EP110 Detection and Response in a High Velocity and High Complexity Environment

Topics covered:

• Tell us about joining Robinhood and prioritizing focus areas for detection in your environment?
• Tim and Anton argue a lot about what kind of detection is best - fully bespoke and homemade, or scalable off-the-shelf. First, does our framework here make sense, and second, looking at your suite of detection capabilities, how have you chosen to prioritize detection development and detection triage?
• You're operating in AWS: there are a lot of vendors doing detection in AWS, including AWS themselves. How have you thought about choosing your detection approaches and data sources?
• Finding people with as much cloud expertise as you can't be easy: how are you structuring your organization to succeed despite cloud detection and response talent being hard to find? What matters more: detection skills or cloud skills?
• What has been effective in ramping up your D&R team in the cloud?
• What are your favorite telemetry data sources for detection in the cloud?