Erik Bloch, VP of Security at Illumio, brings a wealth of experience from transforming security teams at giants like Cisco and Salesforce. He emphasizes the need for solid security foundations—like effective ticketing systems—before jumping to AI tools. Erik critiques traditional security metrics as often misleading and highlights the importance of aligning security with business goals. He also discusses how managed service providers might lead in AI adoption due to their structured processes, pointing out the critical role of data in making informed security decisions.
44:04
forum Ask episode
web_stories AI Snips
view_agenda Chapters
auto_awesome Transcript
info_circle Episode notes
question_answer ANECDOTE
Early Career: Boxcar Investigation
Erik Bloch investigated a major Cisco source-code theft early in his career.
That Boxcar case led him to start and lead Cisco's CERT team.
volunteer_activism ADVICE
Get Fundamentals Right Before Adding AI
Do establish basic processes and measurable metrics before buying new security tools.
Avoid relying on shiny objects to fix broken or missing processes.
volunteer_activism ADVICE
Use Tickets To Measure Team Capacity
Use tickets and well-defined states to capture the work your SOC actually does.
Calculate team capacity and compare it to incoming volume to identify overloads.
Get the Snipd Podcast app to discover more snips from this episode
In this episode of Detection at Scale, Jack speaks with Erik Bloch, VP of Security, Illumio, about why most security operations teams aren't ready for AI tools and what fundamental processes must be in place first. Erik challenges the industry's obsession with new technologies, sharing stories from his experience transforming underperforming security teams at major companies like Cisco, Salesforce, and Atlassian.
His conversation with Jack explores how to measure what actually matters in security operations, from team capacity utilization to business outcome dispositions, and why proper ticketing systems and actionable metrics are prerequisites for any advanced tooling to be effective.
Topics discussed:
The importance of establishing fundamental processes like ticketing systems and metrics before implementing AI tools in security operations.
How to measure team capacity utilization and resource allocation to identify when security operations teams are operating beyond sustainable levels.
Why traditional security metrics like mean time to detect are often vanity metrics that don't provide actionable business intelligence.
The critical need for security leaders to communicate in business language with concrete data rather than anecdotal risk assessments.
How managed service providers will likely be the first to successfully adopt AI tools due to their standardized processes.
The challenge of proving AI tool effectiveness when most organizations lack baseline metrics to measure improvement against established benchmarks.
Why security teams gravitate toward building custom tools and how this impacts their approach to adopting commercial AI solutions.
The role of MCP in enabling security teams to create their own agents and integrate multiple tools.
How AI should focus on eliminating routine tasks like phishing email analysis rather than trying to catch advanced persistent threats.
The framework for implementing AI tools by starting with business outcomes, defining metrics, identifying capabilities, and then inserting automation.