Sign up to save your podcasts
Or
Share Buy vs. Build AI Security: Why [Box.com](http://Box.com) CISO is Creating their Own Agentic SOC
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Buy vs. Build AI Security: Why [Box.com](http://Box.com) CISO is Creating their Own Agentic SOC
If your AI solution is just helping humans process the same amount of alerts a little faster, you haven't transformed anything, you've just created a faster hamster wheel.In this episode, Ashish and Caleb speak with Heather Ceylan, CISO at Box.com, about how she is leading a true, developer-first AI transformation within her security organization . Heather reveals the five strategic "AI Bets" Box is making. We dive into the reality of building an AI SOC, discussing how Box achieved a 38% automated triage rate for Tier 1 alerts, and why teaching AI not to hallucinate requires treating prompts like strict policy engines .The conversation also tackles the build vs. buy dilemma. Heather explains why she prefers to have her team build custom AI solutions (at least until vendors can out-innovate her engineers) and shares her biggest disappointment when evaluating AI security startups
Questions asked:
(00:00) Introduction(02:50) Who is Heather Ceylan? (CISO at Box.com) (04:20) Transformation vs. Acceleration: Eliminating Classes of Work (06:00) Building an AI SOC: Achieving 38% Automated Triage (07:20) Controlling Hallucinations: Prompts as Policy Engines (09:30) The Buy vs. Build Debate for CISOs (14:00) Why Security Architecture Must Be Machine Consumable (16:50) The Problem with 3rd Party Risk Management (18:20) Box's "5 AI Bets" Framework (21:30) Will AI Replace SOC Analysts? Why Teams Are Embracing the Change (23:50) Continuous Pen Testing & Evaluating AI Startups (26:30) The Biggest Pitching Mistake Startups Make with CISOs (30:20) Shadow AI: When the Business Starts Building Its Own Apps (37:30) Personalized Software: The LEGO Brick Model of Security Agents (41:50) Fun Questions: Crocodile Jerky and Tim Tam Slams (44:20) Hobbies & Family: Raising Two Boys and Surviving the Chaos (45:30) Favorite Restaurant: Meyhouse (Turkish Cuisine in Palo Alto)
Resources discussed during the episode:
- Heather's LinkedIn Newsletter
- Heather's post RSA blog
- 5 Big AI Bets
- https://blog.box.com/big-cybersecurity-bets-part1
- https://blog.box.com/big-cybersecurity-bets-part-2
- https://blog.box.com/big-security-bet-3-ai-redefines-vulnerability-management
- https://blog.box.com/5-big-cybersecurity-bets-4-scaling-security-architecture-ai-first-world
- https://blog.box.com/5-big-cybersecurity-bets-continuous-adversarial-validation
View all episodes
By TechRiot.io
4.9
99 ratings
If your AI solution is just helping humans process the same amount of alerts a little faster, you haven't transformed anything, you've just created a faster hamster wheel.In this episode, Ashish and Caleb speak with Heather Ceylan, CISO at Box.com, about how she is leading a true, developer-first AI transformation within her security organization . Heather reveals the five strategic "AI Bets" Box is making. We dive into the reality of building an AI SOC, discussing how Box achieved a 38% automated triage rate for Tier 1 alerts, and why teaching AI not to hallucinate requires treating prompts like strict policy engines .The conversation also tackles the build vs. buy dilemma. Heather explains why she prefers to have her team build custom AI solutions (at least until vendors can out-innovate her engineers) and shares her biggest disappointment when evaluating AI security startups
Questions asked:
(00:00) Introduction(02:50) Who is Heather Ceylan? (CISO at Box.com) (04:20) Transformation vs. Acceleration: Eliminating Classes of Work (06:00) Building an AI SOC: Achieving 38% Automated Triage (07:20) Controlling Hallucinations: Prompts as Policy Engines (09:30) The Buy vs. Build Debate for CISOs (14:00) Why Security Architecture Must Be Machine Consumable (16:50) The Problem with 3rd Party Risk Management (18:20) Box's "5 AI Bets" Framework (21:30) Will AI Replace SOC Analysts? Why Teams Are Embracing the Change (23:50) Continuous Pen Testing & Evaluating AI Startups (26:30) The Biggest Pitching Mistake Startups Make with CISOs (30:20) Shadow AI: When the Business Starts Building Its Own Apps (37:30) Personalized Software: The LEGO Brick Model of Security Agents (41:50) Fun Questions: Crocodile Jerky and Tim Tam Slams (44:20) Hobbies & Family: Raising Two Boys and Surviving the Chaos (45:30) Favorite Restaurant: Meyhouse (Turkish Cuisine in Palo Alto)
Resources discussed during the episode:
- Heather's LinkedIn Newsletter
- Heather's post RSA blog
- 5 Big AI Bets
- https://blog.box.com/big-cybersecurity-bets-part1
- https://blog.box.com/big-cybersecurity-bets-part-2
- https://blog.box.com/big-security-bet-3-ai-redefines-vulnerability-management
- https://blog.box.com/5-big-cybersecurity-bets-4-scaling-security-architecture-ai-first-world
- https://blog.box.com/5-big-cybersecurity-bets-continuous-adversarial-validation
More shows like AI Security Podcast
View all
The a16z Show
1,105 Listeners
Risky Business
371 Listeners
CyberWire Daily
1,028 Listeners
Invest Like the Best with Patrick O'Shaughnessy
2,342 Listeners
NVIDIA AI Podcast
343 Listeners
Cybersecurity Today
175 Listeners
Practical AI
212 Listeners
Google DeepMind: The Podcast
203 Listeners
Cloud Security Podcast
57 Listeners
All-In with Chamath, Jason, Sacks & Friedberg
10,254 Listeners
Cybersecurity Headlines
139 Listeners
Cloud Security Podcast by Google
40 Listeners
Honestly with Bari Weiss
8,447 Listeners
The AI Daily Brief: Artificial Intelligence News and Analysis
688 Listeners
AI + a16z
34 Listeners