MSSN CTRL 2024

MSSN CTRL 2024 is LimaCharlie's community conference for security operators, built around the work that actually fills an MSSP or MDR analyst's day: writing detections, ingesting telemetry, productizing services, and figuring out where AI genuinely helps. The full session lineup is in the playlist above. Below is a quick map of what is worth your time as a managed security provider.

Building and operating on the SecOps Cloud Platform

A run of practical, hands-on sessions from Matt Bromiley covers the core workflow end to end: getting started with the SecOps Cloud Platform, custom telemetry ingestion, detection and response engineering, dashboarding, and going beyond the platform with extensions and add-ons. For a provider standing up new client environments, these are the mechanics of doing it repeatably rather than one tenant at a time.

Turning capability into a service

James Pichardo's session on productizing cybersecurity services speaks directly to the MSSP and MDR business model: how to package detection and response into something you can sell, deliver consistently, and scale. Andrew Katz's talk on becoming an "API artisan" makes the case that programmatic access is what lets a small team punch above its weight across many customers.

AI in the SOC, with the hype removed

Several speakers tackle where AI fits in real operations. Trevor Gingras and Jeb Carlisle look at practical AI driving SOC transformation, and Dylan Williams shows how AI can reduce the toil in detection writing. The throughline for service providers is the same one LimaCharlie has been building toward: AI as something you operate against your own infrastructure, not a black box bolted onto someone else's.

Threat intelligence, forensics, and emerging attack surfaces

The lineup goes deep on the threats providers face on behalf of clients: digital forensics in incident response, ransomware targeting high-value organizations, the new SaaS cyber kill chain, browser-based attacks, network traffic monitoring, malware analysis in a programmable sandbox, and defending downstream oil and ICS infrastructure. Together they are a useful refresher on where detection coverage needs to reach in 2024 and beyond.

Key takeaways for MSSP and MDR operators

• •The platform sessions are a practical playbook for standing up and operating multi-tenant detection and response repeatably.
• •Productization and API-first thinking are framed as the levers that let a managed provider scale without scaling headcount.
• •The AI sessions focus on operator-controlled automation that reduces toil, not autonomous black boxes.
• •The threat-focused talks map where coverage needs to extend: SaaS, identity, browsers, OT, and forensic depth.

Browse the full MSSN CTRL 2024 playlist above, then bring the patterns that fit your operation to the team.