Podcasts about SOC

Pour l'épisode #314 je recevais Vincent Maladiere. On en débrief avec Adnan.**Restez compliant !** Cet épisode est soutenu par Vanta, la plateforme de Trust Management qui aide les entreprises à automatiser leur sécurité et leur conformité. Avec Vanta, se mettre en conformité avec des standards comme SOC 2, ISO 27001 ou HIPAA devient plus rapide, plus simple, et surtout durable. Plus de 10 000 entreprises dans le monde utilisent déjà Vanta pour transformer leurs obligations de sécurité en véritable moteur de croissance.

The US and allies sanction Russian bulletproof hosting providers. The White House looks to sue states over AI regulations. The US Border Patrol flags citizens' “suspicious” travel patterns. Lawmakers seek to strengthen the SEC's cybersecurity posture. A new Android banking trojan captures content from end-to-end encrypted apps. A hidden browser API raises security concerns. Fortinet patches a zero-day. A Philippine former mayor gets life in prison for scam center human trafficking. Our guest is Cliff Crosland, CEO and Co-founder at Scanner.dev, discussing why security data lakes are ideal for AI in the SOC. Green energy gets hijacked for a blockchain side-hustle.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Cliff Crosland, CEO and Co-founder at Scanner.dev, discussing why security data lakes are ideal for AI in the SOC. Listen to Cliff's full conversation here. Selected Reading Russian bulletproof hosting provider sanctioned over ransomware ties (Bleeping Computer) White House drafts order directing Justice Department to sue states that pass AI regulations (Washington Post) Border Patrol is monitoring US drivers and detaining those with 'suspicious' travel patterns (Associated Press) Lawmakers reintroduce bill to bolster cybersecurity at Securities and Exchange Commission (The Record) Multi-threat Android malware Sturnus steals Signal, WhatsApp messages (Bleeping Computer) Hidden API in Comet AI browser raises security red flags for enterprises (CSO Online) Eternidade Stealer Trojan Fuels Aggressive Brazil Cybercrime (Infosecurity Magazine) Fortinet Patches Actively Exploited FortiWeb Zero Day Flaw (HIPAA Journal) Ex-Philippine mayor Alice Guo given life sentence for human trafficking (Reuters) Wind farm worker sentenced after turning turbines into a secret crypto mine (Bitdefender) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, I was lucky enough to interview Andy Kochanowski, founder and CEO of Alerify, a data center based in Harrisburg, Pennsylvania. Andy shares his journey from a 30-year career in corporate America, including service in the Navy, to taking the leap into entrepreneurship. He explains how Alerify serves a niche market of small and medium-sized businesses seeking secure, localized data storage through co-location and virtual private cloud solutions, providing a personal, hands-on approach that sets them apart from the hyperscale public cloud providers.Andy also dives into the process of acquiring and revitalizing Alerify, from conducting meticulous due diligence to investing in infrastructure improvements, achieving SOC 2 compliance, and building a strong local network. He discusses early client wins, including iHeart Media, and shares his approach to leveraging AI at the edge for private, secure data processing. Along the way, he offers advice for aspiring business owners about finding the right opportunity, valuing culture alignment, and starting local before scaling. Tune in to Andy's story as he highlights the blend of strategic planning, technical expertise, and human connection that drives his company's growth in this episode of The First Customer!Guest Info:Alerifyhttps://www.alerify.com/Andy Kochanowski's LinkedInhttps://www.linkedin.com/in/andrew-p-kochanowski-ph-d/Connect with Jay on LinkedInhttps://www.linkedin.com/in/jayaigner/The First Customer Youtube Channelhttps://www.youtube.com/@thefirstcustomerpodcastThe First Customer podcast websitehttps://www.firstcustomerpodcast.comFollow The First Customer on LinkedInhttp://www.linkedin.com/company/the-first-customer-podcast/

Incident responder and SOC analyst Alante Pritchett joins the Stats On Stats crew to talk about breaking into cybersecurity, transitioning from government contracting to the private sector, and how gaming, Discord communities, and mentorship shape his approach to helping others enter the field. Co-host Joshua Davis adds insights from government tech as they compare offensive vs. defensive security, discuss burnout, and offer practical guidance for newcomers.Guest Connect: Alante PritchettLinkedIn: https://www.linkedin.com/in/alante-pritchett-0b1666140/Stats on Stats ResourcesCode & Culture: https://www.statsonstats.io/flipbooks    | https://www.codeculturecollective.io  Merch: https://www.statsonstats.io/shop   LinkTree: https://linktr.ee/statsonstatspodcast   Stats on Stats Partners & AffiliatesIntelliCON 2026Website: https://www.intelliguards.com/intellic0n-speakersRegister: www.eventbrite.com/e/1497056679829/?discount=STATSONSTATSUse Discount Code: "STATSONSTATS" for 30% offAntisyphon TrainingWebsite: https://www.antisyphontraining.com   MAD20 TrainingWebsite: https://mad20.io   Discount Code: STATSONSTATS15Ellington Cyber Academy: https://kenneth-ellington.mykajabi.com   Discount Code: STATSONSTATSKevtech AcademyWebsite: https://www.kevtechitsupport.com   Dream Chaser's Coffee Website: https://dreamchaserscoffee.com   Discount code: STATSONSTATSPodcasts We LikeDEM Tech FolksWebsite: https://linktr.ee/developeverymind   IntrusionsInDepthWebsite: https://www.intrusionsindepth.com  -----------------------------------------------------Episode was shot and edited at BlueBox Studio Tampahttps://blueboxdigital.com/bluebox-studio/

Got a question or comment? Message us here!A new zero-day. 63 flaws. Endless patching chaos. This week's #SOCBrief breaks down Microsoft's November Patch Tuesday and what it means for your SOC. We'll cover the top critical CVEs, patching priorities, and how to keep your systems resilient before attackers strike.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

"La performance, c'est pas juste un benchmark dans un coin, c'est un vrai sujet d'équipe qui doit se traiter tout au long du cycle de développement." Le D.E.V. de la semaine est Adrien Cacciaguerra, cofondateur de CodSpeed. Ensemble, on plonge dans la performance logicielle, un sujet souvent relégué au second plan par les devs mais qui devient vite central quand le code rame en prod. Adrien partage les raisons qui l'ont poussé à créer CodSpeed pour aider les équipes à éviter les régressions et fiabiliser leurs déploiements. On explore l'intégration des tests de performance dans la CI/CD, les galères des environnements partagés et l'évolution des pratiques avec l'arrivée de l'IA et des LLM. Un échange nourri d'anecdotes, de conseils terrain et d'une vision lucide sur l'avenir de la perf et des outils.Chapitrages00:00:53 : Introduction à la performance00:01:13 : La genèse de CodSpeed00:05:34 : Optimisation des performances en CI00:07:52 : Environnement de test et métriques00:11:17 : Défis et solutions pour les bases de données00:14:36 : Mesurer la performance : enjeux et méthodes00:18:26 : L'impact des LLM sur la performance00:20:00 : Micro-optimisation vs. performance globale00:22:16 : Évaluer les tendances de performance00:25:04 : Outils de profiling et apprentissage pour les devs00:30:29 : Intégration de CodSpeed dans les langages00:32:27 : Variabilité des tests en environnement CI00:39:07 : Défis des systèmes distribués00:41:26 : L'avenir des performances avec les LLM00:48:41 : Conclusion et recommandations Liens évoqués pendant l'émission Chaine YT: Code Aesthetic **Restez compliant !** Cet épisode est soutenu par Vanta, la plateforme de Trust Management qui aide les entreprises à automatiser leur sécurité et leur conformité. Avec Vanta, se mettre en conformité avec des standards comme SOC 2, ISO 27001 ou HIPAA devient plus rapide, plus simple, et surtout durable. Plus de 10 000 entreprises dans le monde utilisent déjà Vanta pour transformer leurs obligations de sécurité en véritable moteur de croissance.

