Took Hayden Covington’s Workshop on SOC Detection Engineering. This was all about treating your detection rules like software. We learned how to write Sigma rules mapped to the MITRE ATT&CK framework and how to manage them using version control. The concept of detection as code is really powerful. We covered how to set up a CI/CD pipeline to test rules against known malicious telemetry before pushing them to production. This skillset is essential for keeping the SOC focused on real threats instead of noise.