Cloud Security Podcast

Building a SOC Team in 2024 - Automation & AI

Oct 15, 2024

Allie Mellen, a Principal Analyst at Forrester Research, dives into the future of Security Operations Centers (SOCs) and the role of AI in cybersecurity. She argues that Cloud Detection Response may be fading and critiques the current hype around generative AI, stressing that automation will never fully replace human analysts. The discussion highlights the burnout among security teams, the necessity of adopting detection engineering, and the importance of continuous learning and mentorship to empower SOC analysts.

56:25

Creator website

Episode guests

Allie Mellen

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Generative AI in security operations is viewed with skepticism due to unmet expectations, highlighting the need for clearer practical applications.

The evolution from EDR to XDR emphasizes a shift towards integrated threat detection capabilities across endpoints, networks, and cloud data.

Prioritizing analyst experience and creating a supportive work environment is crucial for retention and effectiveness within SOC teams.

Deep dives

Disillusionment with Generative AI in Security Operations

Generative AI has faced significant skepticism within security operations, in contrast to its prevalent discussions at prior conferences. Many security professionals express disillusionment due to unmet expectations, as several demonstrations have overpromised and underdelivered. The podcast highlights that while generative AI can enhance security operations, particularly in automating tasks, practitioners often struggle to find practical applications for it. A significant challenge is the lack of clear direction on how to effectively engage with these AI tools, leading to confusion about what questions to ask them.

Intro

3min

Navigating Security Operations: Insights from a Principal Analyst

3min

Exploring EDR and the Evolution to XDR in Cybersecurity

2min

Navigating AI in Cybersecurity Operations

17min

Building Effective Security Operations Centers

19min

Bridging Security Training Gaps

10min

Life Choices and Culinary Delights

2min

Dining Preferences and Podcast Connections

2min

What is the future of SOC? In this episode Ashish sat down with Allie Mellen, Principal Analyst at Forrester, to explore the current state of security operations and the evolving role of AI in cybersecurity. Allie spoke about why Cloud Detection Response (CDR) might be dead, how Generative AI is failing to live up to its hype in security use cases, and why automation will never fully replace human security analysts.

We get into the challenges faced by SOC teams today, the burnout issue among security analysts, and how adopting detection engineering and eliminating the outdated structures could transform the way security teams operate.

Guest Socials:⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠Allie's Linkedin

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp

Questions asked:

(00:00) Introduction

(02:48) A bit about Allie

(03:13) The role of analysts in cybersecurity

(05:56) What is EDR?

(06:30) What is XDR?

(08:42) The impact of GenAI

(10:19) How is GenAI going to impact SOAR?

(14:52) Where to start with SOC?

(24:08) Starting to build your SOC team

(27:32) How SOC should respond to new technology?

(31:48) Expectations from Managed SOC providers

(35:16) Detection challenges for Hybrid Environments

(38:01) Level 2 and 3 SOC in new world

(42:37) What training is required for the SOC team?

(48:49) How will this space evolve?

(51:48) The Fun Questions

Resources spoken about during the interview:

Cloud Detection and Response Tools Do Not Exist

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Cloud Security Podcast

Building a SOC Team in 2024 - Automation & AI

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Disillusionment with Generative AI in Security Operations

Challenges in Building and Managing SOC Teams

The Evolution of EDR to XDR

The Importance of Analyst Experience in Security Operations

Finding Success in Hybrid Environments

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Cloud Security Podcast

Building a SOC Team in 2024 - Automation & AI

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Disillusionment with Generative AI in Security Operations

Challenges in Building and Managing SOC Teams

The Evolution of EDR to XDR

The Importance of Analyst Experience in Security Operations

Finding Success in Hybrid Environments

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights