SuperSOC: Conversations with the People Shaping the Future of Security Operations – Détails, épisodes et analyse

Is your SOC ready for the new era of GenAI attacks?

In this episode, Ahmed Achchak sits down with Jai Minton, Senior Manager of Hunt & Response at Huntress, to break down how attackers consistently bypass even “mature” SOCs by abusing legitimate tools, blending into normal behavior, and operating in places defenders rarely monitor closely.

This conversation is for SOC leaders who want to understand:

→ Which intrusion patterns slip past EDR and SIEM without triggering alerts

→ Where telemetry is silently missing, shallow, or unusable when it matters

→ Why malware-free attacks are harder to catch than most teams expect

→ How weak signals can reveal early-stage intrusions, if you know how to connect them

→ What detection strategies no longer scale against how attackers operate today

Agenda

00:00 – Why SOC blind spots still exist

00:58 – Intrusion patterns that evade even mature SOCs

03:09 – Why context is the real detection problem

04:01 – Telemetry SOCs think they have (but actually don’t)

05:48 – Why logs are missing in the first place

07:00 – The weak signals attackers can’t avoid

08:19 – Can detection of weak signals actually scale?

10:20 – AI on offense: what SOCs are unprepared for

13:48 – Structural detection failures hunters see everywhere

14:45 – Redesigning detection for how attackers operate today

Follow Jai Minton on LinkedIn: https://www.linkedin.com/in/jaiminton/

Follow Ahmed Achchak on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/

Stay tuned for updates from Qevlar AI: https://www.linkedin.com/company/qevlar

Curious how Qevlar AI helps SOCs connect weak signals and surface real intrusions earlier? Head to: qevlar.com

Most enterprises talk about unifying IT, OT and cloud security, but very few actually pull it off. In this episode, Ahmed has invited Daniel Kästle, former Head of Cyber Defense at Mercedes-Benz, to break down what it really takes to move from three isolated security worlds to a risk-driven cyber defense capability.

You’ll discover:

→ Why IT, OT and cloud security remain stubbornly siloed, and why the real blockers have nothing to do with tools.

→A practical blueprint for building interoperability without chaos, even when threat models and data formats differ wildly.

→ Why no vendor will ever give you the mythical one platform for everything, and what unified visibility actually means in real life.

→ How some organizations successfully build teams that understand all three environments without hiring unicorn analysts.

→ The governance decisions that matter most when you need to isolate systems or contain fast-moving attacks

→ Why retention is Daniel’s surprising north-star metric for SOC health.

Agenda

00:00 – Introduction: Why unifying IT, OT, and cloud still feels impossible

02:03 – The real reason these environments stay siloed (not a tooling problem)

03:29 – Why the term SOC no longer reflects what modern teams actually do

04:42 – What unified visibility realistically looks like and where it stops

06:45 – Why a single platform can never cover IT, OT, and cloud

08:22 – The only viable starting point for interoperability

10:53 – How to build cross-domain talent without chasing unicorn hires

14:40 – Making governance work when IT and OT operate under different rules

17:01 – How unified cyber defense changes the response to global threats

19:23 – Why speed of response matters more than building perfect defenses

20:14 – Fire Round

Follow Daniel Kästle on LinkedIn: https://www.linkedin.com/in/dk31337/

Follow Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/

Stay tuned for Qevlar AI updates: https://www.linkedin.com/company/qevlar

Curious how Qevlar AI helps your analysts focus on the alerts that truly matter?

Head to qevlar.com

How do you guarantee the same investigative depth and accuracy when you’re running security operations for thousands of customers and processing billions of alerts per day?

In this episode, Beatrice Francon, Director of MDR Services at Atos, joins Ahmed Achchak (CEO and co-founder of Qevlar AI) to unpack how Atos scales investigative quality across diverse client environments — from critical infrastructure to finance and healthcare — without losing the human context that defines great security operations.

You’ll discover:

→ Where AI truly adds value in MDR operations today, and where human expertise remains irreplaceable.

→ How Atos balances standardization for efficiency with customization for client-specific risks.

→ Why “no black box” AI and a human-in-the-loop approach are essential for auditability and trust.

→ How Atos turns every AI-generated investigation report into a training accelerator for junior analysts.

→ The evolving boundary between SOAR automation and AI-led investigation, and where each shines today.

Agenda:

00:00 – Introduction: The multi-tenant investigation challenge

02:23 – Where AI delivers real value in MDR workflows

03:54 – Why human oversight still dominates in response and context

06:29 – Balancing efficiency with client-specific risk and context

10:25 – Why “no black box” AI is key to accountability and compliance

13:19 – How Atos ensures knowledge transfer across hundreds of clients

15:27 – AI investigation reports as a new training model for analysts

18:33 – Integrating SOAR and AI SOC: avoiding overlap and maximizing value

21:37 – Fire Round

About Atos:

Atos Group is a global leader in digital transformation with c. 70,000 employees and annual revenue of c. € 10 billion, operating in 67 countries under two brands — Atos for services and Eviden for products. European number one in cybersecurity, cloud and high-performance computing, Atos Group is committed to a secure and decarbonized future and provides tailored AI-powered, end-to-end solutions for all industries. Atos is a SE (Societas Europaea) and listed on Euronext Paris.