Goodnature CEO Dave Shoemack has had one of the more unusual startup careers you will hear about. From big beer at Heineken HQ, to helping turn VanMoof into the “Tesla of e-bikes” in Amsterdam, to leading Wellington trap-maker Goodnature and living with a founder at home through natural perfume brand Abel.In this episode of Startup Theatre, Troy and Serge sit down with Dave to talk about building global hardware companies from tiny teams, dealing with bankruptcy and rebirth, and why focus and courage matter more than almost anything else.You will hear:The inside story of VanMoof's rise, the brave anti-car ad that was banned in France, and what it felt like to watch the company go bankrupt after he leftHow Dave walked away from a cushy global role at Heineken, battled crippling imposter syndrome, and learned to love “lobster moments” where growth only comes from discomfortWhy VanMoof eventually doubled down on one bike, one audience, and one moment, and how that extreme focus translated directly into brand powerThe move back to Wellington, joining Goodnature's board then stepping up as CEO, and what it is really like to manufacture smart, humane traps 100 metres from the Basin Reserve and ship them to the worldDinner-table startup life with his wife Frances, founder of natural perfume house Abel, and the difference between pioneers who start things and settlers who grow themHow Goodnature keeps “founder chaos” alive in a 20-year-old company, and why Kiwi companies should stop selling out too earlyIn a new “Behind the Curtain” explainer segment, Serge also breaks down ESOPs and share options:What ESOP and options actually are, and why most employees do not receive real shares up frontHow vesting, cliffs, good leaver and bad leaver provisions work in New ZealandWhat happens to your options if the company sells early, or you leaveWhen tax hits, how net settlement usually works, and whether ESOP is really “worth it”Practical advice on negotiating salary first, then treating options as upside rather than your base payFinally, Troy and Serge answer audience questions, talk through the new Behind the Curtain segment, and explain how you can be in the draw for a $1,000 Prezi card as they work towards the 100th episode.Sponsor:This episode is brought to you by Vanta. If you are starting or scaling your security programme, Vanta automates compliance for ISO 27001, SOC 2, and more.Get USD $1,000 off at: vanta.com/startuptheaterLinks from this episode:Goodnature: https://goodnature.co.nzVanMoof: https://www.vanmoof.comAbel fragrance: https://abelodor.com

Quando um ataque acontece, não importa o quão sofisticado seja o plano no papel. Importa se ele funciona sob pressão. No Redcast #102, Eduardo Lopes, CEO da Redbelt Security, e Marcos Sena, gerente de SOC, conversam com Cleber Ferreira, CISO na Klabin, e João Teodoro, CIO na TP, sobre pontos críticos: ➡ Por que planos bem escritos não garantem recuperação rápida? ➡ Como reduzir a distância entre intenção e execução? ➡ O que realmente significa estar preparado quando cada hora custa milhões? Este episódio é sobre resiliência na prática e como mitigar a distância entre intenção e prática. Assista agora!

*Are we finally reaching Peak eVTOL? Jason and Alex on Joby's big Abu Dhabi moves and Archer's purchase of LA's Hawthorne Airport.On a PACKED Monday TWiST, Jason is BACK from MENA and Tokyo. Hear tales from his whirlwind trips launching new Founder University satellite programs… and find out why construction and fintech are BOOMING across the Middle East.PLUS Ramp raised $300M… here's why Alex calls the round “pretty baller.” We question why AI companies are growing SO MUCH FOUNDER than their SaaS counterparts. We're digging into the Problem with Dropbox.AND we're saying goodbye to KitKat, the beloved SF bodega cat who was reportedly run over by a Waymo. Here's why Jason's not too broken up about it (but he's JUST JOKING!)

Marco Rodrigues was born and raised in Canada, but now lives in the Bay Area. His tech genesis was around the time when the internet came out, when he spent an entire summer indoors, worrying his mother. He eventually attended university in Toronto, and went to work for Juniper Networks. Past that, he went towards the startup world - running product teams, and taking part in the ownership and selling of solutions and service offerings. Outside of tech, he is married with twin girls in the Naval Cadet Core. He is a big hockey nut, rooting for the Edmonton Oilers, and enjoys taking his kids to hockey rinks all over the world.Marco spent many years watching his teams drown in data and tooling. The situations were more complex, but the outcomes weren't getting better. He started to consider the advent of AI, and asked the question - how do we solve these sorts of problems with an agentic SOC platform?This is the creation story of Exaforce.SponsorsIncogniNordProtectVentionCodeCrafters helps you become a better engineer by building real-world, production-grade projects. Learn hands-on by creating your own Git, Redis, HTTP server, SQLite, or DNS server from scratch. Sign up for free today using this link and enjoy 40% off.Full ScalePaddle.comSema SoftwarePropelAuthPostmanMeilisearchLinkshttps://www.exaforce.com/https://www.linkedin.com/in/marcorodrigues1/Our Sponsors:* Check out Incogni: https://incogni.com/codestory* Check out NordVPN: https://nordprotect.com/codestorySupport this podcast at — https://redcircle.com/code-story-insights-from-startup-tech-leaders/donationsAdvertising Inquiries: https://redcircle.com/brandsPrivacy & Opt-Out: https://redcircle.com/privacy

How do you establish trust in an AI SOC, especially in a regulated environment? Grant Oviatt, Head of SOC at Prophet Security and a former SOC leader at Mandiant and Red Canary, tackles this head-on as a self-proclaimed "AI skeptic". Grant shared that after 15 years of being "scared to death" by high-false-positive AI, modern LLMs have changed the game .The key to trust lies in two pillars: explainability (is the decision reasonable?) and traceability (can you audit the entire data trail, including all 40-50 queries?) . Grant talks about yje critical architectural components for regulated industries, including single-tenancy , bring-your-own-cloud (BYOC) for data sovereignty , and model portability.In this episode we will be comparing AI SOC to traditional MDRs and talking about real-world "bake-off" results where an AI SOC had 99.3% agreement with a human team on 12,000 alerts but was 11x faster, with an average investigation time of just four minutes .Guest Socials -⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠Grant's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠(00:00) Introduction(02:00) Who is Grant Oviatt?(02:30) How to Establish Trust in an AI SOC for Regulated Environments(03:45) Explainability vs. Traceability: The Two Pillars of Trust(06:00) The "Hard SOC Life": Pre-AI vs. AI SOC(09:00) From AI Skeptic to AI SOC Founder: What Changed? (10:50) The "Aha!" Moment: Breaking Problems into Bite-Sized Pieces(12:30) What Regulated Bodies Expect from an AI SOC(13:30) Data Management: The Key for Regulated Industries (PII/PHI) (14:40) Why Point-in-Time Queries are Safer than a SIEM (15:10) Bring-Your-Own-Cloud (BYOC) for Financial Services (16:20) Single-Tenant Architecture & No Training on Customer Data (17:40) Bring-Your-Own-Model: The Rise of Model Portability (19:20) AI SOC vs. MDR: Can it Replace Your Provider? (19:50) The 4-Minute Investigation: Speed & Custom Detections (21:20) The Reality of Building Your Own AI SOC (Build vs. Buy)(23:10) Managing Model Drift & Updates(24:30) Why Prophet Avoids MCPs: The Lack of Auditability (26:10) How Far Can AI SOC Go? (Analysis vs. Threat Hunting)(27:40) The Future: From "Human in the Loop" to "Manager in the Loop" (28:20) Do We Still Need a Human in the Loop? (95% Auto-Closed) (29:20) The Red Lines: What AI Shouldn't Automate (Yet) (30:20) The Problem with "Creative" AI Remediation(33:10) What AI SOC is Not Ready For (Risk Appetite)(35:00) Gaining Confidence: The 12,000 Alert Bake-Off (99.3% Agreement) (37:40) Fun Questions: Iron Mans, Texas BBQ & SeafoodThank you to Prophet Security for sponsoring this episode.

In this engaging episode of MSP Business School, host Brian Doyle welcomes Beau Butaud from Render Compliance. Beau shares his insights on navigating the complex world of SOC 2 compliance, emphasizing the importance of aligning SOC 2 audits with customer requirements and industry standards. With the rising demand for security and compliance in the MSP community, this episode is a deep dive into the nuances of governance, risk, and compliance that are critical for businesses handling sensitive data. The conversation begins with Beau's professional journey, highlighting his decision to establish Render Compliance to improve audit processes. The discussion transitions into practical insights on preparing for SOC 2 audits, where Beau advises on the significance of understanding scoping requirements and differentiating between Type 1 and Type 2 examinations. The episode further explores the pivotal role of policies and the evolving tech landscape's impact on data governance, offering listeners valuable perspectives on building effective controls and managing compliance challenges. Brian and Beau's dialogue underscores the strategic importance of SOC 2 readiness and operational excellence in safeguarding client data and reinforcing trust. Key Takeaways: Understanding SOC 2 Importance: Businesses should pursue SOC 2 compliance to meet client demands and protect sensitive data, with a clear understanding of the requirements and benefits. Audit Scoping: Defining a precise scope is crucial to ensure an effective SOC 2 audit process, and may involve a mix of system scopes and control definitions tailored to business operations. Policy Evolution: Regular policy reviews are essential to align with technological changes and ensure that data management practices remain relevant and effective. Collaborative Auditing: A good auditor provides guidance on expectations and gaps, enabling businesses to implement necessary changes and achieve compliance. Boutique Audit Advantages: Working with smaller firms like Render Compliance offers personalized service focused on quality and efficiency, helping first-time SOC 2 participants navigate the process smoothly. Guest Name: Beau Butaud LinkedIn page: https://www.linkedin.com/in/beaubutaud/ Company: Render Compliance Website: https://rendercompliance.com/ Show Website: https://mspbusinessschool.com/ Host Brian Doyle: https://www.linkedin.com/in/briandoylevciotoolbox/ Sponsor vCIOToolbox: https://vciotoolbox.com

