In this episode, Jack speaks with David Seidman, Head of Detection and Response at Robinhood. David has worked for large tech companies like Google, Microsoft, and Salesforce in a variety of D&R roles.
During this episode, David shares his tactical advice on how his team is building the pipes and engines of security at Robinhood, his top tools to improve fidelity of detections, and what he’s learned in his career that’s made him a better practitioner and leader.
Topics discussed:
- The ‘unusual strategies’ and hypothesis on the kill chain model David has not shared before publicly
- His top five tools to use to improve the fidelity of your detections
- How David has seen composite detection be effective in practice and why it is most effective when it’s analyst driven
- His experience working on Google Cloud's Event Threat Detection
- What a mature IR process look like today and how to train staff that’s run IR in the past
- A big challenge and growth area in the industry that doesn’t get enough attention
- The new frontier of what the detection and response stack will look like in the future
- David’s keys to an effective IR program, such as regular exercises, communications plan, having access and permissions to data, strong controls, and more.
- The three actionable takeaways David learned from his roles at Google, Microsoft, Salesforce, and now Robinhood that make him a better practitioner and leader today