Guest:
- Daniel Lyman, VP of Threat Detection and Response, Fiserv
Topics:
SIEM and SOC Artificial Intelligence
Topics covered:
- What is the right way for people to bridge the gap and translate executive dreams and board goals into the reality of life on the ground?
- How do we talk to people who think they have "transformed" their SOC simply by buying a better, shinier product (like a modern SIEM) while leaving their old processes intact?
- What are the specific challenges and advantages you’ve seen with a federated SOC versus a centralized one? What does a "federated" or "sub-SOC" model actually mean in practice?
- Why is the message that "EDR doesn't cover everything" so hard for some people to hear? Is this obsession with EDR a business decision or technology debt?
- How do you expect AI to change the calculus around data centralization versus data federation?
- What is your favorite example of telemetry that is useful, but usually excluded from a SIEM?
- What are the Detection and Response organizational metrics that you think are most valuable?
- Is the continued use of Excel an issue of tooling, laziness, or just because it is a fundamentally good way to interact with a small database?