Publications and Conferences

This is a non-exhaustive list of blogs, podcasts, articles, reviews, conferences hosted, and other publications I've created, co-created, or been involved in.

(Re)building Threat Detection and Incident Response at LinkedIn

(Re)building Threat Detection and Incident Response at LinkedIn

This blog discusses how LinkedIn rebuilt its security operations platform and teams, scaled to protect nearly 20,000 employees and more than 875 million members, and our approach and strategy to achieve this objective.

Link
Crafting the Infosec Playbook

Crafting the Infosec Playbook

Co-authored this O'Reilly book on building an incident response program and creating the process, philosophy, and architecture for implementing an information security monitoring program. The book was also translated into Japanese.

Link
Disk Image Deception

Disk Image Deception

Cisco blog post highlighting our encounter with a malspam campaign that misused the .IMG file extension and lessons learned.

Link
The Right Data at the Right Time

The Right Data at the Right Time

Presented at the SANS SIEM Summit on defining the right observability for security monitoring and how to apply the data collection principles to delivering security monitoring.

Link
Cognitive Bias in Incident Response

Cognitive Bias in Incident Response

Blog on pitfalls of overconfidence in cybersecurity incident response, highlighting the Dunning–Kruger effect and emphasizing robust methodology.

Link
CSIRT Schiltron: Training, Techniques, and Talent

CSIRT Schiltron: Training, Techniques, and Talent

Presentation on enabling readiness and improving capabilities with evolving threat profiles and new skillsets for incident response teams.

Link
How Computer Incident Response teams use CTI to keep up with the miscreants

How Computer Incident Response teams use CTI to keep up with the miscreants

Presentation at LACNIC 29 in Panama on applying cyber threat intelligence to incident response and detection engineering playbooks.

Link
Incident Detection and Response

Incident Detection and Response

InterOp Japan presentation on building a world class security team and demonstrating approaches with web filtering and intrusion detection.

Link
Ad-Weary Or, "What Could Possibly Go Wrong?"

Ad-Weary Or, "What Could Possibly Go Wrong?"

Presentation at Security B-Sides Asheville and LACNIC/LACNOG 26 on ad-ware threats in enterprise networks and mitigation lessons.

Link
FIRST Technical Colloquium Amsterdam

FIRST Technical Colloquium Amsterdam

Annual FIRST Technical Colloquium in Amsterdam producing hundreds of talks on incident handling, threat intelligence, malware analysis, and more.

Link
The State of Web Security: Attack and Response

The State of Web Security: Attack and Response

Cisco Live presentations covering web-based attacks and protections through HTTP/S inspection and web-based logging and monitoring.

Link
Cloud Security Observability for Detection and Response (Podcast)

Cloud Security Observability for Detection and Response (Podcast)

Discussed enterprise scale security observability for incident response and threat detection on the Google Cloud Security Podcast.

Link