Detection Engineering Dispatch

Does the SOC have a Memory Problem?? A better approach to your field notes feat. K.C Yerrid

KC Yerrid joins Detection Dispatch to break down SCOUT — a local-first, open-source analyst cockpit built around atomic notes, entity relationships, and structured investigation memory. The SCOUT Project Github: https://github.com/kcyerrid/SCOUT In this episode, we explore: * Why static investigation notes rarely get referenced again and why tribal knowledge evaporates after every incident * Why “everything is an entity” is a massive shift for analysts * How graph-based sensemaking helps visualize relationships, dashboards can’t * Why brittle SOAR playbooks fail (investigations aren’t linear — you can’t pre-plan every branch) * Why investigations don’t fit neatly into tickets and timelines * And how better documentation makes AI actually useful later Plus: junior analysts can level up faster with entity-based thinking. If you have to keep re-learning the same lessons every quarter… this one’s for you. Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

The New Definition of Visibility & the Evolving Role of IOCs: Detection Engineering Through a UFO Lens with David Burkett

Detection engineering has the same problem as UFO sightings....sometimes we think we’re seeing something, but we’re not sure what. In this UFO-themed special, Alex Hurtado and David Burkett break down the new definition of visibility, the evolving role of IOCs, and the rise of EDR evasion exploiting blind spots in our tools, data, and assumptions. 🛸 Shownote references: * https://www.liesabove.com/ * https://www.magonia.io/ * Signal Detection Theory: https://www.magonia.io/blog/vintage-detection-radar-research-cyber-threats/ * The Evolving Role of IOCs: https://www.magonia.io/blog/maximizing-the-value-of-threat-indicators-and-reimagining-their-role-in-modern-detection/ * The New Definition of Visibility: https://www.magonia.io/blog/what-is-cybersecurity-visibility/ * Decoding Fuzzy Hashes:  https://www.magonia.io/blog/what-is-cybersecurity-visibility/ Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

The SOC Then vs Now...a 'Possible Travel' Season 2 Special Feat. Matt Konwiser & Chris Liccardi

In this episode, we hop in the time machine with my old friends Matt Konwiser and Chris Liccardi to break down the evolution of the SOC and explore what actually got better, what got worse, and why alert fatigue may be the normalized thing no one wants to do anything about. What’s inside: * The ghost of SOCs past: linear, manageable, maybe even… boring? * IAM, UBA, VPCs, and other buzzwords that broke the workflow also UBA is the bridesmaid of security and why it should include an A for AI behavior. * UBA’s glow-up potential (or lack thereof) * Real-life horror stories from the modern alert trenches Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

Cool Story, Bro: Making Detection Engineering Matter Up the Chain

A Chloe Burton special on the very human side of detection engineering. From a nonlinear path into security (neuroscience, psychology, Splunk era chaos) to leading a DE team today, Chloe and Alex break down why context beats checklists, why so many detections cluster in the middle of the MITRE ATT&CK framework, and how telemetry availability quietly shapes what we defend. We dig into detection fundamentals that don’t get talked about enough: avoiding the myth of the perfect rule, resisting over-tuning, rotating across domains to prevent stagnation, and staying grounded while the sky always feels like it’s falling. Chloe also shares leadership unlearns—raising flags early, saying “no” with strategy, and creating teams that feel safe to fail forward. We also discuss how to get leadership to give a f**ck and overall how to best escalate problems and gaps up the chain. Finally, if macOS threat coverage is on your radar, we also call out Olivia Galucci’s newsletter as a must-follow for macOS threat intelligence and research in a space that desperately needs more visibility. 📊 Shownotes call-outs: MITRE ATT&CK sunburst analysis  [https://www.canva.com/design/DAG6d-7ZSy4/iRjelwhRypIyu_DmK2Drrg/view?utm_content=DAG6d-7ZSy4&utm_campaign=designshare&utm_medium=link2&utm_source=uniquelinks&utlId=h08411f08bd] MacOS Research & Newsletter: https://oliviagallucci.com/blog/#subscribe [https://oliviagallucci.com/blog/#subscribe] Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

To AI SOC or NOT TO AI SOC feat. Dennis Chow

What if the real question isn’t “Do you need an AI SOC?” but “Are your alerts actually any good?” In this episode, Alex and Dennis Chow (Director of SecOps Engineering at UKG) and co-author of Automating Security Detection Engineering break down the uncomfortable truth: if your alerts are fundamentally weak, no AI system will save you. Dennis walks through how he evaluates when alerts move from unmanageable to stable, the metrics that determine whether automation is genuinely safe, and how his team built a multi-agent pipeline on GCP capable of consuming alert volume at a rate no human team could match. He shows what automation can realistically achieve from scaling L1/L2 investigations to reclaiming analyst hours and where it still depends on skilled detection engineering. They also tackle the real decision point for leaders: when does it make sense to buy an AI SOC vendor that handles both detection development and triage, and when is it just a GPT wrapper dressed as a solution? 40% discount on eBook: Use code PACKTEBOOK Packt Book URL: https://www.packtpub.com/en-us/product/automating-security-detection-engineering-9781837631421 [https://www.packtpub.com/en-us/product/automating-security-detection-engineering-9781837631421] Code validity: November 30, 2025 Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.