Episode #
48
Cybersecurity Threat Detection Engineer & Expert Wade Wells on Innovative Deception Strategies for Blue Teams (Black Hat Edition)
Show Notes
In our latest special episode of the Future of Threat Intelligence podcast, Wade Wells, Cybersecurity Threat Detection Engineer & Expert at a Fortune 50 company, shares his insights from the Black Hat conference. He highlights the promising advancements in blue team technologies, particularly in AI applications and deception strategies.
Wade also discusses the importance of community networking for aspiring cybersecurity professionals and reflects on the lessons learned from recent security incidents, including the implications of relying on specific security vendors.
Topics discussed:
The transformative potential of AI technologies in enhancing threat detection and operational efficiency for blue team cybersecurity efforts.
The importance of effective email security solutions and their role in protecting organizations from phishing and other email-based threats.
Observations on SentinelOne’s Purple AI, which demonstrates the potential of AI in threat hunting and incident response scenarios.
The importance of networking within local cybersecurity communities, which can provide valuable resources and job opportunities for newcomers.
How the CrowdStrike incident highlighted vulnerabilities in widely used security solutions and the need for diverse strategies.
Insights on the critical role of kernel security mechanisms in protecting systems and the challenges associated with managing kernel-level vulnerabilities.
Advice for aspiring professionals to leverage existing resources and community knowledge instead of reinventing the wheel in detection engineering.
The evolving responsibilities of blue teamers in cybersecurity, including focusing on proactive measures and collaboration with red teams for improved security.
Key Takeaways:
Investigate and evaluate AI-driven cybersecurity tools to enhance your blue team’s threat detection capabilities and improve incident response times.
Prioritize the deployment of robust email security tools to protect against phishing attacks and safeguard sensitive organizational information.
Stay informed about emerging Endpoint Detection and Response (EDR) solutions to find innovative products that can strengthen your security posture.
Integrate deception technologies into your security framework to mislead attackers and gather intelligence on their tactics and techniques.
Actively participate in local cybersecurity communities to build connections, share knowledge, and discover job opportunities in the field.
Analyze recent security incidents to identify vulnerabilities and adapt your security strategies accordingly.
Focus on hardening kernel security mechanisms to mitigate risks associated with kernel-level vulnerabilities and improve overall system security.
Foster collaboration between blue and red teams to improve threat detection and response strategies through shared insights and experiences.
Quotes from Episode
#1.) “Especially with detection engineering. There is a lot of good resources out there where you can see how other people are doing it and then maybe put your spin on it, right? Don't, don't overthink what the community is doing or don't underthink what the community is doing and really go out there to talk to them, because a lot of people will actually talk to you about it.” (4:29-4:45)
#2.) “Like that chat, it was a chat file that updated and that wasn't even in the normal update process. You couldn't even have stopped that. As a blue teamer, I like that is literally that. I couldn't have done anything to stop that. Even if you're doing out-of-band updates like doing negative one or what that type of stuff.” 3:04-3:19 clip 1