In this episode of Detection at Scale, Jack speaks to Thijn Bukkems, Threat Hunting Lead at Grammarly. Thijn shares his expertise on building a robust security intelligence program, emphasizing the importance of leveraging existing resources and adapting current tools to enhance threat detection.
Thijn discusses the value of working backwards from response strategies to design effective detection mechanisms. He also highlights the necessity of collaboration across teams, urging listeners to avoid silos in decision-making to uncover unexpected insights.
Topics discussed:
- The importance of utilizing current tools and knowledge, adapting them to enhance threat detection rather than starting from scratch.
- The value of designing detection mechanisms by first understanding how to respond to potential threats, ensuring proactive preparedness.
- The need to avoid silos in decision-making, as insights from various teams can lead to significant improvements in security measures.
- The critical aspects of security intelligence, focusing on assessing risks and anticipating potential attacks.
- The finite nature of security engineering time and the importance of prioritizing tasks effectively.
- How internal threat modeling helps in identifying vulnerabilities and understanding potential attack vectors within the organization.
- The balance between analytical research and production-ready work, including the need for code-oriented solutions in security.
- The iterative process of collecting and analyzing data to answer broad security questions and develop actionable plans.
- The role of automation in optimizing data collection and analysis, improving efficiency in addressing security concerns.
- How the security intelligence team provides strategic insights to guide the business in prioritizing security efforts effectively.
Resources Mentioned: