Waking up the data engineer in you!

Presented at DerbyCon 9.0 Finish Line (2019), Sept. 8, 2019, 11 a.m. (30 minutes)

At almost every company we visit, we find that there is a disconnect between data engineers and security analysts. Security analysts are responsible for using available data to find potential adversaries, while data engineers are responsible for securing, standardizing, and making data available for analysts. It may seem obvious that these two roles should work together, but it is usually not the case which limits how analysts can use data and technology to detect adversaries. This talk focuses on why it is important for security analysts to understand data engineering basics before building detections. We will use a detection use case to show how a non-scalable process can be made into an efficient detection by looking at telemetry as the foundation of a strong detection capability.

Presenters:

• Jared Atkinson
  Jared is the Adversary Detection Technical Lead at SpecterOps where specializes in Detection Engineering and Digital Forensics. In this role, he helps private sector orgs build their detection programs. In his previous life, Jared lead incident response missions for the U.S. Air Force Hunt Team.

Links:

• https://infocon.org/cons/DerbyCon/DerbyCon 9 2019/Waking up the data engineer in you Jared Atkinson.mp4
• https://infocon.org/cons/DerbyCon/DerbyCon 9 2019/Waking up the data engineer in you Jared Atkinson.eng.srt (subtitles)
• https://www.youtube.com/watch?v=LBgBGWPJLKo

Similar Presentations:

• BSidesSF 2019 / Implementing a Kick-Butt Training Program: BLUE TEAM GO!
• May Contain Hackers (MCH2022) / Ethics does not belong on the wall! Ethical framework for the use of location data
• CarolinaCon 14 (2018) / Show the Threat: Data Visualization and InfoSec