Anvilogic

Detection Engineering Dispatch

Detection Engineering Dispatch is a detection engineering & threat hunting podcast featuring spicy use cases, real-world war stories, and the brilliant minds building the future of SecOps. We’re talking sharp takes, top-of-mind challenges, and community content straight from the folks pushing the limits of detection engineering, threat hunting, and everything in between. Come for the nerdy bits. Stay for the vibes. Join our community to stay up to date on all of our newest episode drops: ➡️ Register Here Stay in the loop! Connect with us on social: Website: https://www.anvilogic.com/ LinkedIn:...

Auteur

Anvilogic

Catégorie

Technology

Site du podcast

www.anvilogic.com

Dernier épisode

17 févr. 2026

Où écouter ?

Les podcasts dans l'appli Replaio Radio Bientôt disponible

Les podcasts arrivent très bientôt dans l'appli. Installe-la dès maintenant et découvre en avant-première une toute nouvelle façon de vivre les podcasts

Télécharger sur Google Play Installe-la gratuitement Android 5 M+ de téléchargements · note de 4,8 iOS bientôt

Épisodes

Does the SOC have a Memory Problem?? A better approach to your field notes feat. K.C Yerrid 17.02.2026

KC Yerrid joins Detection Dispatch to break down SCOUT — a local-first, open-source analyst cockpit built around atomic notes, entity relationships, and structured investigation memory. The SCOUT Project Github: https://github.com/kcyerrid/SCOUT In this episode, we explore: Why static investigation notes rarely get referenced again and why tribal knowledge evaporates after every incident Why “ever...

The New Definition of Visibility & the Evolving Role of IOCs: Detection Engineering Through a UFO Lens with David Burkett 03.02.2026

Detection engineering has the same problem as UFO sightings.... sometimes we think we’re seeing something, but we’re not sure what . In this UFO-themed special, Alex Hurtado and David Burkett break down the new definition of visibility , the evolving role of IOCs , and the rise of EDR evasion exploiting blind spots in our tools, data, and assumptions. 🛸 Shownote references: https://www.liesabove....

The SOC Then vs Now...a 'Possible Travel' Season 2 Special Feat. Matt Konwiser & Chris Liccardi 29.01.2026

In this episode, we hop in the time machine with my old friends Matt Konwiser and Chris Liccardi to break down the evolution of the SOC and explore what actually got better, what got worse, and why alert fatigue may be the normalized thing no one wants to do anything about. What’s inside: The ghost of SOCs past: linear, manageable, maybe even… boring? IAM, UBA, VPCs, and other buzzwords that broke...

Cool Story, Bro: Making Detection Engineering Matter Up the Chain 18.12.2025

A Chloe Burton special on the very human side of detection engineering. From a nonlinear path into security (neuroscience, psychology, Splunk era chaos) to leading a DE team today, Chloe and Alex break down why context beats checklists , why so many detections cluster in the middle of the MITRE ATT&CK framework, and how telemetry availability quietly shapes what we defend. We dig into detectio...

To AI SOC or NOT TO AI SOC feat. Dennis Chow 18.11.2025

What if the real question isn’t “ Do you need an AI SOC? ” but “ Are your alerts actually any good? ” In this episode, Alex and Dennis Chow (Director of SecOps Engineering at UKG) and co-author of Automating Security Detection Engineering break down the uncomfortable truth: if your alerts are fundamentally weak, no AI system will save you. Dennis walks through how he evaluates when alerts move fro...

Spencer Pratt on Agentic RAGs + Chicago Reccs for Newbies 07.11.2025

Before he ever cried on the red line, Spencer Pratt broke his own RAG index. In this episode of Detection Dispatch , Spencer Pratt (not The Hills one...this one writes detections, not drama) joins Dispatch to talk through what it really takes to operationalize agentic AI in the wild. From L1/2 triage to risk scoring, Spencer walks us through building a homegrown RAG system on top of Azure, complet...

Malware Trends, Credential Soup and Scream Therapy 31.10.2025

Alex and Scott Rodgers unpack the F5 breach, Mandiant M-Trends highlights like the fall of BEACON, and the leapfrogging of Stolen Creds over Phishing. Expect: The infostealer industrial complex Operation MORPHEUS x BEACON’s quiet exit The real meaning of “supply chain blast radius” & tight turnaround time reqs Why screaming might actually save your sanity Hit play. Stay unhinged. Detect respon...

