Threat detection, also referred to as alerts or alarms, forms a central part of information security programs. Yet critical examinations of precisely how detection rules are constructed, their goals, and acceptable error rates remain rare. This talk aims to explore the fundamentals behind threat detection development, including differentiating rules along audience types, examining type 1 and type 2 errors, and how detection development feeds into threat hunting.
That said, we will also explore the topic of LEGO, particularly how the building bricks have evolved over time from monolithic structures of blocks to increasingly complex arrangements with architectural features not far removed from modern building design and construction. This conversation will build greater appreciation for how the bricks are assembled and how their arrangement has evolved over the past 30 years, with examples from the speaker’s own collection of items.