SecOps hierarchy of needs was created in the 1970s, as pointed out by @argvee, & we’re constantly rethinking how to do detection. She thinks we’re in the early days of this current 5 year detection cycle — this time, catalyst is the cloud 
“In 2050 when data centers are running on Mars (😂), we’ll have data readily available to make decisions, & humans won’t be needed to make those decisions — the systems will defend themselves” - @argvee
But to get there, @argvee says we need to transition to humans helping the computer understand *why* it’s making a decision — but we’re far from that today
Secure by default is the most important step in cloud native product security, since most users won’t bother to secure or investigate things if they feel confusing — @jessfraz
“The people who say containers aren’t secure haven’t actually broken out of a container” 🔥🔥🔥 - @jessfraz
“The previous model of gaining visibility by collecting 100 data sources & pumping it in a data store then performing analytics on it is probably not actually going to move the needle on the problem at all” — @mhil1
Better strategy is to look into the patterns or classes of attacks they’re experiencing & then moving upstream — moving to a continuous testing model to determine the patterns of activity that need to be tackled — @mhil1
Continuously practicing detection & response capabilities helps the most when dealing with having to secure disparate groups — @BradMaio
A lot of companies are in a “wait and see mode” — they don’t understand what attacks are happening to them, nor using red teams to proactively & continuously test — @BradMaio
“We’ve seen a lot of talk about Spectre and Meltdown, but is anyone exploiting them?” — @argvee
A big benefit of cloud is you can patch in one place & benefit millions of users — CSPs need to embrace that responsibility & customers are expecting it — @argvee
It’s better to use solution providers for security fundamentals & security at scale to free up the security team to focus on more context-specific & unique scenarios — @mhil1
Google got rid of most manual forensics investigation — went from 6 weeks for 70% accuracy to 72 hours for 80% accuracy now. Need to get data in front of the human so the human adds the “why” — @argvee
You want to distribute alerts to the people who have the appropriate context vs having a generic SecOps team filter events — @mhil1
There’s a not a lot of change in the sophistication of attacks over time — companies today aren’t getting breached b/c of super sophisticated attacks, it’s the basics, like unpatched machines for a decade — @BradMaio
No one’s going to go for hard attack like breaking out of a container, they’ll go for the exposed dashboard & get free compute to run their bitcoin miners — @jessfraz
Exposing misconfigured services can result in “remote execution as a service” 😂 — @jessfraz
A benefit of continuous delivery, per @argvee, is you can get patches out the door far faster.
Yet again: infosec & DevOps should be bffs
Yet again: infosec & DevOps should be bffs
Most important things that will change infosec: relationships & international trade / economics. You need someone to build relationships across your org to discuss infosec strategy & how it benefits the business — @argvee
Vendors should be more prescriptive & engineer features to be optimized for security vs. confusing configs left up to the company to decide — @mhil1
