Building a DevSecOps CI/CD Pipeline with Jenkins, SonarQube, and Snyk Using Terraform Introduction Incorporating security into Continuous Integration/Continuous Deployment (CI/CD) pipelines is a core DevSecOps practice. By leveraging tools like Jenkins, SonarQube, and Snyk, you can automate static and dependency Read more…
I have trouble remembering all of these, so I’m stashing them here. 1. Risk Management Equations 2. System Reliability and Maintenance Metrics 3. Cryptography and Access Control Calculations 4. Probability and Bayesian Analysis 5. Quantitative Risk Metrics 6. Binary and Read more…
Introduction In incident response, following a structured approach is fundamental to maintaining clarity, control, and precision. This post covers the essential concepts in incident handling, breaking down the life cycle stages and key operations within a SOC. Using NIST 800-61 Read more…
The goal of detection engineering isn’t just to identify potential threats but to take meaningful action based on those findings. After documenting and analyzing your results, it is time to determine which findings require escalation, how to initiate an effective Read more…
Git is more than just a tool for version control. It’s a core skill for any developer working in a collaborative environment. This guide will walk you through essential Git commands, concepts, and tips to make you effective in managing Read more…
As you analyze and interpret detection results, effective documentation becomes essential. Documentation provides a clear record of what has been observed, what steps have been taken, and where the investigation is headed. In this post, we’ll discuss how to document Read more…
Creating detection analytics is only part of the equation in detection engineering. Once you have analytics in place, the next challenge is to interpret their results accurately, distinguishing genuine threats from benign anomalies. In this post, we’ll go through how Read more…
In detection engineering, moving from a detection hypothesis to a working analytic is the heart of the process. It’s where ideas are transformed into rules that capture malicious behaviors in action. In this post, we’ll look at how to develop Read more…
This is the first post in a series where I’ll cover detection engineering end to end. What is Detection Engineering? Detection engineering is a systematic approach to designing and refining analytics that detect specific malicious behaviors within a network. Unlike Read more…
Overview In this guide, we will set up a Python environment to automate crawling and converting a documentation site into a consolidated PDF. This involves using chromedriver for automated browsing and wkhtmltopdf for converting HTML content to PDF. Prerequisites Make Read more…
In today’s security landscape, the effectiveness of a cyber leader is defined not just by technical expertise but by their ability to support, empower, and protect their teams. By prioritizing a people first approach, these leaders create an environment where Read more…
Introduction Accurate, structured incident data is essential for effective analysis, reporting, and response. VERIS (Vocabulary for Event Recording and Incident Sharing) provides a standardized approach to categorize security incidents, improving insights and facilitating data sharing. By utilizing VERIS, organizations can Read more…
Introduction KPIs are essential to aligning engineering team efforts with security goals and business objectives. In a metric driven security engineering environment, KPIs should be clear, actionable, and directly tied to team performance and productivity. The Role of KPIs in Read more…
Key Components for an Efficient SOAR Strategy Building Effective SOAR Playbooks Automating Responses Monitoring and Metrics Track these KPIs to evaluate SOAR performance: Real-time dashboards and reports on these metrics inform ongoing adjustments. Continuous Improvement and Adaptation Advanced Reporting for Read more…
Having robust and flexible detections is critical for identifying and addressing potential threats. Google Chronicle enables custom detection engineering by combining queries and YARA-L rules to surface suspicious events and trigger alerts. Below, I’ll outline six essential Chronicle queries along Read more…
Now that we’ve trained, evaluated, and fine-tuned the Transformer model, the next step is to deploy the model so it can be used in real time applications. In this post, we’ll cover: By the end of this post, you’ll be Read more…
Cribl’s pipeline capabilities make it a powerful tool for processing and enriching logs. In this post, we’ll explore how to apply advanced modifications to Zeek logs in Cribl. Each modification needs to be placed in individual Eval function blocks within Read more…
In the previous post, we discussed training the Transformer model, monitoring loss, and ensuring the model improves over time. Now, it’s time to take a step forward: evaluating the model’s performance and fine tuning it to make it more efficient Read more…
In the previous two posts, we built the basic and scalable versions of the Transformer model. Now, it’s time to move on to the next critical step of training the model. In this post, we’ll focus on: By the end Read more…
In the previous post, we learned about the basics of Transformer models and how they’re used to process language. Now, let’s go a bit deeper and look at how to build each important part of a Transformer. By the end Read more…