I’m passionate about driving real security using SIEM, UEBA, and SOAR, to enable and empower the SOC. I work with customers to implement needs based (use case driven), security solutions to find the needles in an ever expanding mountain of hay. My belief is that our biggest threats walk on two legs. Their access to our network and what they’re doing on it is seldom reviewed, yet one wrong click can result in compromised credentials. Verizon DBIR reports consistently show 83+% of our data leaves our networks using legitimate credentials. I’m convinced we have to move beyond perimeter defense, and monitor misuse of data inside the network. As a company, at the executive level, malware is a nuisance, misuse and loss of data is a critical issue. Event data requires context to be actionable. Identity data, CMDB, and Network Maps can provide context and key attributes that enable auto-learning. Profiling behavior and comparing across like user or machine types can reveal anomalous behavior and extend detection capabilities beyond malware. Our tools have to get smarter. They have to learn our networks and watch for more than malware. That’s what convinced me we can do better and that we have to enhance our security programs.