un avocat

Guests: Alexander Pabst, Deputy Group CISO, Allianz Lars Koenig,  Global Head of D&R, Allianz  Topics:  Moving from traditional SIEM to an agentic SOC model, especially in a heavily regulated insurer, is a massive undertaking. What did the collaboration model with your vendor look like?  Agentic AI introduces a new layer of risk - that of unconstrained or unintended autonomous action. In the context of Allianz, how did you establish the governance framework for the SOC alert triage agents? Where did you draw the line between fully automated action and the mandatory "human-in-the-loop" for investigation or response? Agentic triage is only as good as the data it analyzes. From your perspective, what were the biggest challenges - and wins - in ensuring the data fidelity, freshness, and completeness in your SIEM to fuel reliable agent decisions? We've been talking about SOC automation for years, but this agentic wave feels different. As a deputy CISO, what was your primary, non-negotiable goal for the agent? Was it purely Mean Time to Respond (MTTR) reduction, or was the bigger strategic prize to fundamentally re-skill and uplevel your Tier 2/3 analysts by removing the low-value alert noise? As you built this out, were there any surprises along the way that left you shaking your head or laughing at the unexpected AI behaviors? We felt a major lack of proof - Anton kept asking for pudding - that any of the agentic SOC vendors we saw at RSA had actually achieved anything beyond hype! When it comes to your org, how are you measuring agent success?  What are the key metrics you are using right now? Resources: EP238 Google Lessons for Using AI Agents for Securing Our Enterprise EP242 The AI SOC: Is This The Automation We've Been Waiting For? EP249 Data First: What Really Makes Your SOC 'AI Ready'? EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI "Simple to Ask: Is Your SOC AI Ready? Not Simple to Answer!" blog "How Google Does It: Building AI agents for cybersecurity and defense" blog Company annual report to look for risk "How to Win Friends and Influence People" by Dale Carnegie "Will It Make the Boat Go Faster?" book

Subo Guha is the senior vice president of product at Stellar Cyber. In this episode, he joins host Charlie Osborne to discuss autonomous SOC and artificial intelligence, including what's next for organizations, what businesses need to know, and more. This episode is sponsored by Stellar Cyber. To learn more, visit https://stellarcyber.ai.

In this episode of Technology Reseller News, Doug Green interviews Lyle Pratt, Founder & CEO of Vida.io, following the company's announcement of a $4 million Series A funding round—a major milestone marking rapid growth, platform maturity, and expanding traction across MSPs, SaaS vendors, and business software providers. Pratt explains that Vida.io is an AI Agent Operating System for business, designed to help companies deploy, manage, monitor, and scale AI agents that perform real work across voice, SMS, email, and web chat. While many products offer a chatbot or voice agent, Vida.io delivers the full operational backbone required for real-world use: observability, SOC 2/HIPAA compliance, billing-as-a-service, UI components, and detailed interaction scoring. Since the last podcast, Vida.io has grown dramatically, surpassing 100 million AI agent interactions and onboarding a rapidly expanding network of partners. Initially focused on MSPs, the platform is now widely adopted by SaaS companies that embed AI agent capabilities directly into their vertical applications—roofing, moving, and other SMB-focused sectors—bringing instant scale to Vida.io's distribution. A key breakthrough discussed in the interview is Vida.io's ability to deliver low-latency, high-intelligence voice agents that reliably meet real-world customer experience expectations. “If latency is off even slightly, users get frustrated. We had to solve that,” Pratt notes. The result: AI agents that in many cases outperform humans, including one customer reporting 40% more meetings booked compared to human-based calling teams. Vida.io's partner program remains the company's primary growth engine. MSPs are now using AI agents to capture revenue from call flows they previously handed off to outsourced call centers—often redirecting hundreds of thousands of monthly minutes back into their own billing. The platform also supports direct SIP registration, enabling AI agents to function as standard PBX extensions across NetSapiens, Broadsoft, Metaswitch, and other systems widely deployed by MSPs. Pratt emphasizes that the AI revolution is fundamentally redefining UCaaS and business communications: “When the price of intelligence approaches zero, the entire enterprise software ecosystem transforms.” Even if LLM progress froze today, he argues, the impact on communications and business automation would still be historic. As the industry approaches 2026, Pratt sees a major new revenue frontier for MSPs—one that doesn't require deep AI expertise but does require timely action. Vida.io provides the tools to make AI agent deployment fast, repeatable, and profitable. To learn more or join the partner program, visit https://vida.io/. Software Mind Telco Days 2025: On-demand online conference Engaging Customers, Harnessing Data

Richardson Dackam, a solo developer known for rapidly creating AI-first SaaS products, shared insights into his development process during a recent episode of the Business of Tech. Dackam emphasizes the importance of identifying manageable problems that can be solved quickly, which he refers to as "done for you ideas." His approach involves extensive research to create a Product Requirement Document (PRD) and context engineering for AI agents, enabling him to build prototypes in a matter of hours or days. He leverages various services, such as Magic Link for authentication and Superbase for databases, to streamline his workflow.Dackam's success is exemplified by his application, 8nodes, which serves as a workflow generator for N8n, currently attracting around 500 users. He utilizes multiple distribution channels, including his YouTube channel and contributions to AI communities, to promote his tools. Although 8nodes is not yet generating revenue, Dackam is focused on improving the product's speed, which he identifies as a critical pain point for users. He tracks user engagement metrics daily to inform his optimization efforts.The episode also addresses the balance between rapid prototyping and maintaining product reliability and compliance. Dackam asserts that he builds with an SOC 2 compliance mindset, ensuring that user data is handled securely. He discusses the challenges of scalability and uptime, noting that he relies on services like AWS and Vercel to manage these aspects effectively. By separating his landing page from the application, he ensures that marketing efforts remain uninterrupted even if the app experiences downtime.For Managed Service Providers (MSPs) and IT service leaders, Dackam's approach highlights the potential for rapid development cycles while maintaining a focus on security and compliance. His insights into the challenges of integrating AI into business processes underscore the need for organizations to understand their workflows before adopting automation solutions. As businesses navigate the complexities of AI deployment, the emphasis on iterative improvement and user feedback can inform strategies for successful product development and market fit.

In this episode of Defender Fridays, we talk to Alec Fenton, VP Security Operations at Foresite Cybersecurity, practical career advice for defenders, SOC metrics that actually matter and AI in security operations.Join the Defender Fridays community, live every Friday, to discuss the dynamic world of information security in a collaborative space with seasoned professionals.Alec is a seasoned Cyber Security professional with over 15 years of extensive experience across many IT domains. With a career spanning more than a decade, Alec has honed his expertise in addressing a broad spectrum of cybersecurity challenges, leveraging his analytical prowess and hands-on approach to leadership.Throughout his career, Alec has navigated the intricate landscape of IT security, working across various sectors including managed service providers and private companies. His tenure as an analyst in the cybersecurity space has not only equipped him with a deep understanding of emerging threats and vulnerabilities but has also shaped his leadership philosophy of "lead from the front."Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Il y a 3 ans, dans l'épisode #175 je recevais Geoffrey Métais. 3 ans plus tard, nous faisons une refacto de l'épisode !**Restez compliant !** Cet épisode est soutenu par Vanta, la plateforme de Trust Management qui aide les entreprises à automatiser leur sécurité et leur conformité. Avec Vanta, se mettre en conformité avec des standards comme SOC 2, ISO 27001 ou HIPAA devient plus rapide, plus simple, et surtout durable. Plus de 10 000 entreprises dans le monde utilisent déjà Vanta pour transformer leurs obligations de sécurité en véritable moteur de croissance.

Send us a textMeet Rapid7's Deral Heiland—a self-described “visual historian” who balances high-tech research with hands-on artifacts from Roman coins to Civil War relics

Got a question or comment? Message us here!This week, we're digging into a case where ransomware negotiators allegedly became the attackers themselves, leveraging insider access to hit organizations they were supposed to help. This one raises real questions about trust, vendor oversight, and the human element in incident response. We break down what happened and what SOC teams can take away from it.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

In this episode of Great Leaders UK, we are joined by Julia Weimer, Director of Solution Engineering UKI at Wiz, to discuss the critical, often underutilized role of pre-sales in driving elite sales execution. Julia shares her unique journey from Security Analyst in a SOC to leading a high-performing SE team , emphasizing why Sales Engineers must be viewed as equal business partners to Account Executives, not just technical support. She walks us through the importance of symbiotic relationships , leveraging structure like MEDDIC , and the power of empowering SEs to build technical champions.

