macOS threat coverage is on your radar, we also call out Olivia Galucci’s newsletter as a must-follow for macOS threat intelligence and research in a space that desperately needs more visibility.📊 Shownotes call-outs: MITRE ATT&CK sunburst analysis MacOS Research & Newsletter: https://oliviagallucci.com/blog/#subscribeDetection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

What if the real question isn’t “Do you need an AI SOC?” but “Are your alerts actually any good?” In this episode, Alex and Dennis Chow (Director of SecOps Engineering at UKG) and co-author of Automating Security Detection Engineering break down the uncomfortable truth: if your alerts are fundamentally weak, no AI system will save you.Dennis walks through how he evaluates when alerts move from unmanageable to stable, the metrics that determine whether automation is genuinely safe, and how his team built a multi-agent pipeline on GCP capable of consuming alert volume at a rate no human team could match. He shows what automation can realistically achieve from scaling L1/L2 investigations to reclaiming analyst hours and where it still depends on skilled detection engineering.They also tackle the real decision point for leaders: when does it make sense to buy an AI SOC vendor that handles both detection development and triage, and when is it just a GPT wrapper dressed as a solution?40% discount on eBook: Use code PACKTEBOOKPackt Book URL: https://www.packtpub.com/en-us/product/automating-security-detection-engineering-9781837631421Code validity: November 30, 2025Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

Before he ever cried on the red line, Spencer Pratt broke his own RAG index.In this episode of Detection Dispatch, Spencer Pratt (not The Hills one...this one writes detections, not drama) joins Dispatch to talk through what it really takes to operationalize agentic AI in the wild. From L1/2 triage to risk scoring, Spencer walks us through building a homegrown RAG system on top of Azure, complete with semantic search, vector embeddings, and even one risk score that always returns “zero” (because he told it to).We get into:– OpenAI in production for alert history correlation & analysis assist– How to hallucination-proof your enrichment– Why DNS exfil is still too weird for your LLM– And why automation shouldn't make the decisions, but can help you decide fasterAlso in this episode, you get a bonus:🥲 Chicago starter pack of reccs for newly promoted SOC analysts🍕 Bottomless brunch + skyline bike rides with the fam🎮 Retro arcades and ramen bars that go harder than your SIEMDetection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

Alex and Scott Rodgers unpack the F5 breach, Mandiant M-Trends highlights like the fall of BEACON, and the leapfrogging of Stolen Creds over Phishing.Expect:The infostealer industrial complexOperation MORPHEUS x BEACON’s quiet exitThe real meaning of “supply chain blast radius” & tight turnaround time reqsWhy screaming might actually save your sanityHit play. Stay unhinged. Detect responsibly.Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

We unpack what modern EDRs actually deliver, where they fall short, and where to validate telemetry before you buy. EDR Telemetry Project co-founder, Kostas walks through the open-source EDR Project, the pros/cons of Sysmon, and how to evolve from alert consumers to detection engineers. And also....EDR Vendors dropping out of the MITRE ATT&CK Evaluations??Show Note References: https://github.com/tsale/EDR-Telemetry?tab=readme-ov-file#edr-scoreshttps://www.edr-telemetry.com/Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

On this Detection Dispatch, host Alex Hurtado sits down with Jake Berkowsky CTO at Snowflake to crack open one of the hottest and often misunderstood topics in modern SecOps: the rise of the security data lake x security data lakes as your SIEM.Modern detection architecture isn’t about choosing SIEM or lake, it's about interoperability, orchestration, and strategic flow. We cover federation hype and data silo upkeep fatigue and take a brutally honest look at why standalone SIEMs aren’t cutting it, what’s actually driving data lake adoption, and how teams can shift from buying more platforms to building better data flows. Along the way, they unpack the new Snowflake x Splunk integration, AI governance headaches, and the myth of the “one platform to rule them all.If you're wrestling with detection silos, debating SIEM retirement, considering data lake modernization or just trying to make sense of the evolving detection-to-response pipeline, this episode is your signal.Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

