Q: How did you become an author for Packt? Tell us about your journey. What was your motivation for writing this book?
Jason: I was working with Megan Roddie and the conversation came up.
Q: What is the name of your book?
Jason: Practical Threat Detection Engineering.
Q: What kind of research did you do, and how long did you spend researching before beginning the book?
Jason: We spent about 3 weeks on the literature review and topic research before writing.
Q: What key takeaways do you want readers to come away with from the book?
Jason: Detection engineering is primarily a data problem, and a well designed process can help make the easy parts easy, so you can focus on figuring out the more complicated parts.
Q: Can you share any blogs, websites and forums to help readers gain a holistic view of the tech they are learning?
Jason: Here you go: The elastic security documentation is worth referencing: https://www.elastic.co/guide/en/welcome-to-elastic/current/getting-started-siem-security.html. The Packt book “Threat hunting with Elastic Stack” also contains some great details on Elastic and it’s use cases within the security space.
Q. Did you face any challenges during the writing process? How did you overcome them?
Jason: It was sometimes difficult balancing work with writing. Sometimes it was necessary to write at strange hours.
Q. How would you describe your author journey with Packt? Would you recommend Packt to aspiring authors?
Jason: I would highly recommend working with Packt – their team is very professional, understanding and helpful.
Q. Why should readers choose this book over others already on the market? How would you differentiate your book from its competition?
Jason: It provides a process for approaching detection engineering. While other material tends to focus on specific technologies, we’ve tried to focus on the process, which should give the reader tools to build detection engineering programs on top of any technology.
Q. What is/are your specialist tech area(s)?
Jason: My specialist tech areas would be Digital Forensics, Incident Response, Data analysis.
Q. What advice would you give to readers jumping into this technology? Do you have any top tips?
Jason: Focus on the fundamentals of what the technology is doing at each step. Bear in mind there are many options when looking for a solution to satisfy a specific problem. As you go through the book’s examples, keep in mind that the technology can be substituted as needed for your specific situation.
Q. What’s your take on the technologies discussed in the book? Where do you see these technologies heading in the future?
Jason: I think elastic is positioning itself very well to maintain it’s place in the data management space. Additionally, it is constantly adding new features which makes it an option for addressing newer challenges. I think it will continue to be a strong option for people who work with data at a large scale, and with the endpoint security features it is also going to make significant inroads into the security space as well.
Q. How did you organize, plan, and prioritize your work and write the book?
Jason: We started by planning the chapters out and deciding on who would write which pieces. From there we wrote the pieces we were responsible for and reviewed each other’s work.
Q. What are your favorite tech journals? How do you keep yourself up to date on tech?
Jason: Mostly through blogs. There are many blogs on the topic and the community produces a lot of content.
Q. Would you like to share your social handles? If so, mention them below.
Jason: Sure. Here you go: @jason_dfir on twitter/X.
Q: What is that one writing tip that you found most crucial and would like to share with aspiring authors?
Jason: Take time to develop a good plan. It makes the execution easier.
You can find Jason’s book on Amazon by following this link: Please click here