2025-10-25 –, Talk 2
Okta is at the heart of identity for many organizations, which also makes it a prime target for attackers. For security engineers, the real challenge isn’t just understanding Okta logs — it’s turning them into reliable detections that catch threats without overwhelming the SOC with noise.
This talk provides a hands-on roadmap for building Okta detections from the ground up. We’ll begin by breaking down the different types of Okta logs and classifying them into meaningful categories (authentication, application access, administrative actions, MFA events, etc.). From there, we’ll show how multiple log types can be grouped to reveal attack patterns such as account takeovers, suspicious MFA bypasses, or privilege escalations.
The core of the session focuses on the detection design process itself:
Researching and threat hunting to baseline your Okta environment.
Identifying the behaviors or signals you want to catch.
Mapping those behaviors back to specific log fields and event types.
Enriching with user, device, and IP context to reduce noise and add clarity.
Testing and tuning the detection to validate it in production.
Attendees will walk away not just knowing what data Okta provides, but how to use that data to design, build, and test an effective detection end-to-end. Whether you’re starting from zero or refining your existing Okta detections, this talk gives you a repeatable workflow for turning identity logs into actionable security signals.
Intermediate (security engineers, detection engineers, incident responders)
Fevin George is a Senior Security Engineer on the Detection and Response Team at Remitly, where he focuses on building and refining detections, leading incident response, and driving proactive threat hunting initiatives across cloud-native infrastructure. With a background in digital forensics and incident response (DFIR), Fevin has investigated over 400 ransomware, insider threat, APT/nation-state intrusion, and cloud breach cases during his time as a Senior Consultant at Charles River Associates. His work also included supporting ransomware negotiations and advising clients across healthcare, finance, education, and technology sectors.
Fevin holds a Master’s degree in Cybersecurity from the University of Maryland and a Bachelor’s in Computer Engineering from the University of Mumbai. He is a GIAC Certified Forensic Analyst (GCFA), Offensive Security Certified Professional (OSCP), and a recipient of the SANS Lethal Forensicator Coin.