Skip to main content

Guest:





Topics: 


SIEM and SOC


 


Subscribe at Spotify.


Subscribe at Apple Podcasts.


Subscribe at YouTube





Topics covered:



  • Why do so many organizations still collect logs yet don’t detect threats? In other words, why is our industry spending more money than ever on SIEM tooling and still not “winning” against Tier 1 ... or even Tier 5 adversaries? 

  • What are the hardest parts about getting the right context into a SOC analyst’s face when they’re triaging and investigating an alert? Is it integration? SOAR playbook development? Data enrichment? All of the above?

  • What are the organizational problems that keep organizations from getting the full benefit of the security operations tools they’re buying?

  • Top SIEM mistakes? Is it trying to migrate too fast? Is it accepting a too slow migration? In other words, where are expectations tyrannical for customers? Have they changed much since 2015?

  • Do you expect people to write their own detections? Detecting engineering seems popular with elite clients and nobody else, what can we do?

  • Do you think AI will change how we SOC (Tim: “SOC” is not a verb?) in the next 1- 3 -5 years? 

  • Do you think that AI SOC tech is repeating the mistakes SOAR vendors made 10 years ago? Are we making the same mistakes all over again? Are we making new mistakes? 



Be the first to reply!

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.