"Avec l'IA, on a un multiplicateur de puissance, mais il faut garder une approche structurée et prudente." Le D.E.V. de la semaine est Benoît Larroque, CTO chez Konvu. Avec l'IA, la cybersécurité est entrée dans une nouvelle dimension où la détection et la correction des vulnérabilités peuvent enfin rattraper le rythme effréné de leur apparition. Benoît détaille comment l'intelligence artificielle permet de filtrer et prioriser efficacement les failles, tout en rappelant l'exigence cruciale de vérifications humaines pour éviter les faux positifs. Il insiste sur le feedback continu et la vigilance indispensable face à la rapidité des évolutions. Un échange lucide sur les apports réels et les nouvelles limites de la cyber à l'ère de l'IA.Chapitrages00:00:53 : Introduction à la Cybersécurité00:01:17 : L'Impact de l'IA sur la Cybersécurité00:02:51 : Avant l'IA : Une Autre Époque00:05:01 : Transformation grâce à l'IA00:05:55 : Humanisation du Processus00:07:01 : Simplification des Tâches00:08:45 : La Gestion des Vulnérabilités00:11:06 : Analyse des Composants Logiciels00:12:29 : La Complexité des Mises à Jour00:13:56 : Approche de Validation Manuelle00:17:30 : Détection des Vulnérabilités par l'IA00:20:53 : Nouvelles Méthodes d'Attaque00:25:33 : Gestion des Risques de Sécurité00:29:26 : Optimisation de l'Effort de Sécurité00:36:08 : L'utilisation des LLM00:43:52 : SAST et Prompt Injection00:49:45 : Recommandations de Lecture00:50:11 : Conclusion et Remerciements Liens évoqués pendant l'émission Designing Data Intensive ApplicationsRelease It! **Restez compliant !** Cet épisode est soutenu par Vanta, la plateforme de Trust Management qui aide les entreprises à automatiser leur sécurité et leur conformité. Avec Vanta, se mettre en conformité avec des standards comme SOC 2, ISO 27001 ou HIPAA devient plus rapide, plus simple, et surtout durable. Plus de 10 000 entreprises dans le monde utilisent déjà Vanta pour transformer leurs obligations de sécurité en véritable moteur de croissance.

When “Normal” Doesn't Work: Rethinking Data and the Role of the SOC AnalystMonzy Merza, Co-Founder and CEO of Crogl, joins Sean Martin and Marco Ciappelli to discuss how cybersecurity teams can finally move beyond the treadmill of normalization, alert fatigue, and brittle playbooks that keep analysts from doing what they signed up to do—find and stop bad actors.Merza draws from his experience across research, security operations, and leadership roles at Splunk, Databricks, and one of the world's largest banks. His message is clear: the industry's long-standing approach of forcing all data into one format before analysis has reached its limit. Organizations are spending millions trying to normalize data that constantly changes, and analysts are paying the price—buried under alerts they can't meaningfully investigate.The conversation highlights the human side of this issue. Analysts often join the field to protect their organizations, but instead find themselves working on repetitive tickets with little context, limited feedback loops, and an impossible expectation to know everything—from email headers to endpoint logs. They are firefighters answering endless 911 calls, most of which turn out to be false alarms.Crogl's approach replaces that normalization-first mindset with an analyst-first model. By operating directly on data where it lives—without requiring migration or schema alignment—it allows every analyst to investigate deeper, faster, and more consistently. Each action taken by one team member becomes shared knowledge for the next, creating an adaptive, AI-driven system that evolves with the organization.For CISOs, this means measurable consistency, auditability, and trust in outcomes. For analysts, it means rediscovering purpose—focusing on meaningful investigations instead of administrative noise.The result is a more capable, connected SOC where AI augments human reasoning rather than replacing it. As Merza puts it, the new normal is no normalization—just real work, done better.Watch the full interview and product demo: https://youtu.be/7C4zOvF9sdkLearn more about CROGL: https://itspm.ag/crogl-103909Note: This story contains promotional content. Learn more.GUESTMonzy Merza, Founder and CEO of CROGL | On LinkedIn: https://www.linkedin.com/in/monzymerza/RESOURCESLearn more and catch more stories from CROGL: https://www.itspmagazine.com/directory/croglBrand Spotlight: The Schema Strikes Back: Killing the Normalization Tax on the SOC: https://brand-stories-podcast.simplecast.com/episodes/the-schema-strikes-back-killing-the-normalization-tax-on-the-soc-a-corgl-spotlight-brand-story-conversation-with-cory-wallace [Video: https://youtu.be/Kx2JEE_tYq0]Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Spotlight Brand Story: https://www.studioc60.com/content-creation#spotlight Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Breaking Free from Data Normalization: A Smarter Path for Security TeamsTraditional security models were built on a simple idea: collect data, normalize it, and analyze it. But as Director of Product Marketing Cory Wallace explains in this conversation with Sean Martin, that model no longer fits the reality of modern security operations. Data now lives across systems, clouds, and lakes—making normalization an inefficient, error-prone step that slows teams down and risks critical blind spots.Rethinking How Analysts Work with DataCory describes how schema drift, inconsistent field naming, and vendor-specific query languages have turned the analyst's job into a maze of manual mapping and guesswork. Each product update or schema change introduces a chance to miss something important—something an attacker is counting on. Crogl's new patent eliminates this problem by enabling search and correlation across unnormalized data, creating a unified analytical view without forcing everything into one rigid format.From Data Chaos to Analyst EmpowermentThis shift isn't just technical—it's cultural. Instead of treating SOC analysts as passive alert closers, Crogl's model empowers them with meaningful context from the start. Alerts now come with historical data, cross-referenced fields, and prebuilt queries, giving analysts the information they need to make decisions faster and more confidently.Efficiency with IntelligenceWallace explains how this approach saves time, reduces training burdens, and cuts dependency on multiple query languages. It helps overworked teams move from reactive triage to proactive investigation. By removing unnecessary layers of data transformation, organizations can accelerate incident resolution, minimize risk, and help analysts focus on what matters most—catching what others miss.At its core, the conversation highlights how removing the barriers of data normalization can redefine what's possible in modern security operations.Watch the full interview: https://youtu.be/Kx2JEE_tYq0Learn more about CROGL: https://itspm.ag/crogl-103909Note: This story contains promotional content. Learn more.GUESTCory Wallace, Director of Product Marketing at CROGL | On LinkedIn: https://www.linkedin.com/in/corywallacecrogl/RESOURCESLearn more and catch more stories from CROGL: https://www.itspmagazine.com/directory/croglPress Release: https://www.globenewswire.com/news-release/2025/11/05/3181815/0/en/Crogl-Granted-Patent-for-Analyzing-Non-Normalized-Data-for-Security.htmlForbes Article: https://www.forbes.com/sites/justinwarren/2025/11/05/tackling-cybersecurity-data-sprawl-without-normalizing-everything/LinkedIn Post: https://www.linkedin.com/posts/activity-7391913358817517569-QaCHAre you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Spotlight Brand Story: https://www.studioc60.com/content-creation#spotlight Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode of Resilient Cyber, I sit down with Kamal Shah, Cofounder and CEO at Prophet Security, to discuss the State of AI in SecOps. There continues to be a tremendous amount of excitement and investment in the industry around AI and cybersecurity, with Security Operations (SecOps) arguably seeing the most investment among the various cybersecurity categories.Kamal and I will walk through the actual state of AI in SecOps, how AI is impacting the future of the SOC, what hype vs. reality is, and much more.

-Broadcom and a company called CAMB.AI are teaming up to bring on-device audio translation to a chipset. This would allow devices that use the SoC to complete translation, dubbing and audio description tasks without having to dip into the cloud. -Next year will see the end arrive for two of Facebook's external social plugins. The platform's Like button and Share button for third-party websites will be discontinued on February 10, 2026. -Ford may be on the verge of sunsetting the F-150 Lightning truck. The model is an electric pick-up truck, and the best-selling one in the US, but the publication cited Ford execs who said the company would consider halting production completely on the F-150 Lightning. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Longitudinal studies of how an individual's accent changes over the course of their life are hard to come by. Fortunately, Taylor Swift's decade-plus career-- and the numerous interviews she's given over those years-- has opened a window into our understanding of how and why dialect changes may occur on an individual level. We talk to Miski Mohamed and Matthew Winn (University of Minnesota) about their work analyzing the shifts in Taylor Swift's speech over the years.Associated paper:- Miski Mohamed and Matthew B. Winn. "Acoustic analysis of Taylor Swift's dialect changes across different eras of her career." J. Acoust. Soc. Am. 158, 2278–2289 (2025). https://doi.org/10.1121/10.0039052Read more from The Journal of the Acoustical Society of America (JASA).Learn more about Acoustical Society of America Publications.Music Credit: Min 2019 by minwbu from Pixabay. 

