Guest:

• Cristina Vintila, Product Security Engineering Manager, Google Cloud

Topic:

• Could you share insights into how Product Security Engineering approaches at Google have evolved, particularly in response to emerging threats (like Log4j in 2021)?
• You mentioned applying SRE best practices in detection and response, and overall in securing the Google Cloud products. How does Google balance high reliability and operational excellence with the needs of detection and response (D&R)?
• How does Google decide which data sources and tools are most critical for effective D&R?
• How do we deal with high volumes of data?

Resources:

• EP215 Threat Modeling at Google: From Basics to AI-powered Magic
• EP117 Can a Small Team Adopt an Engineering-Centric Approach to Cybersecurity?
• Podcast episodes on how Google does security
• EP17 Modern Threat Detection at Google
• EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil
• Google SRE book
• Google SRS book

Guest:

• Sarah Aoun, Privacy Engineer, Google

Topic:

• You have had a fascinating career since we [Tim] graduated from college together – you mentioned before we met that you’ve consulted with a literal world leader on his personal digital security footprint. Maybe tell us how you got into this field of helping organizations treat sensitive information securely and how that led to helping keep targeted individuals secure?
• You also work as a privacy engineer on Fuschia, Google’s new operating system kernel. How did you go from human rights and privacy to that?
• What are the key privacy considerations when designing an operating system for “ambient computing”? How do you design privacy into something like that?
• More importantly, not only “how do you do it”, but how do you convince people that you did do it?
• When we talk about "higher risk" individuals, the definition can be broad. How can an average person or someone working in a seemingly less sensitive role better assess if they might be a higher-risk target? What are the subtle indicators?
• Thinking about the advice you give for personal security beyond passwords and multi-factor auth, how much of effective personal digital hygiene comes down to behavioral changes versus purely technical solutions?
• Given your deep understanding of both individual security needs and large-scale OS design, what's one thing you wish developers building cloud services or applications would fundamentally prioritize about user privacy?

Resources:

• Google privacy controls
• Advanced protection program

Guest:

• David French, Staff Adoption Engineer, Google Cloud

Topic:

• Detection as code is one of those meme phrases I hear a lot, but I’m not sure everyone means the same thing when they say it. Could you tell us what you mean by it, and what upside it has for organizations in your model of it?
• What gets better for security teams and security outcomes when you start managing in a DAC world? What is primary, actual code or using SWE-style process for detection work?
• Not every SIEM has a good set of APIs for this, right? What’s a team to do in a world of no or low API support for this model?
• If we’re talking about as-code models, one of the important parts of regular software development is testing. How should teams think about testing their detection corpus? Where do we even start? Smoke tests? Unit tests?
• You talk about a rule schema–you might also think of it in code terms as a standard interface on the detection objects–how should organizations think about standardizing this, and why should they?
• If we’re into a world of detection rules as code and detections as code, can we also think about alert handling via code? This is like SOAR but with more of a software engineering approach, right?
• One more thing that stood out to me in your presentation was the call for sharing detection content. Is this between vendors, vendors and end users?

Resources:

• Can We Have “Detection as Code”?
• Testing in Detection Engineering (Part 8)
• “So Good They Can't Ignore You: Why Skills Trump Passion in the Quest for Work You Love” book
• EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering
• EP181 Detection Engineering Deep Dive: From Career Paths to Scaling SOC Teams
• EP123 The Good, the Bad, and the Epic of Threat Detection at Scale with Panther
• Getting Started with Detection-as-Code and Google SecOps
• Detection Engineering Demystified: Building Custom Detections for GitHub Enterprise
• From soup to nuts: Building a Detection-as-Code pipeline
• David French - Medium Blog
• Detection Engineering Maturity Matrix