BSides Atlanta 2023

Allyn Stott

Allyn Stott is a senior staff engineer at Airbnb. He currently works on the information security technology leadership team where he spends most of his time working on threat detection and incident response. He especially enjoys building strategies for hunting down and finding advanced threat actors. Over the past decade, he has built and run detection and response programs at companies including Delta Dental of California, MZ, and Palantir. Red team tears are his testimonials.

In the late evenings, after his toddler ceases all antics for the day, Allyn writes a semi-regular, exclusive security newsletter. This morning espresso shot can be served directly to your inbox by subscribing here: https://www.meoward.co

Allyn has previously presented at Kernelcon, BSides Seattle, BSides SATX, The Diana Initiative, BSides St. Pete, BSides Singapore, and the Texas Cyber Summit. He received his Masters in High Tech Crime Investigation from The George Washington University as part of the Department of Defense Information Assurance Scholarship Program.


Session

10-14
14:00
50min
How I Learned to Stop Worrying and Build a Modern Detection & Response Program
Allyn Stott

You haven’t slept in days. Pager alerts at all hours. Constant firefights. How do you get out of this mess? This talk gives away all the secrets you’ll need to go from reactive chaos to building and running a finely tuned detection & response program (and finally get some sleep).

Gone are the days of buying the ol’ EDR/IDS/NGAV combo, throwing some engineers on an on-call rotation, and calling it your incident response team. You need a robust and comprehensive detection and response program to fight modern day attackers. But there’s a lot of challenges in the way: alert fatigue, tools are expensive, hiring talent is impossibly difficult, and your current team is overworked from constant firefights.

How do you successfully build a modern detection and response program, all while riding the rocket of never ending incidents and unforgiving on-call schedules?

This talk addresses the lack of a framework, which has led to ineffective, outdated, and after-thought detection and response programs. At the end of this talk, you will walk away with a better understanding of all the capabilities a modern program should have and a framework to build or improve your own.

Room 300