Institutions chose Chainlink and there's a $70B reason why.In this episode, we sit down with Sergey Nazarov, co-founder of Chainlink, to discuss why Chainlink stayed online when AWS went down, how the digital transfer agent unlocks tokenized assets, and why DeFi and TradFi will merge into one system powered by smart contracts.We discuss:- Why Chainlink stayed online when AWS went down- The digital transfer agent unlocking tokenized assets- UBS & Central Bank of Brazil live transactions- Institutional smart contracts explained- How DeFi and TradFi will merge into one system- The 363 days vs the 2 days that matter- Why Chainlink is ISO & SOC compliant00:00 Intro00:37 Near Ad01:28 Why Chainlink Stayed Online When AWS Went Down02:04 The Digital Transfer Agent Unlocking Tokenized Assets04:38 UBS & Central Bank of Brazil: Live Institutional Transactions06:37 Institutional Smart Contracts Explained10:13 Relay Ad, Talus Ad, Hibachi Ad10:55 Telus & Hibachi Ads11:58 How DeFi and TradFi Merge Into One System16:02 The 363 Days vs The 2 Days That Matter18:56 Why Chainlink Is ISO & SOC Compliant21:22 Enso Ad, Alvara Ad22:56 Build & Alvar Ads24:20 Institutional Security & Compliance Standards27:45 The Digital Asset Revolution Already StartedWebsite: https://therollup.co/Spotify: https://open.spotify.com/show/1P6ZeYd...Podcast: https://therollup.co/category/podcastFollow us on X: https://www.x.com/therollupcoFollow Rob on X: https://www.x.com/robbie_rollupFollow Andy on X: https://www.x.com/ayyyeandyJoin our TG group: https://t.me/+TsM1CRpWFgk1NGZhThe Rollup Disclosures: https://therollup.co/the-rollup-discl

Ask Me Anything: vCISO Strategy, IR, and Cyber Leadership | DailyCyber 279 ~ Watch Now ~In this AMA edition of DailyCyber, we go deep on what's actually happening in cybersecurity leadership today.From emotional regulation in the SOC to unapproved AI tools in the workplace, this episode unpacks the real conversations CISOs and vCISOs are having behind closed doors.

In this episode, James talks to Charles Herring about what happens when an IT wizard runs away to join the Navy, works on fighter jets, and then gets thrown into cybersecurity right after 9/11? He shares his unconventional journey from the Wild West days of network defense—complete with fighting worms with worms—to being CISO during the Target breach. Plus: why trauma creates silos, why your SOC is like throwing receipts in garbage bags, and what it takes to build a "good neighborhood" in cybersecurity.

In this episode of the @Endace, Packet Forensic Files, Michael Morris chats with Steve Fink, CTO and CISO of Secure Yeti and architect of the SOCs for Black Hat, RSA Conference, and Cisco Live, for an in-depth look at building effective Security Operations Centers (SOCs). With 26 years of cybersecurity experience, Fink shares strategies for leveraging packet data, integrating AI for automation, fostering vendor collaboration, and ensuring scalability and resilience. This expert-led discussion is a must-watch for cybersecurity professionals who want to learn how to optimize threat detection and avoid data swamps .ABOUT ENDACE *****************Endace (https://www.endace.com) is a world leader in high-performance packet capture solutions for cybersecurity, network and application performance. EndaceProbes are deployed on some of the world's largest, fastest and most critical networks. EndaceProbe models are available for on-premise, private cloud and public cloud deployments - delivering complete hybrid cloud visibility from a single pane-of-glass.Endace's open EndaceProbe Analytics appliances (https://www.endace.com/endaceprobe) can be deployed in on-premise locations and can also host third-party security and performance monitoring solutions while simultaneously recording a 100% accurate history of network activity.CHAPTERS01:24 Why is your nickname 'Fink' and not Steve?02:17 What foundational, architectural principles are essential when designing a next-gen SOC?05:43 How do you approach scalability & modularity in NOC/SOC design to accommodate future growth?08:57 How have you evolved to integrate cloud native technology or hybrid environments into your SOC and what were the challenges?12:04 What role does packet data and centralized logging play in your SOC design and how do you ensure efficient data ingestion and retrieval?14:45 How do you architect SOC to support real time threat detection and response across geographically distributed global infrastructures?17:55 What strategies do you use for disaster recovery?20:35 How do you incorporate AI, ML and automation capabilities into your SOC architecture to enhance threat hunting?23:02 What are your best practices for integrating third-party tools?

Podcast: Simply ICS CyberEpisode: S2 E7: ICS/OT Security Operations CentersPub date: 2025-11-05Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationThe growing need for visibility and response in industrial environments is driving more organizations to consider ICS/OT Security Operations Centers — but what does that actually look like for small and medium-sized operations?In this episode of Simply ICS Cyber, Don and Tom sit down with Dan Gunter, CEO and founder of Insane Cyber, to discuss how ICS/OT SOCs function, what data truly matters for monitoring, and how incident response changes when operators have (or don't have) the right information at hand.Drawing on experience from the Air Force CERT to founding an OT-focused security company, Dan shares a practical look at the realities of SOC implementation across industries — from utilities with limited staff to large-scale enterprises managing thousands of assets.Listeners will gain insight into how to start building visibility, selecting the right MSSP partners, and managing SOC fatigue — all while keeping industrial operations safe and resilient.⚙️ Tune in to learn how data, process, and people come together to make ICS/OT SOCs work in the real world.Connect with Dan on LinkedIn: https://www.linkedin.com/in/dan-gunter

Pour l'épisode #327 je recevais Geoffrey Berard. On en débrief avec Louis.**Restez compliant !** Cet épisode est soutenu par Vanta, la plateforme de Trust Management qui aide les entreprises à automatiser leur sécurité et leur conformité. Avec Vanta, se mettre en conformité avec des standards comme SOC 2, ISO 27001 ou HIPAA devient plus rapide, plus simple, et surtout durable. Plus de 10 000 entreprises dans le monde utilisent déjà Vanta pour transformer leurs obligations de sécurité en véritable moteur de croissance.

Got a question or comment? Message us here!

"L'importance ne réside plus uniquement dans l'écriture de code, mais dans la capacité à exprimer des concepts systèmes et à conceptualiser les solutions." Episode in English // Premier épisode en anglais d'If This Then DevThe D.E.V. of the week is Marcel Weekes, VP of Engineering at Figma.Marcel shares what it means to lead a global engineering team while keeping collaboration, creativity, and quality at the core. We discuss how Figma bridges designers, developers, and AI &mdash and how this unique culture shapes the way software gets built.From managing tech debt at scale to integrating AI-driven code generation, Marcel reflects on how roles are evolving, why feedback is an art form, and what agility really means when your product is collaboration itself.A sincere and grounded conversation on leadership, complexity, and the human side of engineering.Chapters00:00:53 : Introduction: the Figma mindset00:03:17 : Inside Figma's 700-engineer team00:08:33 : Productivity, collaboration, and trust00:11:42 : The VP Engineering's role in keeping teams connected00:16:16 : The art of feedback00:22:02 : Managing tech debt at scale00:27:30 : Code generation tools and developer satisfaction00:34:05 : How AI is changing software development00:41:25 : The evolving role of developers with AI00:45:54 : Final thoughts and cultural recommendationsMarcel's recommandationAtlanta (serie TV) **Restez compliant !** Cet épisode est soutenu par Vanta, la plateforme de Trust Management qui aide les entreprises à automatiser leur sécurité et leur conformité. Avec Vanta, se mettre en conformité avec des standards comme SOC 2, ISO 27001 ou HIPAA devient plus rapide, plus simple, et surtout durable. Plus de 10 000 entreprises dans le monde utilisent déjà Vanta pour transformer leurs obligations de sécurité en véritable moteur de croissance.

