Beyond the Alert

By Dropzone AI

Beyond the Alert features security operations leaders and SOC professionals sharing battle-tested insights on scaling security capabilities, managing high-performing teams, and leveraging emerging tec... more

· Technology

Download on the App Store

Download on the App Store

Get it on Google Play

FAQs about Beyond the Alert:

How many episodes does Beyond the Alert have?

The podcast currently has 8 episodes available.

Beyond the Alert episodes:

November 06, 2025TransUnion's Eder Ribeiro on Teaching "Barney Style" and with Empathy
When seven different responders and law firms were thrown into the same ransomware negotiation chat by a threat actor, Eder Ribeiro, Director of Global Incident Response at TransUnion, it became his framework for managing global incident response: map the data, map the people, and look as holistically as possible before acting. To do this, executive trust must be built long before the 3AM phone call requiring million-dollar decisions. Eder breaks down complex security issues "Barney style" and with empathy, remembering that instruction works best when adapted to how the audience receives it, not how the teacher wants to give it.
For emerging AI risks, he's tracking prompt injection as the attack vector that creates a more linear path to data, particularly in enterprise bundle add-ons that sit in the gray zone between public tools and properly isolated solutions. When investigations spiral, he returns to "control the controllables," reset without finger-pointing, and compress what should take weeks into days. His military-informed leadership philosophy centers on generating agency and freedom for his team, accepting that incident response inherently lacks balance and compensating through daily autonomy.
Topics Discussed:
Learning holistic incident response through multi-responder ransomware coordination requiring collaboration
Building executive trust through "Barney style" communication that adapts technical concepts to how leadership receives information
Developing IR leaders through time-based training requiring exposure to diverse stakeholder reactions rather than seeking unicorn hires
Mapping both data and people as critical incident response variables beyond traditional digital tooling and endpoint visibility
Controlling the controllables during spiraling incidents by resetting without blame and compressing investigation timelines
Tracking prompt injection as emerging AI attack vector creating linear data access paths through enterprise bundle add-ons
Generating agency and freedom as leadership philosophy compensating for incident response's inherent lack of work-life balance
Retraining security awareness beyond grammar errors as AI-powered phishing eliminates traditional detection indicators
Listen to more episodes:
Apple
Spotify
YouTube
...more
27min
October 23, 2025Cyderes’ Stephen Fridakis on Why IT & CISOs Are the Moon (They Reflect)
Cyderes' CISO in Residence Stephen Fridakis’s vulnerability management framework rejects the "list problem" mindset — scan, report, patch what you can — in favor of contextual risk assessment. His approach asks four critical questions: Is this vulnerability applicable to my environment? Can it actually be exploited? Will exploitation expose sensitive data? This methodology allowed his teams to deprioritize even critical vulnerabilities like Log4J when they existed in inaccessible systems with no valuable data, redirecting resources to genuinely exploitable exposures.
During a suspected ransomware incident at a major media company, Stephen made the call to force overnight MFA and rotate all passwords across the entire ecosystem without email access since it was compromised. Production teams were frustrated, help desk tickets surged, but they didn't miss a single millisecond of production schedules. His decision-making framework centers on three elements: what happened (in human language, not technical jargon), what's at stake (customer data, operations, downtime), and the likelihood plus consequences of inaction. Security, he argues, should reflect the mission like the moon reflects the sun: never the star of the show, but essential to protect what matters.

Topics Discussed:
Transforming vulnerability management from list-based scanning and patching into contextual risk assessment.
Distinguishing compliance from security by recognizing that audit sampling validates controls but misses components outside scope.
Rejecting tool proliferation as defense-in-depth strategy and instead building layered security through synergistic people, processes, and technology integration.
Building high-performing SOC teams that investigate anomalies beyond deterministic rules and connect subtle signals.
Implementing AI for SOC operations as augmentation tools requiring explainability, bias awareness, and validation.
Preserving human roles in AI-augmented security for business judgment, intent interpretation, executive communication, ethics, and incident response creativity.
Adapting security strategy across industries by understanding mission-critical time components that determine when data controls must shift and adjust.
Communicating cyber risk to executives using business language focused on events, impact in dollars and downtime, assets at stake, and likelihood of consequences.
Listen to more episodes:
Apple
Spotify
YouTube
...more
33min
October 02, 2025Vulnerable U’s Matt Johansen on Capturing Cybersecurity's Authentic Voice
Matt Johansen, Founder of Vulnerable U, built a following of 133,000 cybersecurity professionals by abandoning corporate messaging for authentic practitioner-to-practitioner communication. His systematic approach combines daily content creation with AI workflows that transform security operations. This proves his "humans to the power of AI" framework, where teams multiply capabilities without losing the human insight that threat actors can't replicate.
Matt's transition from finance industry silence to social media leadership offers a blueprint for cybersecurity professionals who want to share knowledge without corporate constraints. His routine of content creation — recording daily videos for over 2 years — demonstrates how consistency beats perfection when building industry influence.

