Our latest episode features Kevin Conley, Team Lead and Principal Security Engineer of the Deception Technology team at Riot Games, who has built their canary program from the ground up over the past few years.
Kevin has spent years deploying and running deception at massive scale - protecting one of the world's largest gaming platforms with hundreds of millions of players. He brings practical experience from building the program and operating it day-to-day.
Deception Terminology
A common misconception gets addressed early in the conversation: that deception is just honeypots. Kevin explains how this narrow view does a disservice to what detection teams can accomplish, and shares his perspective on security canaries and the value they deliver.
Adopting an Attacker's Perspective
The fundamental mindset shift that made Riot's program effective centers on deploying canaries where attackers will actually look, even if this creates more benign positives from engineers. Kevin explains that they aren't always negative – they can help your team understand how an environment is being used, particularly when you see more than expected.
Measuring What Matters
Riot's approach to measuring success focuses on tracking coverage across infrastructure, then validating effectiveness through blind red team exercises. The goal is catching attackers as early in the attack chain as possible, before they exfiltrate data.
The psychological effect of deception
Kevin discusses how attackers may not even touch insecure real files if they're aware that deception is in place, creating a powerful deterrent effect.
Listen to Episode 4 here.