If your business handles customer data, SOC 2 is not optional.It may not be on your radar today, but it will be soon. And when that time comes, how early you started will make all the difference.In this episode, Marie Joseph, Manager of Compliance Advisory at Trava, explains what it takes to prepare for SOC 2 certification. She shares what early prep should look like, how to make the audit less stressful, and why every company's compliance checklist is unique.Whether you're just starting or already deep in the process, this conversation will help you avoid the most common mistakes and take SOC 2 seriously before you're forced to.Key takeaways:What most startups get wrong about SOC 2 prepWhy starting early sets you up for a smoother SOC 2 journeyHow GRC tools and consultants help you prepare for auditsEpisode highlights:(00:00) SOC 2 preparation: More than just a checklist(02:37) How GRC tools help in SOC 2 prep(03:35) When to bring in consultants or advisors(04:37) The role of an internal champion for SOC 2(06:51) Preparation for Type 1 vs. Type 2(07:46) The biggest mistakes startups makeConnect with the host:Jara Rowe's LinkedIn - @jararoweConnect with the guest:Marie Joseph's LinkedIn - https://www.linkedin.com/in/marie-joseph-a81394143/ Connect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurity

Dr. Jeff Schwartzentruber is a Senior Machine Learning Scientist at eSentire, working on anomaly detection pipelines and the use of large language models to enhance cybersecurity operations.The Evolution of AI in Cyber Security // MLOps Podcast #344 with Jeff Schwartzentruber, Staff Machine Learning Scientist at eSentire.Join the Community: https://go.mlops.community/YTJoinInGet the newsletter: https://go.mlops.community/YTNewsletter// AbstractModern cyber operations can feel opaque. This talk explains—step by step—what a security operations center (SOC) actually does, how telemetry flows in from networks, endpoints, and cloud apps, and what an investigation can credibly reveal about attacker behavior, exposure, and control gaps. We then trace how AI has shown up in the SOC: from rules and classic machine learning for detection to natural-language tools that summarize alerts and turn questions like “show failed logins from new countries in the last 24 hours” into fast database queries. The core of the talk is our next step: agentic investigations. These GenAI agents plan their work, run queries across tools, cite evidence, and draft analyst-grade findings—with guardrails and a human in the loop. We close with what's next: risk-aware auto-remediation, verifiable knowledge sources, and a practical checklist for adopting these capabilities safely.// BioDr. Jeff Schwartzentruber holds the position of Sr. Machine Learning Scientist at eSentire – a Canadian cybersecurity company specializing in Managed Detection and Response (MDR). Dr. Schwartzentruber's primary academic and industry research has been concentrated on solving problems at the intersection of cybersecurity and machine learning (ML). Over his +10-year career, Dr. Schwartzentruber has been involved in applying ML for threat detection and security analytics for several large Canadian financial institutions, public sector organizations (federal), and SME's. In addition to his private sector work, Dr. Schwartzentruber is also an Adjunct Faculty at Dalhousie University in the Department of Computer Science, a Special Graduate Faculty member with the School of Computer Science at the University of Guelph, and a Sr. Advisor on AI at the Rogers Cyber Secure Catalysts.// Related LinksWebsite: https://www.esentire.com/~~~~~~~~ ✌️Connect With Us ✌️ ~~~~~~~Catch all episodes, blogs, newsletters, and more: https://go.mlops.community/TYExploreJoin our Slack community [https://go.mlops.community/slack]Follow us on X/Twitter [@mlopscommunity](https://x.com/mlopscommunity) or [LinkedIn](https://go.mlops.community/linkedin)] Sign up for the next meetup: [https://go.mlops.community/register]MLOps Swag/Merch: [https://shop.mlops.community/]Connect with Demetrios on LinkedIn: /dpbrinkmConnect with Jeff on LinkedIn: /jeff-schwartzentruber/

Pour l'épisode #324 je recevais Julien Verlaguet. On en débrief avec Frédéric.**Restez compliant !** Cet épisode est soutenu par Vanta, la plateforme de Trust Management qui aide les entreprises à automatiser leur sécurité et leur conformité. Avec Vanta, se mettre en conformité avec des standards comme SOC 2, ISO 27001 ou HIPAA devient plus rapide, plus simple, et surtout durable. Plus de 10 000 entreprises dans le monde utilisent déjà Vanta pour transformer leurs obligations de sécurité en véritable moteur de croissance.

"L'IA ne remplace pas les médecins, elle leur offre un filet de sécurité. Parfois, elle voit ce que l'&oeligil humain ne peut pas percevoir." Le D.E.V. de la semaine est Alexis Ducarouge, co-fondateur chez Gleamer. Alexis nous partage ses perspectives sur l'impact considérable de l'intelligence artificielle dans le domaine de la radiologie. Il souligne l'évolution spectaculaire de cette technologie, notamment des grands modèles de langage, et l'importance vitale des données labellisées pour garantir des diagnostics précis. Alexis soulève également les défis de confiance entre les médecins et ces systèmes d'IA. Il évoque la nécessité d'une approche collaborative entre radiologues et développeurs et émet enfin des perspectives intéressantes sur l'avenir de l'IA visant à améliorer les performances diagnostiques via des modèles plus holistiques.Chapitrages00:00:53 : Introduction à l'IA médicale00:01:48 : Présentation de Gleamer00:02:34 : Évolution des modèles d'IA00:04:07 : Diagnostic et apprentissage supervisé00:06:43 : Qualité des données et annotation00:09:39 : Corrélations et causalité en IA00:12:09 : Confiance dans les systèmes d'IA00:14:22 : Interactions entre médecins et IA00:16:06 : Adoption des outils d'IA en médecine00:19:00 : Choix de modèles d'IA00:20:54 : Stratégies d'acquisition et alliances00:22:10 : Formation et challenge pour les médecins00:24:22 : Impact sur la pratique médicale00:26:22 : Évolutions réglementaires et défis00:27:57 : Compréhension des enjeux médicaux00:30:26 : Annotation par des experts médicaux00:32:13 : Coûts et défis de l'annotation00:35:00 : Régulations et innovation technologique00:36:51 : Cycles de validation et publication00:38:11 : Adoption des outils en France00:39:38 : Comparaison internationale de l'adoption00:40:51 : Régulations et innovation aux États-Unis00:42:44 : Positionnement de l'IA française00:44:41 : Passage à l'échelle des startups00:47:34 : Recherche sur de nouveaux modèles d'IA00:49:47 : Suggestions de lecture et conclusion Liens évoqués pendant l'émission Le problème à trois corps : Liu, Cixin, Gaffric, Gwennaël **Restez compliant !** Cet épisode est soutenu par Vanta, la plateforme de Trust Management qui aide les entreprises à automatiser leur sécurité et leur conformité. Avec Vanta, se mettre en conformité avec des standards comme SOC 2, ISO 27001 ou HIPAA devient plus rapide, plus simple, et surtout durable. Plus de 10 000 entreprises dans le monde utilisent déjà Vanta pour transformer leurs obligations de sécurité en véritable moteur de croissance.

Is the AI SOC analyst just hype, or is there measurable ROI? We spoke to Edward Wu, founder of Dropzone AI about this and he shared insights from a recent Cloud Security Alliance (CSA) benchmark report that quantified the impact of AI augmentation on SOC teams. The study revealed significant improvements in speed (45-60% faster investigations) and completeness, even for analysts using the tech for the first time.Edward spoke about the "robotic" limitations of traditional SOAR playbooks with the adaptive capabilities of agentic AI systems, which can autonomously investigate alerts end-to-end without pre-defined scripts . He shared that while AI won't entirely replace human analysts ("That's not going to happen"), it will automate much of the manual Tier 1 toil, freeing up humans for higher-value roles like security architecture, transformation, and detection engineering .Guest Socials -⁠ ⁠⁠⁠⁠⁠⁠Edward's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠Questions asked:(00:00) Introduction(02:40) Who is Edward Wu?(03:30) The Evolution of AI Agents Since ChatGPT(04:35) Surprising Findings from the CSA AI SOC Benchmark Report(06:40) Why Has Traditional Security Automation (SOAR) Underdelivered?(09:30) How AI SOC Analysts Differ from SOAR Playbooks(11:30) Does Agentic AI Reduce the Need for Security Data Lakes?(13:20) The Evolving ROI for SOC in the AI Era(14:50) ROI Use Case 1: Reducing Alert Investigation Latency(15:15) ROI Use Case 2: Increasing Alert Coverage (Mediums & Lows)(16:20) ROI Use Case 3: Depth of Coverage & Skill Uniformity(18:15) Achieving Both Speed and Thoroughness with AI(19:40) How Far Can AI Go? Detection vs. Investigation vs. Response(21:35) AI SOC Hype vs. Reality: Receptiveness and Trust(24:20) The Future Role of Tier 1 SOC Analysts(27:40) What Scale Benefits Most from AI SOC Analysts? (Enterprise & MSPs)(29:00) The Build vs. Buy Dilemma for AI SOC Technology ($20M R&D Reality)(33:10) Training Budgets: What Skills Should Future SOC Teams Learn?Resources spoken about during the episode:Beyond the Hype: AI Agents in the SOC Benchmark Study

