Detection Engineering Dispatch is a live series of 30 to 45-minute episodes featuring hands-on experiences, open discussions and live case studies with security operations teams at leading companies on what it takes to build a great detection engineering program.
Join your peers to knowledge share, deep dive on technical best practices, and engage in discussions relevant to the detection engineering community.
Days Until The Next Live -Session
Before he ever cried on the red line, Spencer Pratt broke his own RAG index.
In this episode of Detection Dispatch, Spencer Pratt (not The Hills one...this one writes detections, not drama) joins Dispatch to talk through what it really takes to operationalize agentic AI in the wild. From L1/2 triage to risk scoring, Spencer walks us through building a homegrown RAG system on top of Azure, complete with semantic search, vector embeddings, and even one risk score that always returns “zero” (because he told it to).
We get into:
– OpenAI in production for alert history correlation & analysis assist
– How to hallucination-proof your enrichment
– Why DNS exfil is still too weird for your LLM
– And why automation shouldn't make the decisions, but can help you decide faster
Also in this episode, you get a bonus:
🥲 Chicago starter pack of reccs for newly promoted SOC analysts
🍕 Bottomless brunch + skyline bike rides with the fam
🎮 Retro arcades and ramen bars that go harder than your SIEM
Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.
Past Episodes & Resources
October 30, 2025
The F5 breach, M-Trends 2025 highlights, and the rise of infostealers. Alex and Scott Rodgers break down detection engineering best practices based on recent malware trends.
.png)
In this episode of Detection Dispatch, host Alex Hurtado sits down with Kostas, founder of DefendPoint Consulting and creator of the EDR Telemetry Project, to unpack the realities of endpoint detection in 2025. They discuss the evolution of EDR beyond antivirus, Sysmon’s role as a supplement—not a replacement—vendor transparency, pricing myths, and how AI SOCs are reshaping detection engineering.
.png)
September 25, 2025
Modern detection architecture isn’t about choosing SIEM or lake — it’s about interoperability, orchestration, and strategic flow. We cover federation hype and data silo upkeep fatigue and take a brutally honest look at why standalone SIEMs aren’t cutting it, what’s actually driving data lake adoption, and how teams can shift from buying more platforms to building better data flows.