Outpost Security RBA Podcast

Proofs-of-Concepts (POCs) can often be viewed as a low-risk throw away exercise to test a new strategy or system, but you never really know if the move is going to payoff long-term. So what if you’re looking to replace your entire SIM or make a big shift in strategy? Beyond the significant investment of time and a huge amount of risk, how would you even design a POC to justify the shift? However, we’ve been able to run POCs with clients that have shown significant value, before they spend the first dollar (As quick as 2 weeks). We’re not only finding the cracks, but demonstrating the efficacy of their strategy down the road.  Join us for this episode where we give you permission to expect more from your POCs and share what we are seeing work with our clients.  Show Notes Join the RBA Community Are you RBA Ready? Schedule an ES Assessment to define where you’re at and next steps into RBA.  Web View of the Splunk published detection content: research.splunk.com Will and Stuart co-founded Outpost Security so that security teams could implement RBA faster and gain new perspectives in securing the frontiers of enterprise.

This episode we focus on the Security Analysts in the house! Leveling up security operations requires involving multiple teams at many different levels. But the analyst role is unique and we felt that it needed to be unpacked and given some time in the spot light. We hope you enjoy the episode! Show Notes Join the RBA Community Are you RBA Ready? Schedule an ES Assessment to define where you’re at and next steps into RBA.  Web View of the Splunk published detection content: research.splunk.com Will and Stuart co-founded Outpost Security so that security teams could implement RBA faster and gain new perspectives in securing the frontiers of enterprise.

In this episode we talk about pitching your idea or solution to leadership in order to find support and funding. THIS IS NO EASY TASK and can be intimidating. But it’s necessary if you want any influence over how your security program gets built out. Join us as we discuss how to be more successful in this part of the work.    Show Notes Join the RBA Community Are you RBA Ready? Schedule an ES Assessment to define where you’re at and next steps into RBA.  Web View of the Splunk published detection content: research.splunk.com Will and Stuart co-founded Outpost Security so that security teams could implement RBA faster and gain new perspectives in securing the frontiers of enterprise.

Let's dive into the flow state! We spend a lot of time talking about the academic and technical side of cyber security and we needed a break. There's a method to how we've been able to build our apps and grow Outpost and we wanted to talk about that this episode. Maybe it will help you tackle the obstacles and projects in front of you.  Enjoy the episode! Show Notes Join the RBA Community Are you RBA Ready? Schedule an ES Assessment to define where you’re at and next steps into RBA.  Web View of the Splunk published detection content: research.splunk.com Will and Stuart co-founded Outpost Security so that security teams could implement RBA faster and gain new perspectives in securing the frontiers of enterprise.

Join us to explore practical theories around the business of risk and how to prioritize where you can have the largest impact. When you are faced with multiple attack vectors, how do you triage the situation and decide where to start. We're going to talk through some case studies and form a plan of action.  Enjoy the episode! Show Notes Join the RBA Community Are you RBA Ready? Schedule an ES Assessment to define where you’re at and next steps into RBA.  Web View of the Splunk published detection content: research.splunk.com Will and Stuart co-founded Outpost Security so that security teams could implement RBA faster and gain new perspectives in securing the frontiers of enterprise.

We share our grand vision for the future of Cyber Security - AUTOMATIC SECURITY! But don't get it confused with AUTOMATED security. Tune in to find out the distinction. It's a big vision and our conversation touches on a lot of areas of cyber security. Enjoy the episode! Show Notes Join the RBA Community Are you RBA Ready? Schedule an ES Assessment to define where you’re at and next steps into RBA.  Web View of the Splunk published detection content: research.splunk.com Will and Stuart co-founded Outpost Security so that security teams could implement RBA faster and gain new perspectives in securing the frontiers of enterprise.

We're riffing off a talk Stuart gave with Jason Lang about the elements within Cyber Security that sit in tension with each other in order to make the whole better. And if you don't know when and where they exist, they can become tar pits that cause us to get stuck. Enjoy the episode!   Join the RBA Community Are you RBA Ready? Schedule an ES Assessment to define where you’re at and next steps into RBA.  Web View of the Splunk published detection content: research.splunk.com Will and Stuart co-founded Outpost Security so that security teams could implement RBA faster and gain new perspectives in securing the frontiers of enterprise.

We are all concerned about being under-resourced, not having enough people, having too much to do and not enough bandwidth. But we want to look on the bright side in 2024! So listen and let us dispel the idea that bigger is always better. Let’s celebrate the Power of Small Teams!!   Join the RBA Community Are you RBA Ready? Schedule an ES Assessment to define where you’re at and next steps into RBA.  Web View of the Splunk published detection content: research.splunk.com Will and Stuart co-founded Outpost Security so that security teams could implement RBA faster and gain new perspectives in securing the frontiers of enterprise.

