DiscoverHacker Valley StudioEpisode 156 - Detection as Code with Nick Hakmiller
Episode 156 - Detection as Code with Nick Hakmiller

Episode 156 - Detection as Code with Nick Hakmiller

Update: 2021-07-20
Share

Description

In this episode, we speak to a Detection and Response expert! Our guest is Nick Hakmiller, Senior Engineering Manager at Panther Labs.



Nick was first exposed to technology in High School where he took an introduction to Visual Basic programming course. When learning about multi-threaded applications Nick became curious and began exploring how to open too many threads to crash a computer. Throughout Nick’s career he’s maintained an interest and focus on attack techniques and building defensive security programs.



On occasions, security controls may fail to catch an attacker. A detection is logic that is applied to logs, security controls, and alerts to notify teams and automated processes. Nick describes Python as an exceptional programming language to apply detections and create detections as code.



Nick describes many aspects of security as an engineering problem. As organizations transform and adopt new technologies, security issues arise and evolve. Nick describes that the team’s that are most successful with applying detection as code have chosen to view security as a function that engineering should participate in and help solve.



As an organization’s security program matures, Nick mentions that the most impactful detections will likely be written and created by someone within the organization. For instance, creating a detection that defines which users should have access to sensitive data is likely to be created by a member of the organization with knowledge of team structure.



Towards the end of the episode, Nick shares his wisdom to any practitioner that wants to step into the role of creating detections and providing impact while doing so.



 



Key Takeaways



0:00 - Welcome Back to the Hacker Valley Studio Podcast!



2:29 - Nick Hakmiller, Senior Engineering Manager at Panther Labs



4:20 - How Nick became interested in technology



6:00 - What is a detection?



7:25 - How detection as code applies to cybersecurity and software engineering



10:11 - Prerequisites to consider before applying detection as code



12:27 - Thinking beyond out of the box solutions and applying detections



15:54 - Categories of detections and which are most impactful



23:45 - Reducing alerts by engineering efforts



27:40 - Is it possible to automate everything for security?



32:56 - Advice on getting started with creating detections



 



Keep in touch with Nick Hakmiller on LinkedIn



Reach out to Nick on Panther’s Community Slack



Stay up to date with Nick’s work by viewing Panther Analysis



Learn more about Panther Labs

Comments 
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Episode 156 - Detection as Code with Nick Hakmiller

Episode 156 - Detection as Code with Nick Hakmiller

Hacker Valley Media