))
Megan Roddie - co-author of "Practical Threat Detecion Engineering"
저장한 시리즈 ("피드 비활성화" status)
When?
This feed was archived on October 29, 2025 22:24 (
Why? 피드 비활성화 status. 잠시 서버에 문제가 발생해 팟캐스트를 불러오지 못합니다.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 407517614 series 3562689
Bryan Brake, Amanda Berlin, and Brian Boettcher에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Bryan Brake, Amanda Berlin, and Brian Boettcher 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time, and do not represent views of past, present, or future employers.
Buy here: https://subscription.packtpub.com/book/security/9781801076715
Amazon Link: https://packt.link/megan
Youtube VOD: https://www.youtube.com/watch?v=p1_jQa9OQ2w
Show Topic Summary:
Megan Roddie is currently working as a Senior Security Engineer at IBM. Along with her work at IBM, she works with the SANS Institute as a co-author of FOR509, presents regularly at security conferences, and serves as CFO of Mental Health Hackers. Megan has two Master's degrees, one in Digital Forensics and the other in Information Security Engineering, along with many industry certifications in a wide range of specialties. When Megan is not fighting cybercrime, she is an active competitor in Muay Thai/Kickboxing. She is a co-author of "Practical Threat Detection Engineering" from Packt publishing, on sale now in print and e-book. Buy here: https://subscription.packtpub.com/book/security/9781801076715
https://packt.link/megan ← Amazon redirect link that publisher uses if you want something easier on the notes
Questions and topics:
Of the 3 models, which do you find you use more and why? (PoP, ATT&CK, kill chain)
What kind of orgs have 'detection engineering' teams? What roles are involved here, and can other teams (like IR) be involved or share a reverse role there?
Lab setup requires an agent… any agent for ingestion or something specific?
How does Fleet or data ingestion work for Iot/Embedded device testing? Anything you suggest?
How important is it to normalize your log output for ingestion? (app, web, server all tell the story)
Additional information / pertinent LInks (Would you like to know more?):
Unified Kill Chain: https://www.unifiedkillchain.com/
ATT&CK: https://attack.mitre.org/
D3FEND matrix BrakeSec show from 2021: https://brakeingsecurity.com/2021-023-d3fend-framework-dll-injection-types-more-solarwinds-infections
Pyramid of Pain: https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html
https://www.securitymagazine.com/articles/98486-435-million-the-average-cost-of-a-data-breach
https://medium.com/@gary.j.katz (per Megan, 'it's basically Chapter 11 of the book')
Show points of Contact:
Amanda Berlin: @infosystir @hackershealth
Brian Boettcher: @boettcherpwned
Bryan Brake: @bryanbrake on Mastodon.social, Twitter, bluesky
Brakesec Website: https://www.brakeingsecurity.com
Twitter: @brakesec
Youtube channel: https://youtube.com/c/BDSPodcast
Twitch Channel: https://twitch.tv/brakesec
464 에피소드
공유
