Practical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilities

This is my best IT Security book this year. Purchasing the Kindle version today, I was immediately captivated. This book, astoundingly well-crafted for all skill levels, is a treasure trove of valuable insights. I started from the back and then went to the beginning. I am almost done with phase One ( Requirements Discovery) and I really love how the SOC team and Detection Engineers can collaborate to improve threat intelligence requirements by leveraging the observability of the SOC team in a feedback loop. It's not merely for the defense (blue team) or adversarial simulation (red team) squads or any specific IT security subdivision. It's a universal resource for protecting and detecting threats, resolving vulnerabilities across on-premises or cloud architectures. I strongly recommend every IT manager to read this and distribute copies among their team members, except want to keep the good stuff only to yourself, lol. If you're skeptical of my praise, simply preview the sample on Kindle for a taste of its quality."

This book shows that threat detection is not just about creating and implementing rules in a detection tool like a SIEM. It is also about understanding the initial requirements of these rules, the data sources that support them, continuous testing and validation, ensuring that they have the right coverage, and measuring their performance. The title is spot on because I was able to use the information right away to improve our SIEM rule management and learn how to come up with new detections using public information such as repos from other vendors, the Sigma project, or blog posts.

It's a good book! Definitely more practical than those exam books which are full of theories and It actually inspired me to start a little project.

Since becoming a detection engineer, many people have approached me asking for advice on how to develop their DE skills. There are some good sources of information out there for the conceptual piece, and some options for self-directed hands-on work that are suitable for those with experience but overwhelming for those just beginning to learn about DE. I struggled to find resources that had a good balance between teaching theory and guiding newer learners through more practical scenarios. This book bridges the gap. It’s approachable for someone who has some general infosec knowledge and experience while still offering valuable considerations and additional references for those already working in a DE capacity. It’s well-structured, easy to read, and does a nice job of explaining both conceptual and practical points. I have already recommended this book to others and am happy to have a resource to recommend in the future.