Ken Westin

Ken Westin is currently Field CISO at Panther and has been in the cybersecurity field for over 15 years, working with companies to improve their security posture through threat hunting, insider threat programs, and vulnerability research. In the past, he has worked closely with law enforcement helping to unveil organized crime groups. His work has been featured in Wired, Forbes, New York Times, Good Morning America, and others, and is regularly reached out to as an expert in cybersecurity, cybercrime, and surveillance.

Ken lives in Oregon in the United States and splits his time between a house in the woods near Portland and a beach shack on the Coast with his wife, son, and two dogs. He holds a BA from Lewis & Clark College, a graduate degree from the University of Portsmouth UK, and several security certifications. He is a self-professed guitar and record hoarder and amateur musician.


Purple Teaming with Detection-as-Code for Modern SIEM
Ken Westin

One of the challenges for security teams is writing and deploying detections that generate actionable alerts with rich context while also reducing noisy alerts. This hands-on workshop will teach the fundamentals of Purple Teaming and detection-as-code to help build new detections.

This session will show how to leverage Purple team techniques to develop hypotheses for new detections and strengthen their defenses against future attacks.

I will show how to use open-source offensive security tools to simulate attacks against lab infrastructure and use an investigative approach to learn and build new detections & manage them using detection-as-code principles to eliminate noise and false positives.

Who should attend?
This hands-on virtual workshop is perfect for detection & security teams who are expected to develop and write detections to support new log sources, threat models, and vulnerabilities that are exploited in the wild.

Workshop Room 3