Allyn Stott
Allyn Stott is a senior staff engineer at Airbnb where he works on the infosec technology leadership team. He spends most of his time working on enterprise security, threat detection, and incident response. Over the past decade, he has built and run detection and response programs at companies including Delta Dental of California, MZ, and Palantir. Red team tears are his testimonials.
In the late evenings, after his toddler ceases all antics for the day, Allyn writes a semi-regular, exclusive security newsletter. This morning espresso shot can be served directly to your inbox by subscribing at meoward.co.
Allyn has previously presented at Black Hat Europe, Black Hat Asia, Kernelcon, The Diana Initiative, Texas Cyber Summit, and BSides around the world. He received his Masters in High Tech Crime Investigation from The George Washington University as part of the Department of Defense Information Assurance Scholarship Program.
Session
Your metrics are boring and dangerous. Recycled slides with meaningless counts of alerts, incidents, true and false positives… SNOOZE. Even worse, it’s motivating your team to distort the truth and subvert progress. This talk is your wake-up call to rethink your detection & response metrics.
Metrics tell a story. But before we can describe the effectiveness of our capabilities, our audience first needs to grasp what modern detection & response is and its value. So, how do we tell that story, especially to leadership?
Measurements help us get results. But if you’re advocating for faster response times, you might be encouraging your team to make hasty decisions that lead to increased risk. So, how do we find a set of measurements, both qualitative and quantitative, that incentivizes progress and serves as a north star to modern detection & response?
At the end of this talk, you’ll walk away with a practical framework for developing your own metrics, a new maturity model for measuring detection & response capabilities, data gathering techniques that tell a convincing story using micro-purple testing, and lots of visual examples of metrics that won’t put your audience to sleep.