Canaries In The Wild

Our latest episode features Kevin Conley, Team Lead and Principal Security Engineer of the Deception Technology team at Riot Games, who has built their canary program from the ground up over the past few years.

Kevin has spent years deploying and running deception at massive scale - protecting one of the world's largest gaming platforms with hundreds of millions of players. He brings practical experience from building the program and operating it day-to-day.

In this episode, Kevin breaks down why thinking like an attacker is fundamental to effective canary placement, how to measure deception program success, and the psychological impact of deception on attackers.

Timestamps:

00:00 Intro
01:32 Defining terms: canaries, decoys, honeypots, and deception
03:40 Kevin's journey to leading deception at Riot Games
05:40 Adopting an attacker's perspective: the fundamental mindset shift
07:46 Why benign positives validate your canary placement
08:50 Catching malicious activity and discovering unexpected environment usage
15:06 Measuring success: coverage and validation
17:59 Blind red team exercises and attacker awareness
20:02 The psychological power of deception on attackers
24:29 Catching attackers early in the attack chain
25:51 The ROI case: deploying where traditional tools can't reach
29:57 What to communicate internally about your deception program
38:35 Why the honeypots misconception hurts deception teams
39:46 Making the case: why every security team should use canaries
41:48 When to adopt deception in your security journey
43:58 The future of deception: redefining it as active defense
46:47 Closing 

What is Canaries In The Wild?

Conversations with security leaders and practitioners about their real-world experience of canaries and honeypots.

Our guests share tactics, detection stories, and lessons learned from production deployments - ranging from technical details to the role deception plays in their defensive strategy, we explore the reality of 'canaries in the wild'.

From the team at Tracebit.