BEGIN:VCALENDAR VERSION:2.0 PRODID:-//pretalx//pretalx.com//bsidesluxembourg-2026//talk//PWCYXA BEGIN:VTIMEZONE TZID:CET BEGIN:STANDARD DTSTART:20001029T040000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10 TZNAME:CET TZOFFSETFROM:+0200 TZOFFSETTO:+0100 END:STANDARD BEGIN:DAYLIGHT DTSTART:20000326T030000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3 TZNAME:CEST TZOFFSETFROM:+0100 TZOFFSETTO:+0200 END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT UID:pretalx-bsidesluxembourg-2026-PWCYXA@pretalx.com DTSTART;TZID=CET:20260507T162000 DTEND;TZID=CET:20260507T170000 DESCRIPTION:Many SOCs invest into powerful Risk&AI-based tools to generate and classify their alerts to "**clear-out the noise**" and **pin-point act ual "value" out of the massive amount of data** they collect. It is not a secret that nowadays we're collecting on SIEM more data than we'd ever tho ught possible decades ago\, **most of which are of no real operational rel evance**. Some even say "SOC is dead" as this model isn't humanly bearable . Some also offer flashy magic wands that may solve all these issues in a painless plug&play way\, while at the same time magically reducing cost (o r not).\nWhat's the solution\, then? **Agentic-AI? Data Lakes? Cloud-first ?** All valuable solutions\, but there's **something we can also do upstre am**: _On top of trying to clean a dirty river\, decrease its source pollu tion_.\n\nThis approach allows also to **mitigate a lesser known risk\, ye t very serious**: **_unknown unknowns in data collection_**. In the same w ay alert-fatigue is correlated with False Positives figures/ratio\, most C yberSecurity departments focus on the unsustainability of telemetry volume s and forget about False Negatives\, hence the **useful logs you should be collecting but don't know you don't have**. _Caring for your car's longev ity / performances means also not assuming any fuel would do and hope for the best_.\n\nOur solution: **Governance and Data Quality**. It's not a co incidence that NIST recently added this as a new pillar into its CSF. With the "**Identify**" pillar you get "informed" decision\, yet it's "Governa nce" that gives the "**deliberate**" element on what to collect\, why\, an d if it's enough. Having no Logging Data-Compliance framework\, or having one that doesn't take into account **business values** (e.g. BIA\, crown-j ewels\, investments) ultimately results in **building Security Monitoring on sand**\, or focusing in scopes that are so narrow that only security ma y benefit from it\, fueling the "working in silos" approach and goes again st the "holistic observability" and "management buy-in" elements. DTSTAMP:20260412T024944Z LOCATION:IFEN room 1\, Workshops and Detection Engineering village (Buildin g D) SUMMARY:Ferrari without fuel: Exorcise GIGO out of Logs Management - Stefan o Amodio\, Elliot Parsons URL:https://pretalx.com/bsidesluxembourg-2026/talk/PWCYXA/ END:VEVENT END:VCALENDAR