What are some key fundamentals that have risen to the top as best practices, creating high output from an effectiveness and value perspective? Join us in our discussion as we work through our punch list and share our own experiences.    Join the RBA Community Are you RBA Ready? Schedule an ES Assessment to define where you’re at and next steps into RBA.  Web View of the Splunk published detection content: research.splunk.com Will and Stuart co-founded Outpost Security so that security teams could implement RBA faster and gain new perspectives in securing the frontiers of enterprise.

2024 will present many of the same challenges that we saw in 2023, 2022, and so on. There will definitely be some new conversations to discuss and debate, like whether or not AI be our greatest weapon, or greatest threat? But we try and keep this conversation focused on the big picture (rather than potential distractions) to secure the frontiers of enterprise.    Join the RBA Community Are you RBA Ready? Schedule an RBA Readiness Review to define where you’re at and next steps into RBA.  Web View of the Splunk published detection content: research.splunk.com Will and Stuart co-founded Outpost Security so that security teams could implement RBA faster and gain new perspectives in securing the frontiers of enterprise.

This episodes concludes our discussion on one of our favorite and trusted frameworks from the book Switch: How to Change Things When Change Is Hard by Chip and Dan Heath. We don’t usually split up topics into two episodes but we thought we’d try it and hope that this wrap up is satisfying and useful for you in your security practice.    Join the RBA Community Are you RBA Ready? Schedule an RBA Readiness Review to define where you’re at and next steps into RBA.  Web View of the Splunk published detection content: research.splunk.com Will and Stuart co-founded Outpost Security so that security teams could implement RBA faster and gain new perspectives in securing the frontiers of enterprise.

We wanted to explore a tactical approach to execution in cybersecurity using one of our favorite and trusted frameworks from the book Switch: How to Change Things When Change Is Hard by Chip and Dan Heath. It’s been influential in how we’ve developed our best practices based on first principles. We hope you enjoy the discussion and can take away something of value that you can apply in your security work.   Join the RBA Community Are you RBA Ready? Schedule an RBA Readiness Review to define where you’re at and next steps into RBA.  Web View of the Splunk published detection content: research.splunk.com Will and Stuart co-founded Outpost Security so that security teams could implement RBA faster and gain new perspectives in securing the frontiers of enterprise.

Not only do some security teams have diverging priorities, often times we find that analysts and engineers have goals that are opposed and in conflict with one another. How can your SOC move forward when your teams are moving in complete different directions. In this episode we are going to talk about how your team can find common ground and identify unifying objectives.  Join the RBA Community Are you RBA Ready? Schedule an RBA Readiness Review to define where you’re at and next steps into RBA.  Web View of the Splunk published detection content: research.splunk.com Will and Stuart co-founded Outpost Security so that security teams could implement RBA faster and gain new perspectives in securing the frontiers of enterprise.

This statement follows us wherever we go, whether it’s during an assessment or an implementation. Seasoned security professionals and Splunk users are surprised at some of the features available in Splunk ES. In this episode we are sharing some of these elusive capabilities with you so that you can get the most out of this best in class SIEM.   Join the RBA Community Are you RBA Ready? Schedule an RBA Readiness Review to define where you’re at and next steps into RBA.  Web View of the Splunk published detection content: research.splunk.com Will and Stuart co-founded Outpost Security so that security teams could implement RBA faster and gain new perspectives in securing the frontiers of enterprise.

Stuart wanted to take a bit of time talking about Gratitude, finding the unique aspects of this work that help us, as security professionals, stay in the grind, stay in the fight and keep chasing better solutions and outcomes. And Will, newer (4 years) to the security battle, shares his perspective having chose this path after years in other parts of tech. We hope this episode energizes you to stay strong and curious about enterprise security.   Join the RBA Community Are you RBA Ready? Schedule an RBA Readiness Review to define where you’re at and next steps into RBA.  Web View of the Splunk published detection content: research.splunk.com Will and Stuart co-founded Outpost Security so that security teams could implement RBA faster and gain new perspectives in securing the frontiers of enterprise.

We have a bone to pick with the current understanding of being Resilient as it applies to enterprise security. “Resiliency” tries to be a encapsulate how well your organization can defend against unexpected attacks from any where at any time. Some want to point you at the latest tech to add to your stack or list to check against. We have found other indicators that have more impact on your organizations resiliency that any of those.  Join the RBA Community Are you RBA Ready? Schedule an RBA Readiness Review to define where you’re at and next steps into RBA.  Web View of the Splunk published detection content: research.splunk.com Will and Stuart co-founded Outpost Security so that security teams could implement RBA faster and gain new perspectives in securing the frontiers of enterprise.

