EP263 SOC Refurbishing: Why New Tools Won't Fix Broken Processes (Even With AI)
Update: 2026-02-16
Description
Guest:
- Daniel Lyman, VP of Threat Detection and Response, Fiserv
Topics:
- What is the right way for people to bridge the gap and translate executive dreams and board goals into the reality of life on the ground?
- How do we talk to people who think they have "transformed" their SOC simply by buying a better, shinier product (like a modern SIEM) while leaving their old processes intact?
- What are the specific challenges and advantages you've seen with a federated SOC versus a centralized one? What does a "federated" or "sub-SOC" model actually mean in practice?
- Why is the message that "EDR doesn't cover everything" so hard for some people to hear? Is this obsession with EDR a business decision or technology debt?
- How do you expect AI to change the calculus around data centralization versus data federation?
- What is your favorite example of telemetry that is useful, but usually excluded from a SIEM?
- What are the Detection and Response organizational metrics that you think are most valuable?
- Is the continued use of Excel an issue of tooling, laziness, or just because it is a fundamentally good way to interact with a small database?
Resources:
- Video version
- "In My Time of Dying" book
- EP258 Why Your Security Strategy Needs an Immune System, Not a Fortress with Royal Hansen
- EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective
- The Gravity of Process: Why New Tech Never Fixes Broken Process and Can AI Change It? blog
Comments
In Channel
Download from Google Play
Download from App Store
United States00:00
00:00
x
