Blogs

Thoughts, stories and ideas.

Security Operations

Why Detection Engineering Has Become an Impossible Job

Detection engineers are some of the most skilled practitioners in cybersecurity. They understand attacker behavior, log pipelines, query languages, and the operational realities of a SOC. And yet, many of them are burning out, falling behind, and losing confidence in the work they produce.

MITRE ATT&CK Coverage

MITRE ATT&CK is not Just a Checklist

MITRE ATT&CK should be treated as a foundation rather than a checklist to fully cover, because effective detection engineering requires layering each organization's unique environment, data sources, and infrastructure on top of the framework so that coverage reflects how that specific environment can actually be attacked.

Detection Lifecycle

The Unified Lifecycle of Threat Intelligence, Detection Engineering, Threat Hunting, and SOC Operations

Modern security programs do not fail because teams lack skill or tooling. They fail because the work is fragmented.

Detection-as-Code

Why We’re Managing Detections Like It’s 2005 Production Code

There’s an old lesson in engineering that shows up everywhere…from aviation, to distributed systems, to software infrastructure: when systems fail, they rarely fail because they were too simple.

Risk & Measurement

Vanity vs Real Metrics in Detection & Response

There are a number of metrics currently being used in detection and response. Many of them provide some measure of value, but they don’t show the entire picture. Others are truly vanity metrics.

Security Operations

GitHub Is Not the Goal

I'm going to say something that might ruffle some feathers in the detection engineering community. I wasted years optimizing for the wrong problem.

Your AI Detection Engineer for Continuous Security Validation

Book a Demo
© 2026 Rilevera, Inc. All rights reserved.