Topics Discussed:
Building authentic cybersecurity influence through daily content creation and practitioner-to-practitioner communication.
Implementing Claude, Obsidian, and Whisper AI workflows for voice-to-research automation using GitHub issues to trigger autonomous investigation.
Overcoming cybersecurity AI resistance by testing new models weekly rather than dismissing tools based on outdated experiences.
Achieving sub-30-minute incident response times through natural language AI queries that eliminate variable name and IP lookups.
Applying "systems not goals" framework to SOC operations by removing superhero dependencies and building automated processes.
Creating vulnerability-focused content that addresses mental health challenges and burnout endemic to cybersecurity professionals through authentic storytelling.
Using AI as a communication thought partner for security teams struggling to articulate budget requests and demonstrate value.
Transitioning from finance industry PR restrictions to social media leadership by leveraging Instagram's untapped cybersecurity practitioner audience.
Listen to more episodes:
Apple
Spotify
YouTube
...more
40min
September 18, 2025ThoughtSpot's Alessio Faiella on Measuring Real ROI from AI Security Tools
Alessio Faiella, Sr. Director of Security Engineering at ThoughtSpot, sees security teams making the same mistakes with AI that they've made with every new technology: rushing to implement without understanding the fundamentals. He's learned that the most effective AI security deployments come from teams who first attempt to build solutions internally. His approach of running 30-day AI hackathons reveals whether problems are worth solving and helps teams evaluate vendor claims with real experience.
He's also developed an RPG-style unlock system for AI tool access, requiring junior analysts to master manual investigation techniques before gaining access to AI-powered capabilities. Alessio warns that traditional 2- to 3-year security roadmaps have become obsolete in an ecosystem evolving so rapidly. The result is a practical framework that cuts through AI marketing noise to focus on measurable outcomes like reduced analyst burnout and improved team velocity.
Topics Discussed:
The three critical misconceptions security leaders have about AI threat detection, including over-reliance on traditional metrics.
Why internal AI hackathons serve as the best vendor evaluation tool, revealing the gap between prototypes and production-ready systems.
The build-versus-buy decision framework applied to AI security tools, focusing on functional goals and vendor trustworthiness.
How AI hype differs from measurable value in security operations, with practical metrics centered on time savings and analyst satisfaction.
The RPG unlock system approach to training junior security analysts, requiring mastery of manual techniques before gaining AI tools.
Why experiencing alert fatigue and false positive investigations builds essential security intuition that AI-first analysts may never develop.
The evolution toward autonomous SOC operations through orchestrated agent systems rather than fully autonomous solutions.
Practical ROI measurement strategies for AI security implementations, combining qualitative assessment of analyst satisfaction with quantitative velocity metrics.
The enterprise adoption patterns emerging across the AI security vendor landscape, from basic chatbot integrations to sophisticated agentic automation platforms.
Listen to more episodes:
Apple
Spotify
YouTube
...more
29min
September 04, 2025Rezliant Inc.'s Brook Schoenfield on AI Error Rates vs Human SOC Analysis
Brook Schoenfield, Chief Scientist and EVP of Services at Rezliant Inc., brings decades of security architecture experience to explain why SOCs function as the ultimate firewall when all other defenses fail. His mathematical framework for understanding software vulnerabilities reveals why human expertise remains irreplaceable in modern threat detection.
Brook demonstrates how sophisticated attackers exploit the inevitable failure points in software-based security controls. His insights challenge the notion that SOC work is purely reactive, positioning it instead as the critical last defense that can save or destroy entire organizations.
Topics Discussed:
The mathematical impossibility of finding every software bug, rooted in Alan Turing's 1936 proof.
How reverse engineering tools have evolved from primitive to sophisticated, making system exploitation trivial by comparison.
Why the progression from initial breach signals to deeper compromise indicators creates decreasing noise levels.
The fundamental difference between AI probabilistic error rates and human variable performance factors.
Strategic approaches to signal-versus-noise differentiation that focus on behavioral patterns unique to malicious activities.
The training-ground value of SOC analyst positions as entry points into cybersecurity careers, developing valuable pattern recognition skills.
How targeted machine learning models outperform general-purpose AI systems for specific security tasks by maintaining smaller error rates.
The critical importance of human creativity and nonlinear analytical thinking for detecting subtle attack progressions.
Why organizations need both advanced AI pattern recognition capabilities and experienced human oversight.
Listen to more episodes:
Apple
Spotify
YouTube
...more
33min
August 21, 2025TALAS Security’s Paul Marco on the Four Data Types Every Security Investigation Needs
Paul Marco, Co-founder of TALAS Security, challenges the assumption that effective security operations follow a universal playbook. His decades of hands-on SOC experience reveal that the most successful teams customize their approach based on organizational context rather than copying industry templates. Paul's methodology for complex security environments centers on four critical data requirements that enable any investigation to reach definitive conclusions.
He explains how AI creates unprecedented consistency in security operations while emphasizing why human expertise remains irreplaceable for contextual decision-making. Paul also offers practical strategies for maximizing existing security tool capabilities, building trust in AI-powered solutions, and preparing for the inevitable AI arms race between defenders and attackers.
Topics Discussed:
Why world-class security operations require customized approaches based on organizational risk appetite, tooling, and talent.
The four essential data types for security investigations: telemetry for lateral movement tracking, attribution for account understanding, comprehensive asset inventory, and detailed event data.
How security teams consistently underutilize existing tool capabilities by purchasing solutions for single problems.
The vendor evaluation trap where teams enter demos without clear requirements and ask "what problems can this solve" instead of defining specific needs first.
AI's impact on investigation consistency, enabling standardized analytical narratives while preserving necessary human expertise.
The importance of transparency in AI security tools and why "black box" solutions create unacceptable risk in high-stakes environments.
Practical strategies for establishing baselines in chaotic security environments without immediately dismantling existing processes and alienating teams.
The hypothesis-driven investigation methodology that separates successful security analysts from those who get stuck in inconclusive alert cycles.
Budget reallocation tactics for implementing AI solutions in resource-constrained environments.
Why domain expertise matters more than pure AI capabilities when evaluating security automation vendors and their long-term viability.
The emerging AI agent ecosystem in security operations and the trust challenges that come with interconnected automated decision-making systems.
How the speed of AI-powered attacks is forcing security teams to adopt AI defenses or risk becoming the preferred targets for threat actors.
Listen to more episodes:
Apple
Spotify
YouTube
...more
46min
August 06, 2025Theory Ventures' Andy Triedman on AI-Native vs AI-Feature Teams
Andy Triedman, Partner at Theory Ventures, argues that AI is reshaping not just security capabilities, but the entire business model of security companies. Unlike traditional "insurance-style" security products that were difficult to evaluate quantitatively, AI-enabled platforms provide clear scoreboards that buyers can use to measure effectiveness, speed, and cost efficiency. This shift from relationship-based to results-based evaluation advantages product-led teams with genuine AI-native expertise over traditional sales-driven organizations.

