MSSN CTRL 2023

MSSN CTRL 2023 was LimaCharlie's first community conference, bringing security operators together around detection engineering, threat intelligence, and the realities of running security as a service. The complete session lineup is in the playlist above. Here is a quick guide to what matters most for an MSSP or MDR.

Detection engineering as a discipline

A strong thread runs through the event on building detections that hold up in production. Paul Ihme's session on continuous integration and continuous detection treats detection content like software, with testing and reliability built in. Scott Small covers building and validating detections with adversary intelligence, and David Burkett revisits the cybersecurity kill chain with fresh eyes. For a provider maintaining detection coverage across many tenants, this is the engineering mindset that keeps quality high as volume grows.

Running and maturing managed security

Josh Trombley's talk on advanced detection operations for MSSPs is the most directly on-point session for the ICP, covering how to scale detection work across customers. Amanda Berlin's session on creating and maturing a tabletop program, and Kris Jones on analyst-driven automation via serverless, round out the operational picture: exercise your response, then automate the repetitive parts.

Threat landscape and defensive range

The lineup spans the breadth of what providers defend against: modern email and callback phishing attacks, cloud infrastructure compromise, OT and ICS defense, WiFi security, and graph-based thinking about how attackers move. Andrew Morris and others weigh in on AI in cybersecurity products, a conversation that set up much of what LimaCharlie has built since.

Key takeaways for MSSP and MDR operators

• •Treat detection content as engineered software: tested, validated, and continuously integrated.
• •The MSSP-specific sessions show how to scale detection operations and automation across many customers.
• •Exercising response (tabletops) and automating toil are presented as practical maturity steps, not aspirations.
• •The threat sessions are a useful breadth check on where coverage needs to reach across email, cloud, OT, and identity.

Browse the full MSSN CTRL 2023 playlist above for the complete lineup.