At almost every company we visit, we find that there is a disconnect between data engineers and security analysts. Security analysts are responsible for using available data to find potential adversaries, while data engineers are responsible for securing, standardizing, and making data available for analysts. It may seem obvious that these two roles should work together, but it is usually not the case which limits how analysts can use data and technology to detect adversaries. This talk focuses on why it is important for security analysts to understand data engineering basics before building detections. We will use a detection use case to show how a non-scalable process can be made into an efficient detection by looking at telemetry as the foundation of a strong detection capability.
Jared is the Adversary Detection Technical Lead at SpecterOps where specializes in Detection Engineering and Digital Forensics. In this role, he helps private sector orgs build their detection programs. In his previous life, Jared lead incident response missions for the U.S. Air Force Hunt Team.