Words are Cheap. Sense Making is Not..feat. Diego Perez

DE on Mac Finally Has a Champion. Her name is Olivia Gallucci.

macOS detection engineering has had a documentation problem for years. Everyone told Olivia Gallucci she was locking herself into a platform nobody cared about. Then infostealers showed up, enterprise Mac fleets exploded, and suddenly her work was the most in-demand research nobody knew existed. Olivia is a security engineer at Datadog living inside macOS internals...from Apple Silicon boot chain to ESF event families to IOKit abuse....and she is single-handedly dragging macOS DE into the light. In this episode we get into: * Why you can't just flag osascript anymore and what to look at instead * The process tree trap that trips up every Windows-native DE who crosses over * Background Task Management: the persistence metadata everyone's sleeping on * Living off the Orchard binaries * Why your EDR is abstracting macOS telemetry from you and what to do about it * Jonathan Levin's books, Jaron Bradley's Sprite Tree, and the resources that actually matter Follow Olivia's work on:  * oliviagallucci.com | [ret]2read — An OS Internals Newsletter (Substack) * LinkedIn: linkedin.com/in/olivia-gallucci * 2026 main stage at BlackHat  Detection Dispatch (Alex's Version) is an independent detection engineering & threat hunting podcast. Rebuilt. Community-first. Featuring a lineup of the real and active projects pushing the limits of detection engineering, threat hunting, and everything in between.

GRC, the Passenger Princess of the SOC? feat. Ayoub Fandi

GRC has been called the passenger princess of security for too long. In this episode, Alex sits down with Ayoub Fandi, GRC engineer and author of the GRC Engineer newsletter, to make the case that GRC and detection engineering are solving solving the same problems and somehow still not working together. This episode covers: * Why GRC plays PvE while everyone else in security plays PvP and why that actually makes them your best ally * How auditors certify 100% coverage from less than 1% of your environment  * Detection debt meets GRC debt: what inheriting someone else's program looks like on both sides * Vibe coding, AI agents deleting production databases, and what that means for both of our jobs Ayoub's newsletter and podcast: GRCengineer.com Detection Dispatch (Alex's Version) is an independent detection engineering & threat hunting podcast. Rebuilt. Community-first. Featuring a lineup of the real and active projects pushing the limits of detection engineering, threat hunting, and everything in between.

Words are Cheap. Sense Making is Not..feat. Diego Perez

What happens when a philosopher walks into a SOC? Apparently, he builds one from the ground up, spends a decade making sense of detection engineering across financial services, global IR teams, and now Canva.  Diego Perez is a detection engineer who studied philosophy, taught himself security at 2am with a newborn in the other room, and has been quietly writing some of the sharpest unsloppy takes on the internet about what detection engineering actually is versus what we pretend it is. His blog Quasarops lives by one rule: words are cheap, sense making is not. We hit on: * Why "garbage in, garbage out" is a heuristic that stops short of actually helping anyone * The Cynefin framework and why knowing which detections you need lives in the complex domain, not the complicated one * Detection as code: is it overrated now that coding agents exist, or are we asking the wrong question entirely * The Red Queen effect, Jevons' paradox, and why you do actually need AI in your SOC whether you like it or not * Agentic threat hunting: whose tokens do you trust, yours or a vendor's black box * Why the human element is more important than ever, and who exactly gets blamed when the model gets it wrong Follow Diego's substack: https://quasarops.com [https://quasarops.com]  Detection Dispatch (Alex's Version) is an independent detection engineering & threat hunting podcast. Rebuilt. Community-first. Featuring a lineup of the real and active projects pushing the limits of detection engineering, threat hunting, and everything in between.

A DE's Guide to Staying in the Loop feat. Your Favorite Detection Engineering Instructor Hayden Covington

Detection Dispatch (Alex's Version) episode two brings on the person who treats detection engineering like an actual craft....not a vendor feature list, not a MITRE bingo card, not a vibe coded rule you ship and forget. Hayden teaches detection engineering at Antisyphony Training and runs the SOC at Black Hills Information Security, which means he's not theorizing. He's got the reps, the scars, and even a home SIEM with documentation. This is the episode for practitioners who are watching Claude write their detections and quietly wondering if they're slowly getting worse at their job. In this episode we cover: * The detection lifecycle nobody actually closes: research, write, validate and the canary step that tells you whether your thousand rules are quietly dead in the water six months from now. * The CTI firehose problem. When every vendor blog is just an ad wearing a threat report costume, how do you find the gold? (Hint: DFIR Report and Google TI don't need your clicks) * AI writing detections: yes, with caveats. No for junior engineers who've never written a query. And absolutely not without a review agent, an experimental pipeline, and final approval from a human who still knows how to dribble the ball. * Why you cannot send AI out like a Pokémon and what happens to your detection program when you try. Find Hayden at @kilobytethedust and at antisyphontraining.com [http://antisyphontraining.com]. Detection Dispatch (Alex's Version) is an independent detection engineering & threat hunting podcast. Rebuilt. Community-first. Featuring a lineup of the real and active projects pushing the limits of detection engineering, threat hunting, and everything in between.

Axios, Mythos, and a Lethal Trifecta Walk Into a SOC  feat. John Hammond

Detection Dispatch (Alex's Version) premieres with John Hammond...Huntress senior researcher, former DoD red team, the guy 2M+ people watch break attacks down in real time for the red-meets-blue conversation the week forced into existence. Alex came up blue. John came up red. They meet in the middle on the three stories eating the industry alive. In this episode we cover:  * Axios: one patient social engineer, a fake founder Slack workspace, and an NPM maintainer who never stood a chance.  * The lethal trifecta: private data, untrusted content, network egress. When all three show up in one agent, there be dragons. Why prompt injection isn't getting solved, and what that means for your MCP sprawl. * Mythos + Project Glasswing * The red teamer's detection wishlist Find John at @_JohnHammond, jh.live, and on Huntress's Declassified. Detection Dispatch (Alex's Version) is an independent detection engineering & threat hunting podcast. Rebuilt. Community-first. Featuring a lineup of the real and active projects pushing the limits of detection engineering, threat hunting, and everything in between.