BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//bsidescharm2026//speaker//ZYYCV7
BEGIN:VTIMEZONE
TZID:EST
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T070000Z
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:STANDARD
DTSTART:20071104T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000402T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T080000Z
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T030000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsidescharm2026-YZWZ7Y@pretalx.com
DTSTART;TZID=EST:20260425T170000
DTEND;TZID=EST:20260425T172000
DESCRIPTION:Most security teams are stuck in reactive mode: alerts fire\, a
 nalysts scramble\, incidents get closed\, rinse and repeat. But what if th
 ere was a way to think about detection and response as a continuous cycle 
 that actually gets better over time?\nThe TDR Lifecycle is a five-stage mo
 del I developed and refined over years of building and leading threat dete
 ction and response teams. It maps everything a detection and response prog
 ram needs to consider: from tool management and use case development all t
 he way through automation and feeding controls back through the business.\
 nThis isn't a vendor pitch or theoretical framework\, it's a practical mod
 el you can steal and adapt for your own organization. Whether you're build
 ing a program from scratch or trying to mature an existing one\, this talk
  will give you a mental map for identifying gaps and prioritizing where to
  focus your efforts.
DTSTAMP:20260417T061135Z
LOCATION:Track 2
SUMMARY:Finding Badness with the Threat Detection and Response Lifecycle - 
 Shawn Thomas
URL:https://pretalx.com/bsidescharm2026/talk/YZWZ7Y/
END:VEVENT
END:VCALENDAR