What Your EDR Doesn’t See...Kostas Drops Receipts from the Telemetry Trenches 23.10.2025

We unpack what modern EDRs actually deliver, where they fall short, and where to validate telemetry before you buy. EDR Telemetry Project co-founder, Kostas walks through the open-source EDR Project, the pros/cons of Sysmon, and how to evolve from alert consumers to detection engineers. And also....EDR Vendors dropping out of the MITRE ATT&CK Evaluations?? Show Note References:   https://githu...

SIEMs & Data Lakes can be friends...it isn't Either/Or, It’s Yes, And. 08.10.2025

On this Detection Dispatch , host Alex Hurtado sits down with Jake Berkowsky CTO at Snowflake to crack open one of the hottest and often misunderstood topics in modern SecOps: the rise of the security data lake x security data lakes as your SIEM. Modern detection architecture isn’t about choosing SIEM or lake, it's about interoperability, orchestration, and strategic flow . We cover federatio...

Detection in Flux: Riding the Chaos with Day Johnson 25.08.2025

In a world where SOCs are dissolving, job roles are glitching, and where the attack surface blurs between our work <> personal life between Slack & Discord, one thing remains constant: detection never sleeps. On this episode of Dispatch , we’re joined by Day Johnson — detection engineer at Amazon, architect of Cyberwox labs, and voice of clarity for 100K+ across LinkedIn, YouTube, and Tw...

A New Way to UBA feat. Snowflake’s Insider Threat Team 17.07.2025

Join Snowflake’s Insider Threat team for a direct discussion on separating everyday behavioral drift from true malicious intent. We examine role changes, privilege creep, and off-hour access, showing how context—identity, project timelines, and data lineage—sharpens detection and reduces noise. The conversation ends with a clear-eyed look at the trade-off between missing an insider and overwhelmin...

Prompted to Fail: When LLMs Go Rogue 18.06.2025

LLMs are rewriting the rules of app security—and not always in a good way. In this episode Alex sits down with Scott Rogers, a seasoned data scientist at ANvilogic to unpack why LLMs are the new wild west of application risk—and how old-school OWASP principles are making a serious comeback. We cover : Real-world prompt injection failures (yes, including Air Canada’s rogue chatbot) How RAG systems...

5 Bitter Pills to Swallow RE: Agentic AI w/ Oliver Rochford 05.06.2025

Everyone’s talking about agentic AI—but what are we actually building? In this episode, Oliver Rochford and Alex unpack five bitter pills security teams need to swallow about the current state of “agents.” Most aren’t autonomous, many are mislabeled, and flashy wrappers can’t hide weak detections or bad data. We dig into the hype, the gaps, and what real operational maturity looks like. If you&apo...

5 Signs You're Overengineering your Detection Logic w/ John Dempsey 22.05.2025

Is your detection logic doing too much? In this special episode, Alex sits down with Johnathan Dempsey to unpack the 5 signs your rules are too complex — and why that might be hurting more than helping. From alert overload to unreadable logic, learn how to simplify without sacrificing fidelity. If your detections look like a math thesis, this one’s for you. Stay in the loop! Connect with us: Join...

The AI Series: Inside URL Guardian—An LLM Built for Detection 30.04.2025

Mike Hart returns to walk through URL Guardian , our new LLM for malicious URL detection. Now live on HuggingFace, it’s built to spot suspicious patterns and reduce false positives—without the regex headaches. Check out the Hugging Face here: https://huggingface.co/Anvilogic/URLGuardian Stay in the loop! Connect with us: Join Dispatch Community: https://www.anvilogic.com/workshop Website: https://...

The UEBA Illusion: Why Traditional UEBA Falls Short 16.04.2025

Alex sits down with Kevin Gonzalez to pull back the curtain on User and Entity Behavior Analytics (UEBA), and expose the gap between its promises and real-world pitfalls. Hear his stories from the trenches of deploying UEBA multiple times at different organizations, and his blueprint for how teams should align UEBA with real attacker behaviors. Read his blog about his experience: https://www.anvil...

