Canaries In The Wild

Andy sits down with Mandy Andress (CISO, Elastic) who has been working with deception technology since the early days of honeypots and honeynets.
Mandy brings a CISO's perspective on why canaries deserve a much larger role in modern security programs, and shares her views on how the fundamentals of detection are shifting as environments become more complex and threats evolve.

Timestamps:
00:00 Intro
02:05 Honeypots vs canaries—different objectives, different priorities
05:22 Why assume breach is foundational in modern security
10:45 High fidelity alerts: reducing time to investigation
15:50 Practical canary deployments—S3 buckets, file shares, and cloud accounts
18:30 No-code vulnerabilities and the coming security challenges
19:55 AI agents going rogue—using canaries as guardrails
22:11 What to communicate internally about your canary program
26:16 Best advice: just get started—it's simpler than you think (edited) 

What is Canaries In The Wild?

Conversations with security leaders and practitioners about their real-world experience of canaries and honeypots.

Our guests share tactics, detection stories, and lessons learned from production deployments - ranging from technical details to the role deception plays in their defensive strategy, we explore the reality of 'canaries in the wild'.

From the team at Tracebit.