EP110 Detection and Response in a High Velocity and High Complexity Environment

Guest: 

• David Seidman, Head of Detection and Response @ Robinhood

Toipics:

• Tell us about joining Robinhood and prioritizing focus areas for detection in your environment?

• Tim and Anton argue a lot about what kind of detection is best - fully bespoke and homemade, or scalable off-the-shelf. First, does our framework here make sense, and second, looking at your suite of detection capabilities, how have you chosen to prioritize detection development and detection triage?

• You're operating in AWS: there are a lot of vendors doing detection in AWS, including AWS themselves. How have you thought about choosing your detection approaches and data sources?

• Finding people with as much cloud expertise as you can't be easy: how are you structuring your organization to succeed despite cloud detection and response talent being hard to find? What matters more: detection skills or cloud skills?

• What has been effective in ramping up your D&R team in the cloud?

• What are your favorite data sources for detection in the cloud?

Resources:

• “Detection as Code? No, Detection as COOKING!”

• “On Threat Detection Uncertainty”

• “Radical Candor” by Kim Scott

• “Daring Greatly” by Brene Brown

• “Extreme Ownership” by Jocko Willink

• “Drive” by Daniel Pink