Alex Kirk

Alex Kirk

Global Principal


company overview

Corelight brings the most capable open Network Detection and Response (NDR) platform for understanding and protecting your network.  It is built on open source, this means you will have open access to your metadata and the ability to customize and extend your capabilities together with a vibrant community.


A security industry veteran of 17 years, Alex has gone from writing IDS signatures and running malware sandboxes at Sourcefire to consulting with global brand-name customers on security architecture at Cisco, Tenable, and now Corelight. He speaks at hacker conferences and CISO events alike, with a focus on bringing abstract concepts to life through real-world examples.

Speech Topic & Synopses
An alert has fired. Now what?

Detections are at the forefront of the security industry, with vendors typically competing on the basis of which of them generates the most or best detections in their space. Without proper context for investigation, however, alerts lose value quickly – either because they can’t be verified at all, or because the process of understanding and acting on them is painfully slow. If SOCs want to keep pace with or even move one step ahead of attackers, they need tools that fuse detection and evidence to drive streamlined investigation and response.