Sign up to save your podcasts
Or
Share From Manual Alert Triage To Autonomous Security Operations
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
From Manual Alert Triage To Autonomous Security Operations
Interested in being a guest? Email us at [email protected]
Manual SOC work is collapsing under its own weight. After RSAC, we sit down with Dave Mcginnis, who leads IBM Consulting’s threat management practice, to get brutally practical about what “autonomous security operations” really means when you strip away the marketing. The headline is simple: humans can’t be the bottleneck in threat monitoring anymore, and “AI-assisted” alert triage won’t cut it when machines can generate more detections than teams can ever click through.
We talk through the hard parts that decide whether autonomous SOC automation helps or harms: investigation depth, evidence, and accountability. Dave explains why the new problem isn’t finding a needle in a haystack, it’s finding a needle in a stack of needles and why autonomous investigation has to examine every IP, domain, email, and hash, then document the reasoning for forensics. From there, we explore how response can move past traditional SOAR runbooks toward agents that can connect directly to identity systems, cloud controls, and application platforms.
The conversation also turns to people and risk. What happens to SOC roles when tier-one work fades, where domain expertise still matters, and why tuning, threat intelligence, and integration become the real jobs. Finally, we look at the uncomfortable truth: adversaries use generative AI too, lowering the barrier to sophisticated attacks. If you’re building a modern cybersecurity program, this is a roadmap for thinking end to end, not tool by tool.
Subscribe for more, share this with a security leader on your team, and leave a review with your biggest question about autonomous security operations.
Practical strategies to turn your podcast into a business growth engine.
Listen on: Apple Podcasts Spotify
Support the show
More at https://linktr.ee/EvanKirstel
View all episodes
By Evan KirstelInterested in being a guest? Email us at [email protected]
Manual SOC work is collapsing under its own weight. After RSAC, we sit down with Dave Mcginnis, who leads IBM Consulting’s threat management practice, to get brutally practical about what “autonomous security operations” really means when you strip away the marketing. The headline is simple: humans can’t be the bottleneck in threat monitoring anymore, and “AI-assisted” alert triage won’t cut it when machines can generate more detections than teams can ever click through.
We talk through the hard parts that decide whether autonomous SOC automation helps or harms: investigation depth, evidence, and accountability. Dave explains why the new problem isn’t finding a needle in a haystack, it’s finding a needle in a stack of needles and why autonomous investigation has to examine every IP, domain, email, and hash, then document the reasoning for forensics. From there, we explore how response can move past traditional SOAR runbooks toward agents that can connect directly to identity systems, cloud controls, and application platforms.
The conversation also turns to people and risk. What happens to SOC roles when tier-one work fades, where domain expertise still matters, and why tuning, threat intelligence, and integration become the real jobs. Finally, we look at the uncomfortable truth: adversaries use generative AI too, lowering the barrier to sophisticated attacks. If you’re building a modern cybersecurity program, this is a roadmap for thinking end to end, not tool by tool.
Subscribe for more, share this with a security leader on your team, and leave a review with your biggest question about autonomous security operations.
Practical strategies to turn your podcast into a business growth engine.
Listen on: Apple Podcasts Spotify
Support the show
More at https://linktr.ee/EvanKirstel