In a world where SOCs are dissolving, job roles are glitching, and where the attack surface blurs between our work <> personal life between Slack & Discord, one thing remains constant: detection never sleeps.On this episode of Dispatch, we’re joined by Day Johnson — detection engineer at Amazon, architect of Cyberwox labs, and voice of clarity for 100K+ across LinkedIn, YouTube, and Twitter. From Datadog to the bleeding edge of cloud defense, Day’s been charting what it means to stay sharp when the landscape won’t sit still. We go all in on this chaos.Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

Join Snowflake’s Insider Threat team for a direct discussion on separating everyday behavioral drift from true malicious intent. We examine role changes, privilege creep, and off-hour access, showing how context—identity, project timelines, and data lineage—sharpens detection and reduces noise. The conversation ends with a clear-eyed look at the trade-off between missing an insider and overwhelming analysts with false alerts, offering practical guidance for any modern UBA program.Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

LLMs are rewriting the rules of app security—and not always in a good way.In this episode Alex sits down with Scott Rogers, a seasoned data scientist at ANvilogic to unpack why LLMs are the new wild west of application risk—and how old-school OWASP principles are making a serious comeback.We cover:Real-world prompt injection failures (yes, including Air Canada’s rogue chatbot)How RAG systems can accidentally leak sensitive dataWhy GenAI risk ≠ traditional appsec—but it rhymesHow classic tools like SAST, DAST, and logs can still save your baconWhether you're threat modeling your first LLM system or already knee-deep in GenAI, this episode is full of spicy detection ideas, war stories, and practical advice you won’t want to miss.Stay in the loop! Connect with us:Join Dispatch Community: https://www.anvilogic.com/workshopWebsite: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

Everyone’s talking about agentic AI—but what are we actually building? In this episode, Oliver Rochford and Alex unpack five bitter pills security teams need to swallow about the current state of “agents.”Most aren’t autonomous, many are mislabeled, and flashy wrappers can’t hide weak detections or bad data.We dig into the hype, the gaps, and what real operational maturity looks like. If you're duct-taping GPT-4 to your SOC and hoping for magic, this one’s for you.Connect with Oliver on LinkedIn: https://www.linkedin.com/in/oliver-rochford/Check out his new startup: https://aunoo.ai/Subscribe to his Curious AI newsletter: https://www.linkedin.com/newsletters/7121129447054786560/?displayConfirmation=trueStay in the loop! Connect with us:Join Dispatch Community: https://www.anvilogic.com/workshopWebsite: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

Is your detection logic doing too much? In this special episode, Alex sits down with Johnathan Dempsey to unpack the 5 signs your rules are too complex — and why that might be hurting more than helping.From alert overload to unreadable logic, learn how to simplify without sacrificing fidelity. If your detections look like a math thesis, this one’s for you.Stay in the loop! Connect with us:Join Dispatch Community: https://www.anvilogic.com/workshopWebsite: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

Mike Hart returns to walk through URL Guardian, our new LLM for malicious URL detection. Now live on HuggingFace, it’s built to spot suspicious patterns and reduce false positives—without the regex headaches.Check out the Hugging Face here: https://huggingface.co/Anvilogic/URLGuardianStay in the loop! Connect with us:Join Dispatch Community: https://www.anvilogic.com/workshopWebsite: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

Alex sits down with Kevin Gonzalez to pull back the curtain on User and Entity Behavior Analytics (UEBA), and expose the gap between its promises and real-world pitfalls. Hear his stories from the trenches of deploying UEBA multiple times at different organizations, and his blueprint for how teams should align UEBA with real attacker behaviors.Read his blog about his experience: https://www.anvilogic.com/learn/bg-ue...If you want to join our sessions live, join our community here: https://www.anvilogic.com/workshopStay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

Our last drop for International Women's Month featuring Sydney Marrone—Principal Threat Hunter at Splunk and co-author of PEAK Threat Hunting—to explore how ML-driven techniques are transforming detection strategies.Tune in to hear Sydney and Alex break down real-world applications of advanced analytics to surface threats hidden in HTTP datasets. Check out the HEARTH community on their github here: https://github.com/THORCollective/HEARTHIf you want to join our sessions live, join our community here: https://www.anvilogic.com/workshopStay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

