2025-04-13 –, Track 1
Delivering security products to millions of users is a monumental task. From building & deploying to mitigating performance issues & false positives, securing systems requires constant coordination between multiple teams of researchers, engineers, and other stakeholders. This session will highlight lessons learned from our experience as an effective cross-functional team building an XDR product.
In this session, we will provide a brief snapshot of our experience navigating the journey of building & deploying a security product with Elastic’s Security Intelligence team. Over the past decade, our team has successfully maintained and iterated on both EDR and XDR products. We plan to use our experience as a case study in building an effective cross-functional engineering team, highlighting both technical and team accomplishments that have helped us along the way.
While we will not have a live demo, we will show off interfaces & custom tools we’ve built to monitor our deployments and provide insights into what our current landscape looks like. We will review our full end-to-end testing system, including how we test our artifacts before they are released to the public. Additionally, we will detail our deployment process for our artifacts and how we keep users safe while also mitigating risks. Additionally, we’ll explain how the DevOps lifecycle factors into our strategy, allowing for consistent iteration from initial artifact deployment all the way through receiving telemetry & monitoring data to continuously improve our product.
Though a significant amount of resources needs to be invested towards establishing and maintaining a resilient testing & deployment framework, it is only one small piece of a complex puzzle. We have a strong foundation and understanding of how to effectively build trust internally with primary stakeholders through open and honest communication, as all relevant teams need to have a common understanding of the end-to-end development process. These lessons will be an intersection of the technical capabilities needed to build & scale an endpoint product, but more importantly how to come together as a team across diverse backgrounds and skill sets to effectively keep users protected. Our team includes threat researchers, detection engineers, software & backend engineers, and data scientists; each has an integral role to play in the success of our endpoint protections.
We envision attendees of this talk to run the gamut of job descriptions, from engineers to researchers to managers, who are looking to close gaps they have in their internal team operations. We expect attendees to walk away with a better understanding of how the software development life cycle fits into their security teams, how to improve trust and communication across verticals, and dive into why having great protections is only a small part of the bigger picture.
Jessica David is a Principal Data Engineer on the Security Intelligence Team at Elastic. With a background in software engineering and data warehousing, she brings her expertise to the security researchers & detection engineers around her by building data pipelines & services for processing first- and third-party threat intelligence.