Learn more about Qevlar for your SOC: www.qevlar.com

Follow Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/

Follow Beatrice on LinkedIn: https://www.linkedin.com/in/beatrice-francon/

Tier 1, Tier 2, Tier 3 — the hierarchy every SOC grew up with. But as AI takes over triage and investigation, does that model still make sense?

In this episode, Ahmed Achchak (CEO and co-founder of Qevlar AI) talks with Rob van Os, Strategic SOC Advisor and creator of the SOC-CMM framework — one of the most widely adopted models for assessing and improving SOC maturity worldwide.

Together, they unpack whether modern AI-driven operations make the tiered model obsolete, how skills-based SOCs are emerging, and what this shift means for talent, economics, and trust in AI-assisted decisions.

You’ll discover:

→ Why AI automation challenges the core logic behind tiered SOCs.

→ How the SOC-CMM framework helps leaders benchmark and evolve toward post-tier models.

→ The real blocker to full autonomy: missing infrastructure and business context.

→ How to grow and mentor analysts when “entry-level” alerts no longer exist.

→ How to prevent “shadow tiering” from silently reappearing in AI-augmented SOCs.

Rob also shares his prediction on when large enterprises will finally abandon tier and the new engineering and AI skills every modern analyst will need to thrive.

Agenda

00:00 – Introduction: What happens to the tiered SOC when AI takes over L1 and L2?

01:11 – New roles emerging: AI orchestrators and complex-case specialists

03:03 – Trust in AI and why automation still hits the “context” wall

04:54 – Developing junior talent in a post-tier world

06:46 – From tiers to skills: the rise of the skills-based SOC

07:11 – Does AI break the business logic of tiering?

09:19 – Engineering skills every modern analyst will need

10:15 – Why a fully autonomous SOC remains out of reach

13:21 – MSSPs vs in-house SOCs: different economics, same lessons

15:07 – Avoiding “shadow tiering” with proper knowledge management

17:27 – Rob’s prediction: Will enterprises abandon tiers in 3–5 years?

18:19 – Fire Round

Learn more about Qevlar for your SOC: https://www.qevlar.com/

Follow Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/

Follow Rob on LinkedIn: https://www.linkedin.com/in/socadvisor/

In this episode, Ahmed Achchak (CEO & co-founder of Qevlar AI) invited Shane Shook, Venture Partner at Forgepoint Capital and longtime advisor to top security startups, to explore why false negatives (not false positives) are still the SOC’s most dangerous blind spot.

Shane shares insights from 30+ years in incident response and threat detection on where organizations miss early signals, why overtuning rules makes things worse, and how AI can finally shift detection left without overwhelming analysts.

You’ll discover:

→ Why most SOCs miss early-stage delivery attacks, and why “trust” is still the Achilles’ heel.

→ How fear of false positives actually creates false negatives.

→ Where context (user, privilege, resource history) can make or break early detection.

→ How agentic AI and reinforcement learning can spot weak signals at scale.

→ What practical steps CISOs should take to shift detection left in 2025–2026.

Check out Shane’s book Cybercrime Investigation Body of Knowledge

https://www.cibok.org/en/#section-download

And latest articles:

https://forgepointcap.com/tag/tips/

Agenda:

00:00 – Intro: Why false negatives, not false positives, cause the real damage

01:14 – How overtuning rules leads to blind spots

05:21 – The kill chain phase where most detections fail today

07:13 – Why trust relationships defeat zero trust defenses

09:02 – How AI can reduce false negatives without drowning in noise

12:18 – Why full organizational context is the missing piece

14:18 – The single most practical step to shift detection left

16:52 – Why focusing on breach indicators matters more than attack indicators

17:32 – Fire Round: The most underestimated kill chain stage

19:19 – False negatives happen when…

19:33 – The biggest risk CISOs still underestimate

Learn more about Qevlar for your SOC: https://www.qevlar.com/

Follow Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/

Follow Shane on LinkedIn: https://www.linkedin.com/in/shanedshook/

In this episode, Ahmed Achchak (CEO & co-founder of Qevlar AI) sits down with Erik Bloch, VP of Security at illumio and former SOC leader at Salesforce and Atlassian, to explore how AI is blurring the traditional divide between MSSP and enterprise SOCs.

Erik breaks down why MSSPs operate like standardized, metric-driven service products, while enterprise SOCs remain bespoke, and how autonomous AI might flip the script.