This International Women’s Month, we’re celebrating leaders and supporters driving the future of threat hunting and detection engineering. Next up in our series is Edna Jonsson, a cybersecurity engineer and forever student of the trade, introducing DECEIVE—Splunk’s new DECeption with Evaluative Integrated Validation Engine.DECEIVE brings AI-powered honeypots directly into the hands of security teams, opening new possibilities for proactive threat intelligence and modern detection strategies.If you want to join our sessions live, join our community here: https://www.anvilogic.com/workshopStay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

Tune in with us for a discussion on HEARTH—a community-driven threat hunting GitHub repository that you’re going to want to fork as well as the importance of community intel-sharing.This episode is about community, innovation, and the women leading the way in threat hunting. Happy International Womens Month! Check out the HEARTH community on their github here: https://github.com/THORCollective/HEARTHIf you want to join our sessions live, join our community here: https://www.anvilogic.com/workshopStay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

In this episode, host Alex Hurtado welcomes back Andrew VanVleet, who breaks down a comprehensive approach to technique analysis using Detection Data Models (DDMs). Andrew walks through a 10-step process for analyzing Kerberoasting (T1558.003), identifying four distinct attack procedures and their detection strategies. Learn how to map telemetry to detection opportunities, recognize security blind spots, and develop multi-layered strategies that make successful attacks nearly impossible. Grab your notebook for this workshop-style episode that transforms complex threat modeling into actionable defense strategies that will leave attackers rolling the dice against increasingly unfavorable odds.Join our live conversation bi-weekly on Thursdays! You only have to register once:➡️ Register HereStay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic About Detection Engineering DispatchDetection Engineering Dispatch is a live series featuring open discussions and live case studies with security operations teams at leading companies on what it takes to build a great detection engineering program. Join your peers to share knowledge, deep dive into technical best practices, and engage in discussions relevant to the detection engineering community.Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

In this episode of Detection Dispatch, host Alex Hurtado welcomes Jimmel Peters (JP), a seasoned cyber threat detection engineer from a major media company, to unpack the million-dollar question: why are so many security teams still scratching their heads over detection engineering, even though everyone's talking about it? JP breaks it down for us, walking through how the field has evolved from a "nice-to-have" into an absolute necessity. He shares his take on why behavioral analysis is the new hotness in detection strategies. Plus, get the scoop on AI's impact, dealing with those pesky false positives, and why you really (really!) need to test your detection rules before pushing them live. If you're looking to level up your detection game, this conversation is packed with practical wisdom you won't want to miss.Join our live conversation bi-weekly on Thursdays! You only have to register once:➡️ Register HereStay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic About Detection Engineering DispatchDetection Engineering Dispatch is a live series featuring open discussions and live case studies with security operations teams at leading companies on what it takes to build a great detection engineering program. Join your peers to share knowledge, deep dive into technical best practices, and engage in discussions relevant to the detection engineering community.Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

In this episode of Detection Dispatch, host Alex Hurtado welcomes Lee Archinal from Intel 471 to dive deep into 12 significant emerging threats observed in late 2024. From Dark Casino's financial sector targeting to the devastating healthcare attacks by Phobos ransomware, discover the latest threat actor behaviors and practical detection strategies. Learn how to leverage Intel 471's hunting packages across major EDR platforms and understand the critical intersection between threat hunting and detection engineering. Whether you're dealing with novel SEO poisoning techniques or familiar Living-off-the-Land (LOL) binaries, this episode provides actionable intelligence and detection logic you can implement today.Get the comprehensive PDF guide with detailed hunting packages here: https://hubs.ly/Q0344ZZ00Join our live conversation bi-weekly on Thursdays! You only have to register once:➡️ Register HereStay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic About Detection Engineering DispatchDetection Engineering Dispatch is a live series featuring open discussions and live case studies with security operations teams at leading companies on what it takes to build a great detection engineering program. Join your peers to share knowledge, deep dive into technical best practices, and engage in discussions relevant to the detection engineering community.Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

