Thriving Defense

Welcome

2 min read

Thriving Defense

Welcome to Thriving Defense.

Why thriving?

A few years ago, I was struck by the concept of surviving vs thriving. In survival situations, the body is in fight-or-flight mode, with higher cognitive functions disabled and intuition calling the shots. This is great as long as the danger is real. The problem occurs when people (or organizations, or industries) remain in survival mode, and planning (let along thriving) becomes an unattainable luxury.

Detection engineers are surviving today, but for how long?

DE is held to impossible standards of coverage expansion, noise reduction, and always catching the attacker. We must define what should be done in order to someday reach a position of thriving, and that’s what this site hopes to help do.

How to use this site

This site is based on Obsidian, a knowledge management system built on top of Markdown files. Though content will be developed gradually, it’s less like a blog and more like a wiki, with interconnected concepts that can be referenced and updated over time. The goal is to provide content without constantly explaining the same principles or dealing with broken links. There’s also a build-in graph view, RSS feed, and comments (so it’s not completely unlike a blog).

Key principles

  • Content generated by humans, not AI. AI may be used for editing.
  • Sometimes links will exist that don’t go anywhere yet. I hope to at least have minimal content, but some ideas have to be further developed and are placeholders for now. Those pages will often be tagged with #type/stub.

What am I thinking about?

  • Detection coverage: intuitively there will always be more directions to write, and we’ll never reach 100% coverage. But how do we know how close we are? This is what’s in #theme/coverage.
  • Once we have detection rules setup, how do we know if they’re still working (and we’re avoiding false negatives)? Search for #theme/validation to get more content.
  • How should we use GenAI? It’s a powerful tool that will transform workflows (including detection engineering), but what are moral, wise, and sustainable usage patterns?
  • General learning / brain science things

Recent Notes

Graph View