Recently, I participated in an internal journal (Ask Security), responsible for the core detection capabilities of threats, and I quickly built a set of capabilities from 4 perspectives, but the editor has been asking, what is the core detection capabilities, why the core detection capabilities, seriously, as an editor who does not understand network security, I really don't know why to build the core detection capabilities like this, saying that I can't connect the previous and the next, and the language is very abrupt.
AILX10
Excellent answerer in cybersecurity
Master's in Cybersecurity
Go to consult
For this reason, I often feel that no matter how good the ability is, the expression is not good, and the effect is also greatly reduced, I have also expressed my views on the future of threat detection in the overview of Zhihu live@ core detection capabilities, on the one hand, it is the cross-detection between cloud intelligence + network traffic + terminal behavior, and on the other hand, it is around ATT&CK to cover the capability set, but it is not clear.
Later, after a period of reflection and self-reflection, I feel that sometimes my output is not necessarily a good thing, because the time is the same, if you write more time, then the time to listen will become less, maybe you are really working hard, but the direction of the effort is not right, then no matter how hard you try, it is in vain, and there is inevitably a kind of sadness in the opposite direction, so I slowly began to listen to others and see others appreciate others