{"version":1,"type":"rich","provider_name":"Libsyn","provider_url":"https:\/\/www.libsyn.com","height":90,"width":600,"title":"Megan Roddie - co-author of &quot;Practical Threat Detecion Engineering&quot;","description":"  Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time, and do not represent views of past, present, or future employers.  Buy here:  https:\/\/subscription.packtpub.com\/book\/security\/9781801076715 Amazon Link:  https:\/\/packt.link\/megan   Youtube VOD: https:\/\/www.youtube.com\/watch?v=p1_jQa9OQ2w &amp;nbsp;   Show Topic Summary:   Megan Roddie is currently working as a Senior Security Engineer at IBM. Along with her work at IBM, she works with the SANS Institute as a co-author of FOR509, presents regularly at security conferences, and serves as CFO of Mental Health Hackers. Megan has two Master's degrees, one in Digital Forensics and the other in Information Security Engineering, along with many industry certifications in a wide range of specialties. When Megan is not fighting cybercrime, she is an active competitor in Muay Thai\/Kickboxing. She is a co-author of \u201cPractical Threat Detection Engineering\u201d from Packt publishing, on sale now in print and e-book. Buy here:  https:\/\/subscription.packtpub.com\/book\/security\/9781801076715 &amp;nbsp;  https:\/\/packt.link\/megan  \u2190 Amazon redirect link that publisher uses if you want something easier on the notes &amp;nbsp;   Questions and topics:    Of the 3 models, which do you find you use more and why? (PoP, ATT&amp;amp;CK, kill chain)    What kind of orgs have \u2018detection engineering\u2019 teams? What roles are involved here, and can other teams (like IR) be involved or share a reverse role there?    Lab setup requires an agent\u2026 any agent for ingestion or something specific?&amp;nbsp;    How does Fleet or data ingestion work for Iot\/Embedded device testing? Anything you suggest?    How important is it to normalize your log output for ingestion? (app, web, server all tell the story)     Additional information \/ pertinent LInks (Would you like to know more?):    Unified Kill Chain:  https:\/\/www.unifiedkillchain.com\/    ATT&amp;amp;CK:  https:\/\/attack.mitre.org\/&amp;nbsp;    D3FEND matrix BrakeSec show from 2021:   https:\/\/brakeingsecurity.com\/2021-023-d3fend-framework-dll-injection-types-more-solarwinds-infections&amp;nbsp;    Pyramid of Pain:   https:\/\/detect-respond.blogspot.com\/2013\/03\/the-pyramid-of-pain.html     https:\/\/www.securitymagazine.com\/articles\/98486-435-million-the-average-cost-of-a-data-breach&amp;nbsp;    https:\/\/medium.com\/@gary.j.katz  (per Megan, \u2018it\u2019s basically Chapter 11 of the book\u2019)        Show points of Contact:   Amanda Berlin: @infosystir @hackershealth&amp;nbsp;   Brian Boettcher: @boettcherpwned   Bryan Brake: @bryanbrake on Mastodon.social, Twitter, bluesky   Brakesec Website:  https:\/\/www.brakeingsecurity.com   Twitter: @brakesec&amp;nbsp;   Youtube channel:  https:\/\/youtube.com\/c\/BDSPodcast  Twitch Channel:  https:\/\/twitch.tv\/brakesec ","author_name":"BrakeSec Education Podcast","author_url":"https:\/\/www.youtube.com\/c\/BDSPodcast","html":"<iframe title=\"Libsyn Player\" style=\"border: none\" src=\"\/\/html5-player.libsyn.com\/embed\/episode\/id\/27846009\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/88AA3C\/\" height=\"90\" width=\"600\" scrolling=\"no\"  allowfullscreen webkitallowfullscreen mozallowfullscreen oallowfullscreen msallowfullscreen><\/iframe>","thumbnail_url":"https:\/\/assets.libsyn.com\/secure\/content\/158957757"}