With a background spanning computational neuroscience and machine learning, Andy brings a unique perspective on how AI transforms both attack and defense capabilities. He explains why security presents particularly compelling investment opportunities due to the perpetual attacker-defender dynamic and the chronic information overload that defines security operations. He also shares frameworks for distinguishing between teams that truly understand AI-native development versus those that added AI features after LLMs emerged.
Topics Discussed:
How AI transforms security products from insurance-style solutions to measurable automation platforms with clear performance scoreboards.
The shift from relationship-based to results-based security sales as buyers can now verify AI system effectiveness in production environments.
Why security operations present ideal AI investment opportunities due to chronic information overload and the need to process high-volume, low-value alerts.
Framework for evaluating AI-native founder understanding of non-determinism and experimental development processes rather than traditional sprint planning.
The distinction between teams with genuine AI-native expertise versus those that retrofitted existing products with AI features after LLM emergence.
Token economics and value creation ratios in AI security, comparing problems that require thousands versus millions of tokens to generate customer value.
Most overhyped AI security capabilities including fully autonomous security, AI penetration testing, and AI system security solutions.
Team structure evolution for AI-native companies, with dramatically leaner engineering teams using AI-assisted development while maintaining traditional go-to-market functions.
Data quality requirements for AI security systems, emphasizing the need for representative training data versus cosmetic synthetic data generation.
Pitch deck evolution for AI startups, focusing on technical architecture clarity and deep workflow understanding rather than broad total addressable market claims.
Investment strategy implications including using venture capital to finance gross margin neutral or negative products for accelerated adoption and growth.
How AI enables security teams to transition from reactive triage work to proactive threat hunting and security engineering initiatives.
Listen to more episodes:
Apple
Spotify
YouTube
...more
32min
July 07, 2025FanDuel's Tyler Martin on 70% Automation Without Losing Human Oversight
In our inaugural episode of Beyond the Alert, we explore how Tyler Martin, Senior Director of Enterprise Security Engineering and Operations at FanDuel, has reimagined what a modern SOC can accomplish when AI becomes the foundation rather than an add-on tool. His team eliminated traditional shift-based operations entirely, replacing 30-40 potential analyst positions with custom agentic AI that delivers 60-70% automation efficiency while maintaining critical human oversight for complex threats.
Tyler's approach challenges conventional security thinking by treating AI implementation as an engineering problem rather than a defensive strategy. His team has built internal LLMs, developed custom agentic AI for multi-tier triage work, and created reasoning-based security controls that go beyond typical identity-focused guardrails.
Our host, Anne Gotay, VP of Growth at Dropzone AI, will dive deep into investigation techniques, leadership strategies, and how emerging technologies are transforming security operations through authentic conversations with practitioners who are redefining modern security.
Topics Discussed:
How custom agentic AI replaced traditional shift-based SOC operations while achieving 60-70% automation efficiency.
The evolution from defender mindset to builder mentality in security leadership, treating AI implementation as an engineering challenge rather than a risk management exercise.
Advanced AI guardrail strategies that focus on reasoning-based controls rather than traditional identity-focused security measures for internal LLM implementations.
How measuring mean time to detect and mean time to remediate provides better AI effectiveness metrics than traditional ticket volume and closure rate measurements.
The industry-wide hesitancy around AI adoption despite proven benefits, including uncertainty around emerging protocols like MCP and preference for restrictive rather than enabling approaches.
Why treating security as an enabler for employee productivity drives better AI adoption outcomes than implementing blanket restrictions.
How building custom middleware and integration tools addresses the persistent gap between security tooling abundance and actual operational workflow needs.
Listen to more episodes:
Apple
Spotify
YouTube
...more
27min

FAQs about Beyond the Alert:

How many episodes does Beyond the Alert have?

The podcast currently has 8 episodes available.