Sign up to save your podcasts
Or
Share The commodity vs. custom threat split: How automation reshapes SOC work | Allen Carter
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The commodity vs. custom threat split: How automation reshapes SOC work | Allen Carter
Allen Carter, former Director of IT Security Operations, ran security operations at Gilead Sciences for a decade, building three teams including a global SOC across India, the UK, and multiple US locations. He developed an approach to burnout prevention where managers function as coaches who spot which team members are "struggling with a twisted ankle" before exhaustion hits,. When onboarding SOAR to automate repetitive alerts, his team saw the technology as a relief, but the implementation work to eliminate false positives nearly burned them out. He learned to celebrate the completion milestone explicitly to maintain morale through the grind.
Allen's incident reporting framework separates security from IT incidents. Whereas IT outages demand "all hands on deck," security incidents require controlled information flow; the wrong person panicking early can trigger a cascade worse than the breach itself. His dual template system keeps operational details within security while board-level reports stay sanitized. He also touches on how, for technology evaluation in pharma R&D environments, less than half of out-of-the-box vendor alerts proved useful. His OT/IoT deployment went operational with massive data volumes that weren't actionable, forcing reactive tuning. Vendor relationships that prioritize understanding your non-commodity threats outweigh feature matrices.
Topics Discussed:
Building institutional training programs that create visible advancement pathways for SOC analysts beyond graveyard shift roles
Implementing manager-as-coach models to identify team member burnout signals before exhaustion impacts performance and retention
Distinguishing security vs IT incident response through controlled information flow versus all-hands-on-deck escalation approaches
Creating dual incident reporting templates that maintain operational details internally while providing board-optimized communication
Evaluating security tech vendors based on relationship quality and non-commodity threat understanding, not feature matrix comparisons
Managing post-deployment tuning for OT/IoT monitoring to filter unusable industrial control data in operational environments
Addressing clinical trial security risks where third-party hospital breaches can invalidate months of patient treatment data
Hiring SOC analysts with deep technical networking knowledge over candidates with security certifications but shallow IT foundations
Listen to more episodes:
Apple
Spotify
YouTube
View all episodes
By Dropzone AIAllen Carter, former Director of IT Security Operations, ran security operations at Gilead Sciences for a decade, building three teams including a global SOC across India, the UK, and multiple US locations. He developed an approach to burnout prevention where managers function as coaches who spot which team members are "struggling with a twisted ankle" before exhaustion hits,. When onboarding SOAR to automate repetitive alerts, his team saw the technology as a relief, but the implementation work to eliminate false positives nearly burned them out. He learned to celebrate the completion milestone explicitly to maintain morale through the grind.
Allen's incident reporting framework separates security from IT incidents. Whereas IT outages demand "all hands on deck," security incidents require controlled information flow; the wrong person panicking early can trigger a cascade worse than the breach itself. His dual template system keeps operational details within security while board-level reports stay sanitized. He also touches on how, for technology evaluation in pharma R&D environments, less than half of out-of-the-box vendor alerts proved useful. His OT/IoT deployment went operational with massive data volumes that weren't actionable, forcing reactive tuning. Vendor relationships that prioritize understanding your non-commodity threats outweigh feature matrices.
Topics Discussed:
Building institutional training programs that create visible advancement pathways for SOC analysts beyond graveyard shift roles
Implementing manager-as-coach models to identify team member burnout signals before exhaustion impacts performance and retention
Distinguishing security vs IT incident response through controlled information flow versus all-hands-on-deck escalation approaches
Creating dual incident reporting templates that maintain operational details internally while providing board-optimized communication
Evaluating security tech vendors based on relationship quality and non-commodity threat understanding, not feature matrix comparisons
Managing post-deployment tuning for OT/IoT monitoring to filter unusable industrial control data in operational environments
Addressing clinical trial security risks where third-party hospital breaches can invalidate months of patient treatment data
Hiring SOC analysts with deep technical networking knowledge over candidates with security certifications but shallow IT foundations
Listen to more episodes:
Apple
Spotify
YouTube