In this episode, host Alex Hurtado welcomes Zack Allen, the creator of Detection Engineering Weekly and Sr. Director of Security Detection & Research, to explore the traits of high-performing detection engineers. Discover why having "T-shaped" skills (deep knowledge in one area while maintaining broader understanding across domains) trumps being a pure specialist, and learn how psychological safety and blameless culture drive team success. Zack shares insights on emerging trends like Detection-as-Code (DaC) and AI integration and reveals why cross-team collaboration is crucial for effective threat modeling. Whether you're building a detection engineering team or looking to level up your skills, this episode offers practical wisdom from years of security leadership experience.Join our live conversation bi-weekly on Thursdays! You only have to register once:➡️ Register HereStay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic About Detection Engineering DispatchDetection Engineering Dispatch is a live series featuring open discussions and live case studies with security operations teams at leading companies on what it takes to build a great detection engineering program. Join your peers to share knowledge, deep dive into technical best practices, and engage in discussions relevant to the detection engineering community.Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

In this episode, Alex sits down with Sergio Albea, an accomplished Threat Hunter, Researcher, User Behavior Analyst, and Senior Cloud Security Engineer/Architect, to share a must-have resource for detection engineers: the Top 10 KQL Queries of 2024.From detecting DLL hijacking and MFA fatigue to uncovering anonymous file access in OneDrive and SharePoint, we’ll walk through each query and the data feeds/sources required for detection and discuss their practical uses. Whether you’re new to KQL or an experienced user, these queries are designed to elevate your detection capabilities.Join our live conversation bi-weekly on Thursdays! You only have to register once:➡️ Register HereStay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic About Detection Engineering DispatchDetection Engineering Dispatch is a live series featuring open discussions and live case studies with security operations teams at leading companies on what it takes to build a great detection engineering program. Join your peers to share knowledge, deep dive into technical best practices, and engage in discussions relevant to the detection engineering community.Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

In this episode, Alex sits down with the brilliant Mike Hart, a data scientist whose mission is to outsmart the sneaky world of typosquatting attacks. Just in time for the holiday shopping frenzy, we explore how his open-source project leverages LLMs to safeguard users from clicking on malicious look-alike links.With online holiday shopping being a prime target for this attack vector, the risks of not double-checking URLs are bigger than ever. Organizations, especially those operating in hybrid environments, need to stay vigilant.Mike blesses us with how his LLM (available to deploy and use from Hugging Face) automates detection, saves precious time, and fights back against a landscape where vendors often prioritize profit over protection.Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

In this episode, host Alex Hurtado welcomes Wade Wells, a seasoned detecting engineer and founder of WadingThruSecurity, for an in-depth exploration of Detection-as-Code. Discover how treating your detections like software can revolutionize your security operations, from streamlining version control to enhancing cross-team collaboration. Wade shares practical insights from implementing DaC, including tips for setting up automation, managing detections across multiple tools, and writing comprehensive detection strategy reports. Whether you're running a small shop or managing thousands of detections, learn how DaC can mature your security operations and create a more robust defense strategy. Join our live conversation bi-weekly on Thursdays! You only have to register once:➡️ Register HereStay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic About Detection Engineering DispatchDetection Engineering Dispatch is a live series featuring open discussions and live case studies with security operations teams at leading companies on what it takes to build a great detection engineering program. Join your peers to share knowledge, deep dive into technical best practices, and engage in discussions relevant to the detection engineering community.Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

In this episode, host Alex Hurtado chats with Micah Funderburk and Alex Stemaly, two detection engineering forces from LastPass, about their impressive risk-based alerting (RBA) system within Microsoft Sentinel. Dive into the world of entity correlation as they break down tagging key entities, stacking risk scores, and leveraging Microsoft's Advanced Security Information Model for data normalization.Learn how RBA aggregates events to provide valuable context for security analysts and explore the intricacies of building risk scores based on impact, confidence, and asset information. Discover the benefits of deploying detections-as-code and the importance of constant communication with security operations partners.Join our live conversation bi-weekly on Thursdays! You only have to register once:➡️ Register HereStay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic About Detection Engineering DispatchDetection Engineering Dispatch is a live series featuring open discussions and live case studies with security operations teams at leading companies on what it takes to build a great detection engineering program. Join your peers to share knowledge, deep dive into technical best practices, and engage in discussions relevant to the detection engineering community.Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

