EP263 SOC Refurbishing: Why New Tools Won't Fix Broken Processes (Even With AI)
Guest:
Daniel Lyman, VP of Threat Detection and Response, Fiserv
Topics:
What is the right way for people to bridge the gap and translate executive dreams and board goals into the reality of life on the ground?
How do we talk to people who think they have "transformed" their SOC simply by buying a better, shinier product (like a modern SIEM) while leaving their old processes intact?
What are the specific challenges and advantages you've seen with a federated SOC versus a centralized one? What does a "federated" or "sub-SOC" model actually mean in practice?
Why is the message that "EDR doesn't cover everything" so hard for some people to hear? Is this obsession with EDR a business decision or technology debt?
How do you expect AI to change the calculus around data centralization versus data federation?
What is your favorite example of telemetry that is useful, but usually excluded from a SIEM?
What are the Detection and Response organizational metrics that you think are most valuable?
Is the continued use of Excel an issue of tooling, laziness, or just because it is a fundamentally good way to interact with a small database?
Resources:
Video version
"In My Time of Dying" book
EP258 Why Your Security Strategy Needs an Immune System, Not a Fortress with Royal Hansen
EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective
The Gravity of Process: Why New Tech Never Fixes Broken Process and Can AI Change It? blog
EP263 SOC Refurbishing: Why New Tools Won't Fix Broken Processes (Even With AI)
Guest:
Daniel Lyman, VP of Threat Detection and Response, Fiserv
Topics:
What is the right way for people to bridge the gap and translate executive dreams and board goals into the reality of life on the ground?
How do we talk to people who think they have "transformed" their SOC simply by buying a better, shinier product (like a modern SIEM) while leaving their old processes intact?
What are the specific challenges and advantages you've seen with a federated SOC versus a centralized one? What does a "federated" or "sub-SOC" model actually mean in practice?
Why is the message that "EDR doesn't cover everything" so hard for some people to hear? Is this obsession with EDR a business decision or technology debt?
How do you expect AI to change the calculus around data centralization versus data federation?
What is your favorite example of telemetry that is useful, but usually excluded from a SIEM?
What are the Detection and Response organizational metrics that you think are most valuable?
Is the continued use of Excel an issue of tooling, laziness, or just because it is a fundamentally good way to interact with a small database?
Resources:
Video version
"In My Time of Dying" book
EP258 Why Your Security Strategy Needs an Immune System, Not a Fortress with Royal Hansen
EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective
The Gravity of Process: Why New Tech Never Fixes Broken Process and Can AI Change It? blog