You’ll discover:

→ Why AI fits naturally into MSSP workflows but struggles in enterprise SOCs (and what is needed to fix it for maximum results)

→ What MSSPs get right about process and measurement and what enterprises can learn from it

→ How autonomous agents could unlock deep personalization at scale for MSSPs

→ The people and process blockers holding back AI adoption in the enterprise

→ Why phishing is still every SOC’s biggest time sink and how AI can actually help

→ What vendors overhype about AI and what they should focus on instead

Agenda:

00:00 – Intro: How AI blurs the MSSP vs. enterprise SOC line

03:21 – Where AI fits today and where it fails

03:57 – MSSPs run on process; enterprises run on chaos

06:36 – Can autonomous AI personalize without breaking scale?

07:12 – Remove the haystack vs. hunt the needle

10:58 – What AI can offload to help SOC teams do real work

12:17 – Why phishing still dominates SOC workload

13:46 – Fire Round: One alert type to ban forever

18:47 – What MSSPs and enterprises should learn from each other

19:30 – The AI pitch vendors love that nobody actually needs

Follow Erik Bloch on LinkedIn:

https://www.linkedin.com/in/erikbloch/

Follow Ahmed on LinkedIn:

https://www.linkedin.com/in/ahmed-achchak-872554109/

Learn how Qevlar AI automates alert investigation so your analysts don’t burn out: www.qevlar.com 

AI promises to transform security operations but how much of that is actually happening today? In this episode, Ahmed Achchak (CEO of Qevlar AI) talks with Dr. Anton Chuvakin, Security Advisor at Office of the CISO at Google Cloud, to explore the real, measurable ways AI can improve your SOC and the hard limits many organizations overlook.

You’ll discover:

• Where AI reliably adds value in security operations today and where it doesn’t.
• Why poor data, not weak models, is the biggest blocker to AI success in SOCs.
• The key metrics and KPIs that matter when evaluating AI’s effectiveness.
• What human skills will grow in importance in AI-augmented SOCs and which ones matter less.

Agenda:

00:00 – Introduction: Can AI actually help the SOC?

01:06 – Why “AI SOC” is a misleading term

02:27 – The real reason AI won't run the SOC anytime soon

03:49 – Why better AI doesn’t solve bad data

04:18 – Measuring AI’s impact: productivity vs. autonomy

05:54 – Why GenAI improvements aren't enough without better processes

07:12 – Should you track AI’s accuracy?

08:18 – What AI should actually improve in SOC workflows

08:46 – The human skill that matters most in AI-augmented SOCs

10:01 – What SOC skill might matter less in the future

11:08 – Fire Round: Advice Anton repeats but nobody listens to

12:12 – The SOC transformation most organizations keep postponing

13:46 – Why many SOCs are still struggling with cloud in 2025

15:14 – Wrap-up: What Anton finds surprising about today’s SOCs

Follow Dr. Anton Chuvakin on LinkedIn:

https://www.linkedin.com/in/chuvakin/

Dr. Chuvakin’s blog “Anton On Security”:

https://medium.com/anton-on-security

Follow Ahmed on LinkedIn:

https://www.linkedin.com/in/ahmed-achchak-872554109/

Stay tuned for Qevlar AI updates:

https://www.linkedin.com/company/qevlar/

Curious to learn how Qevlar AI can automate your alert investigation so your team can focus on the alerts that matter?

Head to: https://www.qevlar.com/

Most “AI-powered” security tools are just brittle automation wearing a fancy badge. In this episode, Qevlar AI CEO Ahmed Achchak sits down with cybersecurity automation expert Filip Stojkovski to ask the hard questions:

Why are L1/L2 workflows still broken?
What separates true AI agents from glorified SOAR playbooks?
And how can you actually measure whether AI is making smart decisions or just moving faster?

They break down the limits of traditional automation, expose “AI SOC” vendor red flags, and map a real path toward autonomous, human-aligned security operations.

Agenda:

00:00 – Why L1/L2 workflows are broken

01:13 – Are we automating… or just duct-taping faster?

02:44 – AI SOAR vs. autonomous agents: what’s the real difference?

03:09 – When automation becomes a maintenance nightmare

04:46 – What humans still do better in the SOC

06:20 – AI ROI: why speed isn’t the right metric anymore

08:00 – Metrics successful SOCs measure

10:32 – How to spot fake “AI SOC” vendors

13:27 – Where to start if you want true autonomy

15:06 – Fire Round: The truth about AI in security

Follow Filip on LinkedIn: https://www.linkedin.com/in/filipstojkovski/

Filip's blog: 

https://www.cybersec-automation.com/

Follow Ahmed on LinkedIn:

https://www.linkedin.com/in/ahmed-achchak-872554109/

Stay tuned for Qevlar AI updates:

https://www.linkedin.com/company/qevlar/

Curious to learn how Qevlar AI can automate your alert investigation so your team can focus on the alerts that matter?

Head to: https://www.qevlar.com/