SuperSOC: Conversations with the People Shaping the Future of Security Operations
  • SEP 10
  • S1, E4
  • 20 MIN

Shifting Detection Left In the Kill Chain. How AI Can Reduce False Negatives ft. Shane Shook @Forgepoint Capital

SuperSOC: Conversations with the People Shaping the Future of Security Operations

In this episode, Ahmed Achchak (CEO & co-founder of Qevlar AI) invited Shane Shook, Venture Partner at Forgepoint Capital and longtime advisor to top security startups, to explore why false negatives (not false positives) are still the SOC’s most dangerous blind spot.

Shane shares insights from 30+ years in incident response and threat detection on where organizations miss early signals, why overtuning rules makes things worse, and how AI can finally shift detection left without overwhelming analysts.

You’ll discover:

→ Why most SOCs miss early-stage delivery attacks, and why “trust” is still the Achilles’ heel.

→ How fear of false positives actually creates false negatives.

→ Where context (user, privilege, resource history) can make or break early detection.

→ How agentic AI and reinforcement learning can spot weak signals at scale.

→ What practical steps CISOs should take to shift detection left in 2025–2026.

Check out Shane’s book Cybercrime Investigation Body of Knowledge

https://www.cibok.org/en/#section-download

And latest articles:

https://forgepointcap.com/tag/tips/

Agenda:

00:00 – Intro: Why false negatives, not false positives, cause the real damage

01:14 – How overtuning rules leads to blind spots

05:21 – The kill chain phase where most detections fail today

07:13 – Why trust relationships defeat zero trust defenses

09:02 – How AI can reduce false negatives without drowning in noise

12:18 – Why full organizational context is the missing piece

14:18 – The single most practical step to shift detection left

16:52 – Why focusing on breach indicators matters more than attack indicators

17:32 – Fire Round: The most underestimated kill chain stage

19:19 – False negatives happen when…

19:33 – The biggest risk CISOs still underestimate

Learn more about Qevlar for your SOC: https://www.qevlar.com/

Follow Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/

Follow Shane on LinkedIn: https://www.linkedin.com/in/shanedshook/

Information