Blue Team, Best Team: The joys, pains, and pride of building and running a defensive security organization.

  • When Feb 27, 2019 from 05:00 PM to 06:00 PM (America/Los_Angeles / UTC-800)
  • Where Shriram 262
  • Add event to calendar iCal

The information security community glorifies offensive research, stunt hacks, and red teaming. For many years, defensive work was not viewed as particularly enticing or interesting -- but this is starting to change. There has been a catalyst in the defensive world which has pushed detection engineering, response tradecraft, and intelligent engineering back into focus for the industry. As many are starting to realize, defensive work is challenging, rewarding, and can be immensely impactful.

This talk will be an informal and candid exploration of the realities of building and running a blue team for a modern Tech company. Topics covered will include organizational theory, operational challenges, detection engineering philosophy, telemetry and orchestration, and automation. Chris and Dane will also host a short defense-oriented ask-me-anything (AMA) at the end of the talk.


Dane Stuckey (@cryps1s) is the CISO / Cyber Janitor for Palantir. Dane has 8 years of information security experience and has specialized in incident detection/response, Windows platform security, and security program development. Prior to joining Palantir full-time, Dane worked in the U.S. Intelligence and Law Enforcement community. Dane graduated with a Bachelors in Information Security with an emphasis in Digital Forensics from the University of Texas, San Antonio."

Chris Long (@centurion) is a Detection and Response (CIRT) Engineer at Palantir. Chris has 8 years of information security experience and has specialized in incident detection/response, MacOS platform security, and is a strong advocate for the osquery platform. Prior to joining Palantir full-time, Chris worked on the Incident Detection and Response Teams for Facebook and Uber.