Vi zoomer ind på Finansloven, #ValgAmok2025, direkte fra Frederiksberg Allé, 18. november, vi kredser rundt om Kommunalvalget 2025, i uger, vi kommer til at vide en del, på det KV25, Bækkestien er rykket ind, på Rådhuset i Randers, ÆldreSagen er dybt nede, i Finansloven, en petriskål af børnesygdomme, på daginstitutionerne, et pyramidespil, af kandidattest, minkavler-erstatning, vs. Finanslov, Tage kunne tage regningen selv, totalt-lokale-initiativer, de vildeste vrøvl, på valgplakaterne, rift om lygtepælene, en forfængelig rids, i lakken i København, bymurene faldt, i 2021, på Frederiksberg, Bjarne fra Soc.Dem, på Frederiksberg Allé, Jarlov på valg, i Roskilde Kommune, magtforholdene kan vende, i Ringkøbing-Skjern, færre marker, med solceller, mere knalderi, mere Gud, Randers Byråd har svinget, i 30 år, kulminerede med en fuckfinger, folk er ikke yngre, vi er bare gamle, Viborg har alt, bortset fra en grund, til at besøge byen, den er helt gal, i Kerteminde, vi har holdt meget ud, i årenes løb, og gør det igen, i år, fløjt-til-fløjt krævede tre skatteministre, når det først går dårligt, for manden, går det ad helvedes til, højtryksspul rakkerpakket, ud af forstæderne, alt andet end en stille nat, til Sarkozy, ikke mange smæk i numsen, for Messerschmidts grønne cykel, relax, while you still have the energy to do so, og hold jer væk, fra de vilde fugle.Få 30 dages gratis prøveperiode (kan kun benyttes af nye Podimo-abonnenter)- http://podimo.dk/hgdg (99 kroner herefter)Værter: Esben Bjerre & Peter FalktoftRedigering: PodAmokKlip: PodAmokMusik: Her Går Det GodtInstagram:@hergaardetgodt@Peterfalktoft@Esbenbjerre

Guest: Monzy Merza, co-founder and CEO at Crogl Topics: We often hear about the aspirational idea of an "IronMan suit" for the SOC—a system that empowers analysts to be faster and more effective. What does this ideal future of security operations look like from your perspective, and what are the primary obstacles preventing SOCs from achieving it today? You've also raised a metaphor of AI in the SOC as a "Dr. Jekyll and Mr. Hyde" situation. Could you walk us through what you see as the "Jekyll"—the noble, beneficial promise of AI—and what are the factors that can turn it into the dangerous "Mr. Hyde"? Let's drill down into the heart of the "Mr. Hyde" problem: the data. Many believe that AI can fix a team's messy data, but you've noted that "it's all about the data, duh." What's the story? "AI ready SOC" - What is the foundational work a SOC needs to do to ensure their data is AI-ready, and what happens when they skip this step? And is there anything we can do to use AI to help with this foundational problem? How do we measure progress towards AI SOC? What gets better at what time? How would we know? What SOC metrics will show improvement? Will anything get worse? Resources: EP242 The AI SOC: Is This The Automation We've Been Waiting For? EP170 Redefining Security Operations: Practical Applications of GenAI in the SOC EP227 AI-Native MDR: Betting on the Future of Security Operations? EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI EP238 Google Lessons for Using AI Agents for Securing Our Enterprise "Simple to Ask: Is Your SOC AI Ready? Not Simple to Answer!" blog Nassim Taleb "Antifragile" book "AI Superpowers" book "Attention Is All You Need" paper

Arctic Wolf's Dean Teffer reveals how they transformed security operations by processing one trillion daily alerts with AI, and shares hard-won lessons from operationalizing AI in production SOC environments Topics Include:Arctic Wolf processes one trillion security alerts daily across 10,000 global customersSecurity operations remained stubbornly human-mediated due to constantly evolving threats and infrastructure complexityDean explains why platformizing data creates a virtuous cycle enabling AI automationTraditional ML models couldn't handle SOC's situational complexity, leading to LLM adoptionArctic Wolf's unique advantage: direct access to 1000+ SOC analysts for continuous feedbackAWS partnership began with governance concerns about data privacy and model training"Centaur Chess" approach: AI-human teams consistently outperform either alone in cybersecurityThree-generation AI evolution: from personal use to prompt engineering to expert-tuned modelsThree-day AWS hackathon achieved breakthroughs that would've taken months independentlySOC analysts actively shaped AI responses through iterative feedback during live operationsObservability proved critical: tracking performance, quality metrics, and response times for continuous improvementMeasurable impact achieved: automated alert orientation dramatically increased analyst efficiency and response quality Participants:Dean Teffer - VP of AI/ML, Arctic WolfAswin Vasudevan - Senior ISV Solution Architect, Amazon Web ServicesSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Send us a textWe recorded live at IMAPS with Siemens, ACM Research, Shellback Semiconductor, DECA, Nordson Electronic Solutions, and VIEW Micro Metrology to explore how AI demand, chiplets, and panels are reshaping advanced packaging. We dig into 3D BLOX, thermal and test roadblocks, green chemistries, metrology at scale, and why the back end now leads innovation. Listen to learn about:• The Siemens–ASE collaboration on 3D BLOX models and VIPACK workflows• Interoperable YAML-based packaging definitions moving toward IEEE standard• 3D stacking to cut picojoules per bit amid thermal and test limits• Panel-level packaging economics, sizes, and lack of standards• ACM Research updates in copper plating, bevel clean, frame clean, and compound deplating• Batch spray versus single wafer trade-offs at Shellback Semiconductor• HydrOzone green strip replacing legacy NMP in select flows•The  DECA–SST deal for NVM chiplet package and SoC disaggregation• Nordson Electronic Solutions' panel strategy, IntelliJet 1.1, Vantage platform, and warpage control• VIEW Micro Metrology's high-throughput telecentric metrology across wafers and large panelsLearn more at imaps.orgSupport the showBecome a sustaining member! Like what you hear? Follow us on LinkedIn and TwitterInterested in reaching a qualified audience of microelectronics industry decision-makers? Invest in host-read advertisements, and promote your company in upcoming episodes. Contact Françoise von Trapp to learn more. Interested in becoming a sponsor of the 3D InCites Podcast? Check out our 2024 Media Kit. Learn more about the 3D InCites Community and how you can become more involved.

Monzy Merza (@monzymerza, CEO/Founder @Crogl) talks about build a next-generation Enterprise SOC by leveraging AI to stay ahead of Cybersecurity threats.SHOW: 969SHOW TRANSCRIPT: The Cloudcast #969 TranscriptSHOW VIDEO: https://youtube.com/@TheCloudcastNET CLOUD NEWS OF THE WEEK: http://bit.ly/cloudcast-cnotwNEW TO CLOUD? CHECK OUT OUR OTHER PODCAST: "CLOUDCAST BASICS" SPONSORS:[Interconnected] Interconnected is a new series from Equinix diving into the infrastructure that keeps our digital world running. With expert guests and real-world insights, we explore the systems driving AI, automation, quantum, and more. Just search “Interconnected by Equinix”.[TestKube] TestKube is Kubernetes-native testing platform, orchestrating all your test tools, environments, and pipelines into scalable workflows empowering Continuous Testing. Check it out at TestKube.io/cloudcastSHOW NOTES:Crogl websiteTechCrunch articleForbes ArticleIntellyx ArticleLast WatchDog ArticleTopic 1 - Welcome to the show, Monzy. Give everyone a brief introduction and tell us about your unique journey from government research to Splunk to Databricks to founding Crogl.Topic 2 - Let's start with the current state of cybersecurity and AI. We're seeing headlines about AI being the top cybersecurity concern for 2025, even overtaking ransomware. From your perspective, what's driving this shift and why should organizations be paying attention to the intersection of cybersecurity and AI?Topic 3 - You've described Crogl as an "Iron Man suit" for security analysts. That's a compelling metaphor. Can you break down what you mean by that and how your approach differs from the traditional "reduce alerts" mentality that most vendors have been pushing?Topic 4 - Let's talk about your "knowledge engine" and what you call an “AI for the Enterprise SOC”. You're using compound AI systems with LLMs, smaller models, and knowledge graphs. This sounds quite different from vendors who are just "bolting on" LLMs to existing tools. Walk us through this architectural decision and why it matters.Topic 5 - The cybersecurity industry is experiencing massive alert fatigue - 4,500 alerts per day, with analysts only able to investigate 8-25 of them. Your philosophy is "every alert should be analyzed" rather than filtering them out. That seems counterintuitive to what the market has been doing. How does your autonomous investigation approach actually work in practice?Topic 6 - Where do you see this evolution heading, and what are the implications for SOC teams and security practitioners? Are we heading toward fully autonomous SOCs?FEEDBACK?Email: show at the cloudcast dot netBluesky: @cloudcastpod.bsky.socialTwitter/X: @cloudcastpodI

