Chris Witter, D&R Leader at Spotify, on Running Highly Effective Teams at Scale
In this episode, Jack Naglieri chats with Christopher Witter (aka Witter),Engineering Manager, Detection & Response at Spotify and a founding member and former lead for Crowdstrike’s Falcon OverWatch managed hunting service.
Witter has nearly two decades of experience in incident response and information security, holding leadership roles on computer security and incident response teams (CSIRT) with both a top five global bank and a top ten defense contractor.
During this episode, Chris shares his behind the scenes experiences helping build the Falcon Overwatch Team at Crowdstrike, why it’s critical to measure queries in seconds, not minutes, his tips on running highly effective D&R teams at scale, and more!
Topics discussed:
- Witter’s experience as one of the first 100 people on the Falcon Overwatch Team at Crowdstrike
- Why the Overwatch team didn’t follow traditional SOC mentalities
- The various data sources Witter uses to improve accuracy and gather context
- How D&R is like going to court – telling the story around Who, What, Where, Why, How, to prove beyond a reasonable doubt that this incident happened
- Why Witter measures in seconds, not minutes and why timescale is critical
- Why it could be a mistake to choose cybersecurity tools based on financial capability and budget and what criteria should be considered instead
- Why Witter still believes in custom systems
- Witter’s rule of thumb that if a human does the same thing 10x manually, it should be automated
- Managing a remote D&R team and building psychological safety
- Witter’s advice for how others can get involved in the D&R community
- His 3 pieces of advice to build a high-performing D&R team at scale, including a focus on ‘Jack of all trades’ people, avoiding distractions, and why it’s critical to capture everything to improve search.
Related Podcasts

Kelly Jackson Higgins Discusses The Evolution of Cybersecurity
Kelly Jackson Higgins, Editor-in-Chief at Dark Reading, shares her thoughts about how cybersecurity and cyberthreats have changed over the years and what we can do to stay ahead of them. She also offers some great advice for businesses of all sizes.

Michael Hanley of GitHub on Why Security Needs Engineering, and Vice Versa
In this episode of the Detection at Scale, Jack speaks with Michael Hanley, Chief Security Officer and SVP of Engineering at GitHub. He also spent five years at Duo Security building their security program, and is passionate about making security easy and accessible for everyone.

Adeel Saeed on How to Move from A Reactive to a Proactive Threat Detection & Response Model
Adeel is an experienced technology strategist and digital transformation leader with extensive hands-on technology and information security management experience and has led multiple large scale complex technology transformation projects.