Machine Learning-Powered Threat Hunting ft. Sydney Marrone 03.04.2025

Our last drop for International Women's Month featuring Sydney Marrone—Principal Threat Hunter at Splunk and co-author of PEAK Threat Hunting—to explore how ML-driven techniques are transforming detection strategies. Tune in to hear Sydney and Alex break down real-world applications of advanced analytics to surface threats hidden in HTTP datasets.  Check out the HEARTH community on their gith...

DECEIVE to Defend: AI-Powered Deception feat. Edna Jonsson 20.03.2025

This International Women’s Month, we’re celebrating leaders and supporters driving the future of threat hunting and detection engineering. Next up in our series is Edna Jonsson, a cybersecurity engineer and forever student of the trade, introducing DECEIVE—Splunk’s new DECeption with Evaluative Integrated Validation Engine. DECEIVE brings AI-powered honeypots directly into the hands of security te...

HEARTH | the community-driven threat hunting project ft. Lauren Proehl 20.03.2025

Tune in with us for a discussion on HEARTH—a community-driven threat hunting GitHub repository that you’re going to want to fork as well as the importance of community intel-sharing. This episode is about community, innovation, and the women leading the way in threat hunting. Happy International Womens Month!  Check out the HEARTH community on their github here: https://github.com/THORCollective/H...

Kerberoasting (T1558.003) Workshop | best watched on YouTube 10.03.2025

In this episode, host Alex Hurtado welcomes back Andrew VanVleet, who breaks down a comprehensive approach to technique analysis using Detection Data Models (DDMs). Andrew walks through a 10-step process for analyzing Kerberoasting (T1558.003), identifying four distinct attack procedures and their detection strategies. Learn how to map telemetry to detection opportunities, recognize security blind...

Understanding Detection Engineering and Why Teams Struggle With It 13.02.2025

In this episode of Detection Dispatch, host Alex Hurtado welcomes Jimmel Peters (JP), a seasoned cyber threat detection engineer from a major media company, to unpack the million-dollar question: why are so many security teams still scratching their heads over detection engineering, even though everyone's talking about it? JP breaks it down for us, walking through how the field has evolved fr...

12 Emerging Threats and How to Defend Against Them 05.02.2025

In this episode of Detection Dispatch, host Alex Hurtado welcomes Lee Archinal from Intel 471 to dive deep into 12 significant emerging threats observed in late 2024. From Dark Casino's financial sector targeting to the devastating healthcare attacks by Phobos ransomware, discover the latest threat actor behaviors and practical detection strategies. Learn how to leverage Intel 471's hunt...

Habits of High-Performing Detection Engineers feat. Zack 'techy' Allen 24.01.2025

In this episode, host Alex Hurtado welcomes Zack Allen, the creator of Detection Engineering Weekly and Sr. Director of Security Detection & Research, to explore the traits of high-performing detection engineers. Discover why having "T-shaped" skills (deep knowledge in one area while maintaining broader understanding across domains) trumps being a pure specialist, and learn how psych...

Top 10 KQL Queries Every Detection Engineer Should Know 12.12.2024

In this episode, Alex sits down with Sergio Albea , an accomplished Threat Hunter, Researcher, User Behavior Analyst, and Senior Cloud Security Engineer/Architect, to share a must-have resource for detection engineers: the Top 10 KQL Queries of 2024. From detecting DLL hijacking and MFA fatigue to uncovering anonymous file access in OneDrive and SharePoint, we’ll walk through each query and the da...

How LLMs Can Outsmart TYPOSQUATTING Attacks 12.12.2024

In this episode, Alex sits down with the brilliant Mike Hart , a data scientist whose mission is to outsmart the sneaky world of typosquatting attacks. Just in time for the holiday shopping frenzy, we explore how his open-source project leverages LLMs to safeguard users from clicking on malicious look-alike links. With online holiday shopping being a prime target for this attack vector, the risks...

Écoute le podcast Detection Engineering Dispatch sur Replaio

La radio et les podcasts dans une seule appli - gratuite, sans inscription. Installe-la dès aujourd'hui et ne rate pas le lancement

Télécharger sur Google Play

Replaio n'est pas éditeur de podcasts ; les noms des émissions, les visuels et l'audio appartiennent à leurs auteurs et sont diffusés via des flux RSS publics