It's M̶a̶p̶s̶ Gaps All the Way Down

Why is detection difficult? What makes security incident response challenging? What can be done to make these things easier? In this talk, Dave Hull, former technical lead for security incident response in Office 365 and a member of Red Canary's Detection Engineering team will explore these topics. Key takeaways will be a deeper understanding of why these tasks are difficult and what can be done to make them easier. Dave Hull (Detection Engineering at Red Canary) Dave Hull has been working in information security for nearly two decades. During most of that time his focus has been on detection, security incident response and forensics. Hull was the technical lead for security incident response in Microsoft's Office 365 where he created Kansa, an open source framework for collecting and analyzing endpoint telemetry. From 2007 to 2012, he was the technical editor of and a leading contributor to the award winning SANS Digital Forensics and Incident Response (DFIR) blog as well as a SANS instructor in the DFIR track. Hull is currently a member of the Detection Engineering team at Red Canary where his primary focus is developing better detection capabilities. Hull has spoken at Blue Hat, BSidesKC, DerbyCon, the SANS DFIR Summit, SecKC and SecTOR.