In episode 158 of Cybersecurity Where You Are, Sean Atkinson is joined by Andy Weidner, Product Manager at Nerdio, and Jason Ingalls, Chief Cybersecurity Officer at C3 Integrated Solutions. Together, they explore how organizations can navigate the complexities of Cybersecurity Maturity Model Certification (CMMC) compliance using automation, scalable infrastructure, and hardened cloud environments.The conversation dives into the challenges faced by managed service providers (MSPs) and defense contractors, the importance of baking in security from the start, and how Nerdio's platform acts as a force multiplier for compliance and operational efficiency. Jason shares a compelling anecdote from his time in a security operations center (SOC), illustrating the real-world stakes of cybersecurity and the origins of CMMC.Here are some highlights from our episode:00:44. Introductions to Andy and Jason01:17. How to address common challenges of CMMC compliance03:40. A real-world story of data exfiltration and its national security impact08:34. How Nerdio and CIS Hardened Images® help organizations in their CMMC journey12:15. Understanding the vision to scale configuration management18:14. Strategy and automation as key elements to approaching CMMC Level 225:19. The value of baking scalability in vs. bolting it on26:38. Segregation of duties as a means of pursuing dual-scope CMMC certification29:22. Where to learn more about Nerdio and C3 Integrated SolutionsResourcesNerdioC3 Integrated SolutionsCIS Hardened Images®How to Plan a Cybersecurity Roadmap in 4 StepsCIS Controls v8.1 Mapping to CMMC 2.0CIS Controls v8.1 Mapping to NIST SP 800-53 Rev 5CIS Controls v8.1 Mapping to NIST SP 800-171 Rev 3If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Can you just use Claude Code or another LLM to "vibe code" your way into building an AI SOC? In this episode, Ariful Huq, Co-Founder and Head of Product at Exaforce spoke about the reality being far more complex than the hype suggests. He explains why a simple "bolt-on" approach to AI in the SOC is insufficient if you're looking for real security outcomes.We speak about foundational elements required to build a true AI SOC, starting with the data. It's "well more than just logs and event data," requiring the integration of config, code, and business context to remove guesswork and provide LLMs with the necessary information to function accurately . The discussion covers the evolution beyond traditional SIEM capabilities, the challenges of data lake architectures for real-time security processing, and the critical need for domain-specific knowledge to build effective detections, especially for SaaS platforms like GitHub that lack native threat detection .This is for SOC leaders and CISOs feeling the pressure to integrate AI. Learn what it really takes to build an AI SOC, the unspoken complexities, and how the role of the security professional is evolving towards the "full-stack security engineer".Guest Socials -⁠ ⁠⁠⁠⁠⁠Ariful's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠Questions asked:(00:00) Introduction(02:30) Who is Ariful Huq?(03:40) Can You Just Use Claude Code to Build an AI SOC?(06:50) Why a "Bolt-On" AI Approach is Tough for SOCs(08:15) The Importance of Data: Beyond Logs to Config, Code & Context(09:10) Building AI Native Capabilities for Every SOC Task (Detection, Triage, Investigation, Response)(12:40) The Impact of Cloud & SaaS Data Volume on Traditional SIEMs(14:15) Building AI Capabilities on AWS Bedrock: Best Practices & Challenges(17:20) Why SIEM Might Not Be Good Enough Anymore(19:10) The Critical Role of Diverse Data (Config, Code, Context) for AI Accuracy(22:15) Data Lake Challenges (e.g., Snowflake) for Real-Time Security Processing(26:50) Detection Coverage Blind Spots, Especially for SaaS (e.g., GitHub)(31:40) Building Trust & Transparency in AI SOCs(35:40) Rethinking the SOC Team Structure: The Rise of the Full-Stack Security Engineer(42:15) Final Questions: Running, Family, and Turkish Food

In this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: FBI intervenes in Scattered Spider Salesforce leaksite Clop loots Oracle E-Biz deployments Plus so much more data extortion.. At least it's not ransomware … we guess? The US still can't decide who's gonna be in charge of NSA & Cybercom Cambodian scam compounds get sanctioned and $15b in crypto is seized NSO gets sold for pocket-lint-grade money Bugs! Redis CVSS 10, Ivanti, Crowdstrike and… Internet Explorer?! zeroday?! In the wild?!!!? This week's episode is sponsored by Stairwell. Founder Mike Wiacek talks about how Stairwell brings VirusTotal-like visibility to private files, and about integrating the insights that brings into your SOC workflow. This episode is also available on Youtube. Show notes FBI takedown banner appears on BreachForums site as Scattered Spider promotes leak | The Record from Recorded Future News Dozens of Oracle customers impacted by Clop data theft for extortion campaign | CyberScoop Well, Well, Well. It's Another Day. (Oracle E-Business Suite Pre-Auth RCE Chain - CVE-2025-61882) Clop is a Big Fish, But Not Worth Hunting - Risky Business Media ShinyHunters Wage Broad Corporate Extortion Spree – Krebs on Security The company Discord blamed for its recent breach says it wasn't hacked Qantas confirms cybercriminals released stolen customer data | The Record from Recorded Future News Red Hat confirms breach of GitLab instance, which stored company's consulting data | CyberScoop Risky Bulletin: Microsoft revamps Edge's "IE Mode" after zero-day attacks - Risky Business Media Teenagers arrested in England over cyberattack on nursery chain Kido | The Record from Recorded Future News Acting US Cyber Command, NSA chief won't be nominated for the job, sources say | The Record from Recorded Future News Layoffs, reassignments further deplete CISA | Cybersecurity Dive Trump's scandalous directive to AG Pam Bondi reached the public by accident Feds sanction Cambodian conglomerate over cyber scams, seize $15 billion from chairman | The Record from Recorded Future News US Congress committee investigating Musk-owned Starlink over Myanmar scam centres | Myanmar | The Guardian Satellites Are Leaking the World's Secrets: Calls, Texts, Military and Corporate Data | WIRED Netherlands invokes special powers against Chinese-owned semiconductor company Nexperia | The Record from Recorded Future News Spyware maker NSO Group confirms acquisition by US investors | TechCrunch Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits | WIRED Wiz Finds Critical Redis RCE Vulnerability: CVE‑2025‑49844 | Wiz Blog SonicWall admits attacker accessed all customer firewall configurations stored on cloud portal | CyberScoop SonicWall SSLVPN devices compromised using valid credentials | Cybersecurity Dive Issues Affecting CrowdStrike Falcon Sensor for Windows ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities - SecurityWeek Jaguar Land Rover launches phased restart at factories after cyber-attack | Jaguar Land Rover | The Guardian Windows 10 support ends today — here's who's affected and what you need to do

Today's show:*Zach Dell of Base Power joins us at the top of today's show to talk about building batteries in Austin, that $1 billion investment, and why an “all of the above” energy strategy is the only way forward.PLUS Jason and Alex's thoughts on that Tesla non-upside down car announcement, growing resentments toward AI datacenters, Chinese robots actually going on sale, Tim Cook's potential Apple exit, xAI's Nvidia agreement and MUCH MORE.Timestamps:(00:02:10) A MAJOR GUEST! Zach Dell of Base Power joins us from the top of the show.(00:03:31) The basics of Base Power's business model: the best electron is the cheapest electron(00:08:38) Zach teases Base's new, time-saving approach to battery installation(00:10:32) Vanta - Get $1000 off your SOC 2 at https://www.vanta.com/twist(00:18:12) How Base's grid can help drive down overall energy prices(00:21:17) Squarespace - Use offer code TWIST to save 10% off your first purchase of a website or domain at https://www.Squarespace.com/TWIST(00:30:12) Sentry - New users get 3 months free of the Business plan (covers 150k errors). Go to http://sentry.io/twist and use code TWIST(00:36:20) Tesla did not announce an upside fan car… Oh well…(00:44:27) Buy your Chinese robot TODAY on Walmart dot com? Or not!(00:48:12) Is Tim Apple EXITING Apple? Who's next?(00:59:22) ANOTHER mega-deal? Now xAI is circling a Nvidia investment…Subscribe to the TWiST500 newsletter: https://ticker.thisweekinstartups.comCheck out the TWIST500: https://www.twist500.comSubscribe to This Week in Startups on Apple: https://rb.gy/v19fcpFollow Lon:X: https://x.com/lonsFollow Alex:X: https://x.com/alexLinkedIn: ⁠https://www.linkedin.com/in/alexwilhelmFollow Jason:X: https://twitter.com/JasonLinkedIn: https://www.linkedin.com/in/jasoncalacanisThank you to our partners:Vanta - Get $1000 off your SOC 2 at https://www.vanta.com/twistSquarespace - Use offer code TWIST to save 10% off your first purchase of a website or domain at https://www.Squarespace.com/TWISTSentry - New users get 3 months free of the Business plan (covers 150k errors). Go to http://sentry.io/twist and use code TWISTGreat TWIST interviews: Will Guidara, Eoghan McCabe, Steve Huffman, Brian Chesky, Bob Moesta, Aaron Levie, Sophia Amoruso, Reid Hoffman, Frank Slootman, Billy McFarlandCheck out Jason's suite of newsletters: https://substack.com/@calacanisFollow TWiST:Twitter: https://twitter.com/TWiStartupsYouTube: https://www.youtube.com/thisweekinInstagram: https://www.instagram.com/thisweekinstartupsTikTok: https://www.tiktok.com/@thisweekinstartupsSubstack: https://twistartups.substack.comSubscribe to the Founder University Podcast: https://www.youtube.com/@founderuniversity1916