Cloud Security Podcast

chevron_right

The Truth About AI in the SOC: From Alert Fatigue to Detection Engineering

whatshot 52 snips

Oct 3, 2025

Guest

Allie Mellen

Allie Mellen, a Principal Analyst at Forrester specializing in security analytics and generative AI, digs into the evolving landscape of Security Operations. She explains the ongoing "massive reset" in SOCs driven by generative AI and better data management. Allie advocates for the shift from traditional SOC models to Detection Engineering. She discusses practical AI applications, the importance of explainability, and how companies are leveraging AI for triage. Tune in for insights into the future of AI and its role in enhancing security operations.

45:39

forum

Ask episode

web_stories

AI Snips

view_agenda

Chapters

auto_awesome

Transcript

info_circle

Episode notes

insights

INSIGHT

SOC Facing A Moment Of Reset

The SOC is at a 'moment of reset' driven by data management and generative AI changes.
Allie predicts the next five years will be wild for security operations.

volunteer_activism

ADVICE

Tune Data Ingestion To Detections

Do tune data ingestion to detection use cases instead of ingesting everything by default.
Use modern pipeline tools to route, reduce, redact, or tokenize data for cost and utility.

insights

INSIGHT

SIMs Pushed Volume Over Strategy

Traditional SIMs often failed by encouraging 'send everything' and monetizing storage.
New tooling enables smarter collection and visibility into log pipelines.

Get the Snipd Podcast app to discover more snips from this episode

Forrester Analyst Background and Coverage

02:19 • 32sec

chevron_right

State of Security Operations and Market Changes

02:51 • 1min

chevron_right

Log Volume, Cost, and Data Strategy Advances

03:59 • 3min

chevron_right

Security Data Lakes and Storage Tradeoffs

07:08 • 2min

chevron_right

SIM Shortcomings and Need for Data Management Roles

08:40 • 34sec

chevron_right

This Is a Moment of Reset for SOCs

09:14 • 2min

chevron_right

Will AI Replace L1 Analysts?

10:48 • 4min

chevron_right

Evolving to Detection Engineering Roles

14:37 • 2min

chevron_right

Using AI Hallucinations as Creative Detection Inputs

17:06 • 2min

chevron_right

Practical AI Use Cases in the SOC Today

18:37 • 1min

chevron_right

Agentic AI Reality and Explainability Needs

20:00 • 55sec

chevron_right

Testing AI Responses and Golden Datasets

Enterprises Building Custom LLMs for Triage

25:42 • 1min

chevron_right

How to Secure AI Agents and AEGIS Framework

26:49 • 2min

chevron_right

Logging Gaps for AI Applications and Observability Challenges

28:54 • 1min

chevron_right

Detection Engineering Needed for Homegrown AI Apps

30:08 • 2min

chevron_right

Who Is Using AI in SOCs Now?

32:17 • 1min

chevron_right

Generational Differences and Chatbot Use

33:37 • 57sec

chevron_right

Early Market Landscape for AI Triage Agents

34:34 • 48sec

chevron_right

Hiring and Upskilling SOC Teams for an AI World

35:22 • 4min

chevron_right

What to Evaluate When Purchasing SOC Tools Today

39:32 • 2min

chevron_right

Personal Questions and Hobbies

41:44 • 3min

chevron_right

Where to Find Allie and Her Work

"The next five years are gonna be wild." That's the verdict from Forrester Principal Analyst Allie Mellen on the state of Security Operations. This episode dives into the "massive reset" that is transforming the SOC, driven by the rise of generative AI and a revolution in data management.

Allie explains why the traditional L1, L2, L3 SOC model, long considered a "rite of passage" that leads to burnout is being replaced by a more agile and effective Detection Engineering structure. As a self-proclaimed "AI skeptic," she cuts through the marketing hype to reveal what's real and what's not, arguing that while we are "not really at the point of agentic" AI, the real value lies in specialized triage and investigation agents.

Guest Socials -⁠ ⁠⁠⁠Allie's Linkedin

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast

Questions asked:

(00:00) Introduction(02:35) Who is Allie Mellen?(03:15) What is Security Operations in 2025? The SIEM & XDR Shakeup(06:20) The Rise of Security Data Lakes & Data Pipeline Tools(09:20) A "Great Reset" is Coming for the SOC(10:30) Why the L1/L2/L3 Model is a Burnout Machine(13:25) The Future is Detection Engineering: An "Infinite Loop of Improvement"(17:10) Using AI Hallucinations as a Feature for New Detections(18:30) AI in the SOC: Separating Hype from Reality(22:30) What is "Agentic AI" (and Are We There Yet?)(26:20) "No One Knows How to Secure AI": The Detection & Response Challenge(28:10) The Critical Role of Observability Data for AI Security(31:30) Are SOC Teams Actually Using AI Today?(34:30) How to Build a SOC Team in the AI Era: Uplift & Upskill(39:20) The 3 Things to Look for When Buying Security AI Tools(41:40) Final Questions: Reading, Cooking, and Sushi

Resources:

You can read Allie's blogs here

Home Top podcasts Popular guests Top books