2026-06-01 –, Room 2
Sending cloud security alerts at scale is an absolute minefield. False positives, wrong attribution, alert floods, missing context, stale findings, and unclear remediation expectations burn trust with the engineers who have to respond. The cloud makes it worse. Ownership is fragmented across platform, app, and data teams, resources are ephemeral, and tools that work fine at small scale behave unpredictably in complex environments.
This talk shares lessons from a multi-year effort operationalizing alerting across AWS and GCP using native services and third party tools. We'll cover the edge cases that break cloud security alerting at scale (attribution that spans multiple teams, grouping alerts back to root cause fixes, tuning detection rules through feedback loops, building exception workflows that don't kill developer velocity) and the patterns we landed on to fix them.
Paul Benoit does cloud security at Block, where he's spent the past four years building alerting pipelines and guardrails across AWS and GCP. When not thinking about cloud security, he's usually seeking intense experiences in the outdoors.