How I Learned to Stop Worrying and Build a Modern Detection & Response Program

Thursday, April 4, 2024

11:00 AM - 12:00 PM PST

60 minutes, including Q&A

You haven't slept in days. Pager alerts at all hours. Constant firefights. How do you get out of this mess? This talk gives away all the secrets you'll need to go from reactive chaos to building and running a finely tuned detection & response program (and finally get some sleep).

Gone are the days of buying the ol' EDR/IDS/NGAV combo, throwing some engineers on an on-call rotation, and calling it your incident response team. You need a robust and comprehensive detection and response program to fight modern day attackers. But there are a lot of challenges in the way: alert fatigue, tools are expensive, hiring talent is impossibly difficult, and your current team is overworked from constant firefights.

How do you successfully build a modern detection and response program, all while riding the rocket of never ending incidents and unforgiving on-call schedules?

This talk addresses the lack of a framework, which has led to ineffective, outdated, and after-thought detection and response programs. At the end of this talk, you will walk away with a better understanding of all the capabilities a modern program should have and a framework to build or improve your own.

Sponsored by:



Allyn Stott

Senior Staff Engineer


Allyn Stott is a senior staff engineer at Airbnb on the information security technology leadership team where he spends most of his time working on threat detection and incident response. Over the past decade, he has built and run detection and response programs at companies including Delta Dental of California, MZ, and Palantir. Allyn has previously presented at Black Hat, Kernelcon, The Diana Initiative, Texas Cyber Summit, and BSides around the world. Red team tears are his testimonials. In the late evenings, after his toddler ceases all antics for the day, Allyn writes a semi-regular, exclusive security newsletter: meoward.co.

Gary Monti

Senior Vice President of Security Operations


Gary Monti serves as Senior Vice President of Security Operations, leading the CyberMaxx Managed Security Services, Engineering, Product Management, and Customer Experience teams with an emphasis on protecting our clients through innovative solutions, with a philosophy of thinking like an adversary while defending as a guardian. MaxxMDR brings a comprehensive approach to continuous threat exposure monitoring, threat detection, and response with threat hunting as integral to preserving the business assets of CyberMaxx clients. Gary has served as keynote speaker for Networking in the 21st Century. Presenting at BlackHat, ComNet, InterOp, and Microsoft Global Summit. Also, a published author of Networking Complete (Sybex) as well as numerous trade publications.

Steve Paul


Black Hat

Sustaining Partners