SuperSOC: Conversations with the People Shaping the Future of Security Operations

Qevlar AI
  • 0.0 (0)
  • 科技

SuperSOC is the monthly podcast where Qevlar AI's CEO Ahmed Achchak interviews top cybersecurity experts to explore the future of the SOC. From real-world AI applications to rethinking SecOps workflows, each episode delivers bold insights and practical strategies for modern security teams. Recent guests include Google’s Anton Chuvakin and cybersecurity automation expert Filip Stojkovski.Want to know more about Qevlar AI and how it can help you automate alert investigation? Head to www.qevlar.com

单集

  1. 10月13日

    Should SOCs Drop Tiered Models Altogether? ft. Rob van Os @SOC-CMM

    Tier 1, Tier 2, Tier 3 — the hierarchy every SOC grew up with. But as AI takes over triage and investigation, does that model still make sense? In this episode, Ahmed Achchak (CEO and co-founder of Qevlar AI) talks with Rob van Os, Strategic SOC Advisor and creator of the SOC-CMM framework — one of the most widely adopted models for assessing and improving SOC maturity worldwide. Together, they unpack whether modern AI-driven operations make the tiered model obsolete, how skills-based SOCs are emerging, and what this shift means for talent, economics, and trust in AI-assisted decisions. You’ll discover: → Why AI automation challenges the core logic behind tiered SOCs. → How the SOC-CMM framework helps leaders benchmark and evolve toward post-tier models. → The real blocker to full autonomy: missing infrastructure and business context. → How to grow and mentor analysts when “entry-level” alerts no longer exist. → How to prevent “shadow tiering” from silently reappearing in AI-augmented SOCs. Rob also shares his prediction on when large enterprises will finally abandon tier and the new engineering and AI skills every modern analyst will need to thrive. Agenda 00:00 – Introduction: What happens to the tiered SOC when AI takes over L1 and L2? 01:11 – New roles emerging: AI orchestrators and complex-case specialists 03:03 – Trust in AI and why automation still hits the “context” wall 04:54 – Developing junior talent in a post-tier world 06:46 – From tiers to skills: the rise of the skills-based SOC 07:11 – Does AI break the business logic of tiering? 09:19 – Engineering skills every modern analyst will need 10:15 – Why a fully autonomous SOC remains out of reach 13:21 – MSSPs vs in-house SOCs: different economics, same lessons 15:07 – Avoiding “shadow tiering” with proper knowledge management 17:27 – Rob’s prediction: Will enterprises abandon tiers in 3–5 years? 18:19 – Fire Round Learn more about Qevlar for your SOC: https://www.qevlar.com/ Follow Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/ Follow Rob on LinkedIn: https://www.linkedin.com/in/socadvisor/

    22 分钟

  2. 9月10日

    Shifting Detection Left In the Kill Chain. How AI Can Reduce False Negatives ft. Shane Shook @Forgepoint Capital

    In this episode, Ahmed Achchak (CEO & co-founder of Qevlar AI) invited Shane Shook, Venture Partner at Forgepoint Capital and longtime advisor to top security startups, to explore why false negatives (not false positives) are still the SOC’s most dangerous blind spot. Shane shares insights from 30+ years in incident response and threat detection on where organizations miss early signals, why overtuning rules makes things worse, and how AI can finally shift detection left without overwhelming analysts. You’ll discover: → Why most SOCs miss early-stage delivery attacks, and why “trust” is still the Achilles’ heel. → How fear of false positives actually creates false negatives. → Where context (user, privilege, resource history) can make or break early detection. → How agentic AI and reinforcement learning can spot weak signals at scale. → What practical steps CISOs should take to shift detection left in 2025–2026. Check out Shane’s book Cybercrime Investigation Body of Knowledge https://www.cibok.org/en/#section-download And latest articles: https://forgepointcap.com/tag/tips/ Agenda: 00:00 – Intro: Why false negatives, not false positives, cause the real damage 01:14 – How overtuning rules leads to blind spots 05:21 – The kill chain phase where most detections fail today 07:13 – Why trust relationships defeat zero trust defenses 09:02 – How AI can reduce false negatives without drowning in noise 12:18 – Why full organizational context is the missing piece 14:18 – The single most practical step to shift detection left 16:52 – Why focusing on breach indicators matters more than attack indicators 17:32 – Fire Round: The most underestimated kill chain stage 19:19 – False negatives happen when… 19:33 – The biggest risk CISOs still underestimate Learn more about Qevlar for your SOC: https://www.qevlar.com/ Follow Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/ Follow Shane on LinkedIn: https://www.linkedin.com/in/shanedshook/

    20 分钟

  3. 8月12日

    The MSSP vs. Enterprise Divide: How Autonomous AI Changes the SOC Service Model ft. Erik Bloch @illumio

