Published inDetect FYIBecoming a Detection Engineering Contractor, Part I — The MotivationSo you wanna become a contractor (freelancer, independent consultant) in the Detection Engineering space? Here I share my impressions.3d ago33d ago3
Published inDetect FYIFrom Intelligence to Detection: A Workflow for Integrating CTI, IR, Hunting & Red TeamsIn 2017, a former software tester suggested that I should consider shipping detection content by following the SDLC, and it seemed like a…Nov 3, 20241Nov 3, 20241
Published inDetect FYIIs Security Analytics the key to High-Fidelity, Context-Rich Alerts?Turning massive security alerts stream into a few manageable, stats-annotated, scored, aggregated Alert Sessions.Oct 3, 20242Oct 3, 20242
Published inDetect FYISysmon: a viable alternative to EDR?I've been recently engaged in workshops with distinct clients from completely different industries/verticals and this is a recurring topic.Jul 4, 20249Jul 4, 20249
Published inCodeXData Science & Exploratory Data Analysis: the Panda versus the Pony!Exploratory data analysis sits at the core of any insightful data work. Performing log analysis in search for threats is no different.Jun 5, 2024Jun 5, 2024
Published inDetect FYIHow to prioritize a Detection Backlog?I started writing Medium stories in 2017 and the very first article was "How to rank Quick Wins", a fascinating topic that deserved another…May 13, 20247May 13, 20247
Published inDetect FYIWhat makes up a solid SIEM query?After writing and peer-reviewing numerous SIEM searches, here I share some tips to help others enhance their query-foo.Apr 23, 20241Apr 23, 20241
Published inDetect FYIAI-Powered SOC: it's the end of the Alert Fatigue as we know it?If you’ve ever worked in an enterprise SOC, you’ve probably heard it before:Apr 2, 20243Apr 2, 20243
Published inDetect FYIBoost your Security Monitoring reports with Sankey DiagramsThe Pie Chart is perhaps the most prevalent data visualization type seen in security reports out there. It's easy to implement and…Mar 18, 2024Mar 18, 2024
Published inDetect FYIUnsupervised Machine Learning with Splunk: the cluster commandIf you are in cyber for long, you should have probably heard this one:Feb 19, 2024Feb 19, 2024