We Are Almost 3! Cloud Security Podcast by Google 2023 Reflections
So, we (Tim and Anton, the crew behind the podcast) wanted to post another reflections blog based on our Cloud Security Podcast by Google being almost 3 (we will be 3 years old on Feb 11, 2024, to be precise), kind of similar to this one. But we realized we ... Read More
WTH is Modern SOC, Part 1
In recent weeks, coincidentally, I’ve had several conversations that reminded me about the confusion related to “modern SOC.” Some of them were public (example and example), while others private. One particular person went on a quest through several “leading” companies’ security operations to see how they have implemented a “modern” ... Read More
Cooking Intelligent Detections from Threat Intelligence (Part 6) [Medium Backup]
This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator.In this blog (#6 in the series), we will covers some DOs and DON’Ts regarding TI/CTI and DE interaction and continue building the TI -> DE process machineryDetection Engineering is Painful — and It ... Read More
Cooking Intelligent Detections from Threat Intelligence (Part 6)
This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator.In this blog (#6 in the series), we will covers some DOs and DON’Ts regarding TI/CTI and DE interaction and continue building the TI -> DE process machineryDetection Engineering is Painful — and It ... Read More
Decoupled SIEM: Brilliant or Stupid?
Frankly, not sure why I am writing this, I get a sense that this esoteric topic is of interest to a very small number of people. But hey … LinkedIn made me do it :-) And many of those few people are my friends or at least close industry peers.So, the topic is ... Read More
Google Cybersecurity Action Team Threat Horizons Report #8 Is Out! [Medium Backup]
This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our eighth Threat Horizons Report (full version) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5, #6 and #7).My favorite quotes from the report follow below:“The cloud compromise factors and outcomes observed in ... Read More
Frameworks for DE-Friendly CTI (Part 5) [Medium Backup]
This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator.In this blog (#5 in the series), we will build a quick “framework-lite” for making CTI to DE flows better.Detection Engineering is Painful — and It Shouldn’t Be (Part 1)This blog series was written ... Read More
Google Cybersecurity Action Team Threat Horizons Report #8 Is Out!
This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our eighth Threat Horizons Report (full version) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5, #6 and #7).My favorite quotes from the report follow below:“The ... Read More
Frameworks for DE-Friendly CTI (Part 5)
This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator.In this blog (#5 in the series), we will build a quick “framework-lite” for making CTI to DE flows better.Detection Engineering is Painful — and It Shouldn’t Be (Part 1)Detection Engineering and SOC Scalability Challenges ... Read More
Detection Engineering is Painful — and It Shouldn’t Be (Part 1) [Medium Backup]
This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator.This post is our first installment in the “Threats into Detections — The DNA of Detection Engineering” series, where we explore opportunities and shortcomings in the brand new world of Detection Engineering.Detection Engineering DefinedAs many of ... Read More
