We're discussing arranging a 'future of detection engineering' panel at #BSidesLuxembourg2026, but unfortunately the only pureplay-DE submissions we have on the topic are from men. And 'manels' are stinky by nature.
DOES ANYONE KNOW SOMEONE NOT-white-male who is planning to (or would be interested in) attending BSidesLux and who is on the cutting edge of Detection Engineering?
We tried to ask around, but so far no success. Please boost for reach.
😍
@vickyjo @verovaleros Hi @verovaleros, are you a #detectionengineering specialist operating at the cutting edge of whats possible here today?
Or doing something with Agentic SOC?
If yes, then we're trying to build panels on these topics at BSidesLuxembourg.
#BSidesLuxembourg2026
#DetectionengineeringVillage
#AgenticSOCvillage
@TindrasGrove @BSidesLuxembourg Ooooh, Luxembourg is a fascinating country that I've always wanted to visit.
I'm not sure what I do could be considered "cutting edge," but I suppose writing suricata signatures specifically for honeypots and abusing not super well documented buffers might be of interest?
@Dio9sys @TindrasGrove Hey!
Of interest in a talk, for sure. Of interest to this panel, probably not unfortunately. Looking specifically for people do threat detection at scale in their SOCs to build detection coverage. Maybe I misunderstand so feel free to explain more if yes?
Maybe alternatively:
Where are you located? Would you be willing to do a talk on suricata for honeypots and its role in your enterprise security posture?
@BSidesLuxembourg @TindrasGrove Hey no worries! Just figured I would shoot my shot.
I work at a company that gathers data from honeypots for a living, and I write suricata signatures to match the logs we get from those honeypots with various exploits to add metadata to other companies' SIEM. I'm located in the northeastern US, so I totally understand if this isn't the right fit. I just figured I would respond since I was pinged :)
@Dio9sys @BSidesLuxembourg to put it simply: Dio builds the signatures that curate the feed that enterprises can just pull in instead of doing all the detection engineering themselves.
So, not working in a SOC, but very much feeding enterprise security and SOCs.
@Dio9sys @TindrasGrove That's awesome. That's why we're all here.
Let me dig a bit into what you do, as described by both you and @TindrasGrove
How are you making this work actionable for the consumers of these detections?
The village we're arranging is actually called (full name) #ActionableCTIandDetectionEngineeringVillage :)
so I work at @greynoise which I'm sure has a more fancy and corporate description but, in a nutshell, I take data from honeypots. I identify exploits being sent to these honeypots. I write suricata signatures to match the exploits and add metadata describing what it is, when it was made, etc. That data is then sent as a data feed to SIEMs to give soc analysts another data point to hopefully make alert triage faster and sent to TIPs for intel teams. It's also put on the website to give a historical graph, geoip info, IPs to add to your firewall, things of that sort. I also conduct research in our logs to find things that are either not being talked about or things that are more niche and blog about them (I wrote this https://www.labs.greynoise.io/grimoire/2026-02-24-whats-that-string/ ).
BSidesLuxembourg
Victoria Walberg
Tindra
Dio9sys