In this episode of Detection Engineering Dispatch, host Alex Hurtado chats with Chris Black, Sr. Detection Engineer at NBCUniversal, to reveal what it really means to be a Detection Engineer. Chris shares his journey from incident responder to detection engineer, diving into why creative problem-solving, a mix of red and blue team insights, API security know-how, and self-care are keys to thriving in this high-demand field. Because let’s face it—not all heroes wear capes… some write solid detections!Grab a seat and get the scoop on what it takes to excel in detection engineering. Join our live conversation bi-weekly on Thursdays! You only have to register once:➡️ Register HereStay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic About Detection Engineering DispatchDetection Engineering Dispatch is a live series featuring open discussions and live case studies with security operations teams at leading companies on what it takes to build a great detection engineering program. Join your peers to share knowledge, deep dive into technical best practices, and engage in discussions relevant to the detection engineering community.Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

In this episode of Detection Engineering Dispatch, host Alex Hurtado sits down with Brady Stouffer, a Principal Detection and Response Engineer at Expel, to uncover the secret sauce behind effective alert management. Learn how to strike the perfect balance between detection coverage and alert fatigue through risk-based alerting, strategic threat hunting, and the art of creating alerts that tell a story. Brady shares practical insights from years of implementation experience, demonstrating why good alerts need context and how threat hunting can uncover critical visibility gaps in your security operations.Join our live conversation bi-weekly on Thursdays! You only have to register once:➡️ Register HereStay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic About Detection Engineering DispatchDetection Engineering Dispatch is a live series featuring open discussions and live case studies with security operations teams at leading companies on what it takes to build a great detection engineering program. Join your peers to share knowledge, deep dive into technical best practices, and engage in discussions relevant to the detection engineering community.Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

In this episode of Detection Engineering Dispatch, host Alex Hurtado sits down with Reanna Schultz, creator of the Defenders and Lab Coats podcast, to discuss how the rise of security data lakes is reshaping the skills needed to succeed in the modern security operations center (SOC). Reanna shares her unconventional journey into cybersecurity, emphasizing the importance of continuous learning and the value of the collaborative cybersecurity community.Discover key insights on understanding the diverse roles within a SOC, combating analyst burnout by finding your passions and focusing on value-added tasks, and leveraging metrics to drive impactful changes across the organization. [Disclaimer: The views and opinions expressed by Reanna Schultz in this podcast are solely her own and do not necessarily reflect her employer's official policy or position.]Join our live conversation bi-weekly on Thursdays! You only have to register once:➡️ Register HereStay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic About Detection Engineering Dispatch Detection Engineering Dispatch is a live series featuring open discussions and live case studies with security operations teams at leading companies on what it takes to build a great detection engineering program. Join your peers to share knowledge, deep dive into technical best practices, and engage in discussions relevant to the detection engineering community.Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

In this episode of Detection Engineering Dispatch, host Alex Hurtado sits down with Darwin Salazar, the author of the Cybersecurity Pulse Newsletter and Founding PM at Monad. Tune in to gain actionable insights on addressing the intricacies associated with data streams and pipelines while savoring the rich flavors of Mezcal. Discover the importance of log source prioritization, look at your data pipeline hygiene, and apply the 80/20 rule to log sources. Grab a glass, relax, and let’s navigate the data flow with a fun twist!Join our live conversation bi-weekly on Thursdays! You only have to register once:➡️ Register HereStay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic About Detection Engineering DispatchDetection Engineering Dispatch is a live series featuring open discussions and live case studies with security operations teams at leading companies on what it takes to build a great detection engineering program. Join your peers to share knowledge, deep dive into technical best practices, and engage in discussions relevant to the detection engineering community.Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

In this episode of Detection Dispatch, we are excited to present a conversation with Richard Stiennon, a seasoned industry analyst. Tune in to hear Richard and host Alex Hurtado explore the intricacies of detection engineering and the critical decision-making processes involved in selecting the most effective cybersecurity solutions. Discover the pitfalls of single-vendor platforms and the benefits of a defense-in-depth strategy, providing actionable insights for security leaders.Join our live conversation bi-weekly on Thursdays! You only have to register once:➡️ Register Here Stay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic About Detection Engineering DispatchDetection Engineering Dispatch is a live series featuring open discussions and live case studies with security operations teams at leading companies on what it takes to build a great detection engineering program. Join your peers to share knowledge, deep dive into technical best practices, and engage in discussions relevant to the detection engineering community.Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.