This episode is all about Murphy’s Law of Combat and how it pertains to DEFENSIVE cybersecurity. This episode is one of Stuart’s favorite topics and we had a lot of fun selecting a few of the laws to discuss and apply to the work we do. Settle into your seat and let’s secure the frontiers of ES. Join the RBA Community Are you RBA Ready? Schedule an RBA Readiness Review to define where you’re at and next steps into RBA.  Web View of the Splunk published detection content: research.splunk.com Will and Stuart co-founded Outpost Security so that security teams could implement RBA faster and gain new perspectives in securing the frontiers of enterprise.

[Summary] Join the RBA CommunityAre you RBA Ready? Schedule an RBA Readiness Review to define where you’re at and next steps into RBA.  Web View of the Splunk published detection content: research.splunk.com Will and Stuart co-founded Outpost Security so that security teams could implement RBA faster and gain new perspectives in securing the frontiers of enterprise.

Hot off the heals of Splunk’s .Conf 2023 we are joined by Haylee Mills, Security Strategist from Splunk and community proclaimed “Queen of RBA” to recap the event and the latest RBA conversations. Join the RBA CommunityAre you RBA Ready? Schedule an RBA Readiness Review to define where you’re at and next steps into RBA.  Web View of the Splunk published detection content: research.splunk.com Will and Stuart co-founded Outpost Security so that security teams could implement RBA faster and gain new perspectives in securing the frontiers of enterprise.

Successful implementation of Risk Based Alerting in Splunk can be very challenging. Implementing any SIEM is challenging for that matter.  We’ve seen a lot of teams struggle and distilled the problems we’ve observed into three key areas; (bullets if we can) Getting data normalized across all feeds Trying to build exhaustive detection programs before releasing them, or Grasping to get a full picture of an alert event in order to make informed decisions In this episode we discuss why teams get stuck here and introduce our newly launched RBA Zero-to-One app for Splunk(TM) ES; designed specifically to overcome these problems, generate additional benefits to your team dynamics, and lay a foundation for tackling a broader range of issues specific to your environment. Learn more about Outpost RBA Zero-to-One Join the RBA CommunityAre you RBA Ready? Schedule an RBA Readiness Review to define where you’re at and next steps into RBA.  Web View of the Splunk published detection content: research.splunk.com Will and Stuart co-founded Outpost Security so that security teams could implement RBA faster and gain new perspectives in securing the frontiers of enterprise.

For their first interview of the podcast, Will and Stuart talk with Jimi Mills, the CSO of Texas Instruments. Jimi shares about career in security, the ever changing landscape, the value of collaborative culture, and how they all met over late night security chats at Splunk .conf. This conversation provides a glimpse into the future for security leaders who have started their journey into the frontiers of RBA. The ups and downs and the hope it can bring to your SOC.  Join the RBA CommunityAre you RBA Ready? Schedule an RBA Readiness Review to define where you’re at and next steps into RBA.  Web View of the Splunk published detection content: research.splunk.com Will and Stuart co-founded Outpost Security so that security teams could implement RBA faster and gain new perspectives in securing the frontiers of enterprise.

In this episode Will and Stuart discuss the term “Maturity” and how it has been used to shame your security operation. Instead of measuring maturity, how can we talk about ACTUAL capability, being honest with yourselves so you can meet the needs of your organization. Join the RBA CommunityAre you RBA Ready? Schedule an RBA Readiness Review to define where you’re at and next steps into RBA.  Web View of the Splunk published detection content: research.splunk.comWill and Stuart co-founded Outpost Security so that security teams could implement RBA faster and gain new perspectives in securing the frontiers of enterprise.

Welcome to the Outpost RBA Podcast; Securing the Frontiers of Enterprise. Will and Stuart host their first Call-in-style show to answer listener questions:Prioritizing in Philly asks, “Does anyone have any tips for prioritization of content…?” Migration in Memphis asks, “We have 100+ traditional detections and would like to migrate them to RBA. How should we attack this…?” MITRE in Minneapolis asks, “Where should we look for sources of detections tagged to MITRE techniques in order to get 100% coverage?”Send in your question or an audio recording of your question to the show to be answered on a future episode. Join the RBA CommunityAre you RBA Ready? Schedule an RBA Readiness Review to define where you’re at and next steps into RBA.  Web View of the Splunk published detection content: research.splunk.comWill and Stuart co-founded Outpost Security so that security teams could implement RBA faster and gain new perspectives in securing the frontiers of enterprise.

Will introduces the metaphor of SYMPHONY to talk about moving from the dissonant noise of your SIEM into a resonant, ordered, performance of security.

In this episode we clear up some common misconceptions security teams have about RBA and equip you to start championing it in your organization.

In this first episode we talk about the Origins of RBA; How Stuart McIntosh and his team defined the solution they wanted for their SOC and in the end built it themselves - thus RBA was born. Stuart and Will also tell stories about their experiences implementing RBA; Employees using date fields to store credit cards, the compounding of tech debt, process debt, data debt, and more!