BSides Toronto 2022

Lesson Learned from Detection Engineering
10-08, 11:00–11:25 (Canada/Eastern), ENG-103

In the modern world of cyber security, you as a defender for sure overwhelmed by numerous technology and strategy to prevent cyber attack in your organization. In the Detection Engineering front, it becomes more confusing since there is no clear right or wrong of what Detection Engineering is.

In this presentation, we will uncover things that worked in the Industry and numerous organizations, based on presenter's years of experience and community voice. It will touch both the management and technical aspect of Detection Engineering. Hopefully this will help both companies who just started building their Detection Engineering function and the ones who already running it.

Mangatas Tondang is currently working as Security Researcher in a Global Technology company, where his main responsibility is to improve their Detection Engineering capabilities by researching novel attacks and create detection mechanisms. Before that he worked in multiple companies such as Big 4 Consulting and Telecommunication, performing and building Threat Hunting and Detection Engineering functions.

He is a seasoned Incident Responder and Threat Hunter with Detection Engineering mindset; he believes after every incident there is always a new detection opportunity. He loves to be involved in the security community and has presented at numerous world class conferences such as SANS Summits and DEF CON BTV. He is also an active contributor to the DFIR Report, where he took part in real attacks analysis and provide the public with high quality threat intelligence report and article. He is also a proud member of CDEF.ID, and Indonesian Security community where he has presented, talked in podcast and is volunteering as a mentor.

Outside of security, he enjoys traveling with friends and family, doing astrophotography and cooking new foods from different part of the world.

Avneet Singh is a Cyber Security professional with experience in Threat Hunting, Incident Response, Malware Analysis, Detection Engineering and Digital Forensics. He is currently working as a Senior Consultant in EY’s Managed Detection and Response team where he is working on Detection Engineering and Digital Forensics. Avneet likes to work with the malware and reverse engineer them to understand the inner working of it and use that knowledge in the Detection Engineering. He spends most of his time in the lab trying to find the efficient ways to build the resilient detection by running the malware, offensive tools, etc. He is actively involved in the community and he has contributed to the Mitre ATT&CK framework, SigmaHQ via OSCD initiative and he is an active member of TheDFIRReport team. In his free time, he loves to write scripts to automate the tasks. Outside the infosec, Avneet likes to cook and play games.