Guest:

• Manija Poulatova, Director of Security Engineering and Operations at Lloyd's Banking Group

Topics:

• SIEM migration is hard, and it can take ages. Yours was - given the scale and the industry - on a relatively short side of 9 months. What’s been your experience so far with that and what could have gone faster? 
• Anton might be a “reformed” analyst but I can’t resist asking a three legged stool question: of the people/process/technology aspects, which are the hardest for this transformation? What helped the most in solving your big challenges? 
• Was there a process that people wanted to keep but it needed to go for the new tool?
• One thing we talked about was the plan to adopt composite alerting techniques and what we’ve been calling the “funnel model” for detection in Google SecOps. Could you share what that means and how your team is adopting? 
• There are a lot of moving parts in a D&R journey from a process and tooling perspective, how did you structure your plan and why?
• It wouldn’t be our show in 2025 if I didn’t ask at least one AI question!  What lessons do you have for other security leaders preparing their teams for the AI in SOC transition? 

Resources:

• EP234 The SIEM Paradox: Logs, Lies, and Failing to Detect
• EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective
• EP231 Beyond the Buzzword: Practical Detection as Code in the Enterprise
• EP184 One Week SIEM Migration: Fact or Fiction?
• EP125 Will SIEM Ever Die: SIEM Lessons from the Past for the Future
• EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025
• “Maverick” — Scorched Earth SIEM Migration FTW! blog
• “Hack the box” site