It's Maps or Gaps All the Way Down

Presented at NolaCon 2022, May 20, 2022, 11 a.m. (Unknown duration)

<p>This interactive presentation opens with a review of some common problems with detecting security incidents -- false positives, false negatives, too much information, too little information, incorrect information, and so on.</p> <p>We&#39;ll consider these issues in the larger context of some important concepts -- &quot;&quot;the map is not the territory,&quot;&quot; (Alfred Korzybski) and the limitations of what Danny Kahneman refers to as System 1 and System 2 thinking.</p> <p>Lastly we&#39;ll look at some things that have been done to make detection engineering easier and consider what else can be done.</p>

Presenters:

• Dave Hull
  <p>Dave Hull has been working in information security for more than 15 years, primarily in blue team roles. Hull has taught digital forensics and incident response (DFIR) courses around the world via the SANS Institute. He was the former editor and a leading contributor to the award winning SANS DFIR blog. Hull was the technical lead for security incident response in Microsoft&#39;s Office 365 from 2012 to 2015 and is currently a detection engineer at Red Canary.</p>

Links:

• https://nolacon.com/talk/its-maps-or-gaps-all-the-way-down

Similar Presentations:

• VB2017 / Stuck between a ROC and a hard place
• NolaCon 2022 / Best Practices for Detection as Code
• NolaCon 2022 / Why are all the CISOs leaving?