We all know David Bianco Pyramid of Pain, a classic from 2013. The focus of this famous visual is on indicators that you “latch onto” in your detection activities. This post will reveal a related mystery connected to SIEM…

Can We Have “Detection as Code”?

One more idea that has been bugging me for years is an idea of “detection as code.” Why is it bugging…

Beware: Clown-grade SOCs Still Abound

I have written a lot about building and running Security Operations Centers (SOCs) in the…

One of the things I do every year at the RSA conference is to wander the expo halls trying to deduce themes and trends for the industry.

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator.

Living with Multiple SIEMs

In a perfect world, nobody will run two SIEM tools in the same environment. Because if you dream of a single…