    In this episode, Ahmed Achchak (CEO & co-founder of Qevlar AI) sits down with Erik Bloch, VP of Security at illumio and former SOC leader at Salesforce and Atlassian, to explore how AI is blurring the traditional divide between MSSP and enterprise SOCs. Erik breaks down why MSSPs operate like standardized, metric-driven service products, while enterprise SOCs remain bespoke, and how autonomous AI might flip the script. You’ll discover: → Why AI fits naturally into MSSP workflows but struggles in enterprise SOCs (and what is needed to fix it for maximum results) → What MSSPs get right about process and measurement and what enterprises can learn from it → How autonomous agents could unlock deep personalization at scale for MSSPs → The people and process blockers holding back AI adoption in the enterprise → Why phishing is still every SOC’s biggest time sink and how AI can actually help → What vendors overhype about AI and what they should focus on instead Agenda: 00:00 – Intro: How AI blurs the MSSP vs. enterprise SOC line 03:21 – Where AI fits today and where it fails 03:57 – MSSPs run on process; enterprises run on chaos 06:36 – Can autonomous AI personalize without breaking scale? 07:12 – Remove the haystack vs. hunt the needle 10:58 – What AI can offload to help SOC teams do real work 12:17 – Why phishing still dominates SOC workload 13:46 – Fire Round: One alert type to ban forever 18:47 – What MSSPs and enterprises should learn from each other 19:30 – The AI pitch vendors love that nobody actually needs Follow Erik Bloch on LinkedIn: https://www.linkedin.com/in/erikbloch/ Follow Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/ Learn how Qevlar AI automates alert investigation so your analysts don’t burn out: www.qevlar.com

    22 分钟

  4. 7月15日

    Making AI Useful in the SOC: Data, Metrics & Human Skills ft. Dr. Anton Chuvakin @Google Cloud

    AI promises to transform security operations but how much of that is actually happening today? In this episode, Ahmed Achchak (CEO of Qevlar AI) talks with Dr. Anton Chuvakin, Security Advisor at Office of the CISO at Google Cloud, to explore the real, measurable ways AI can improve your SOC and the hard limits many organizations overlook. You’ll discover: Where AI reliably adds value in security operations today and where it doesn’t.Why poor data, not weak models, is the biggest blocker to AI success in SOCs.The key metrics and KPIs that matter when evaluating AI’s effectiveness.What human skills will grow in importance in AI-augmented SOCs and which ones matter less.Agenda: 00:00 – Introduction: Can AI actually help the SOC? 01:06 – Why “AI SOC” is a misleading term 02:27 – The real reason AI won't run the SOC anytime soon 03:49 – Why better AI doesn’t solve bad data 04:18 – Measuring AI’s impact: productivity vs. autonomy 05:54 – Why GenAI improvements aren't enough without better processes 07:12 – Should you track AI’s accuracy? 08:18 – What AI should actually improve in SOC workflows 08:46 – The human skill that matters most in AI-augmented SOCs 10:01 – What SOC skill might matter less in the future 11:08 – Fire Round: Advice Anton repeats but nobody listens to 12:12 – The SOC transformation most organizations keep postponing 13:46 – Why many SOCs are still struggling with cloud in 2025 15:14 – Wrap-up: What Anton finds surprising about today’s SOCs Follow Dr. Anton Chuvakin on LinkedIn: https://www.linkedin.com/in/chuvakin/ Dr. Chuvakin’s blog “Anton On Security”: https://medium.com/anton-on-security Follow Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/ Stay tuned for Qevlar AI updates: https://www.linkedin.com/company/qevlar/ Curious to learn how Qevlar AI can automate your alert investigation so your team can focus on the alerts that matter? Head to: https://www.qevlar.com/

    17 分钟

  5. 6月11日

    From Playbooks to Agents: Rethinking Automation in the SOC with Filip Stojkovski

    Most “AI-powered” security tools are just brittle automation wearing a fancy badge. In this episode, Qevlar AI CEO Ahmed Achchak sits down with cybersecurity automation expert Filip Stojkovski to ask the hard questions: Why are L1/L2 workflows still broken? What separates true AI agents from glorified SOAR playbooks? And how can you actually measure whether AI is making smart decisions or just moving faster? They break down the limits of traditional automation, expose “AI SOC” vendor red flags, and map a real path toward autonomous, human-aligned security operations. Agenda: 00:00 – Why L1/L2 workflows are broken 01:13 – Are we automating… or just duct-taping faster? 02:44 – AI SOAR vs. autonomous agents: what’s the real difference? 03:09 – When automation becomes a maintenance nightmare 04:46 – What humans still do better in the SOC 06:20 – AI ROI: why speed isn’t the right metric anymore 08:00 – Metrics successful SOCs measure 10:32 – How to spot fake “AI SOC” vendors 13:27 – Where to start if you want true autonomy 15:06 – Fire Round: The truth about AI in security Follow Filip on LinkedIn: https://www.linkedin.com/in/filipstojkovski/ Filip's blog:  https://www.cybersec-automation.com/ Follow Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/ Stay tuned for Qevlar AI updates: https://www.linkedin.com/company/qevlar/ Curious to learn how Qevlar AI can automate your alert investigation so your team can focus on the alerts that matter? Head to: https://www.qevlar.com/

    19 分钟
  • 5 集

关于

SuperSOC is the monthly podcast where Qevlar AI's CEO Ahmed Achchak interviews top cybersecurity experts to explore the future of the SOC. From real-world AI applications to rethinking SecOps workflows, each episode delivers bold insights and practical strategies for modern security teams. Recent guests include Google’s Anton Chuvakin and cybersecurity automation expert Filip Stojkovski.Want to know more about Qevlar AI and how it can help you automate alert investigation? Head to www.qevlar.com

信息

你可能还喜欢