CISO Tradecraft® #273 - Creating a Wisdom-Led SOC (with Oren Saban)
Mar 2, 2026
Oren Saban, co-founder and CPO at Mate Security and product-focused security researcher. He discusses AI-driven, wisdom-led SOCs tackling alert overload. Short takes cover AI agents handling most investigations, building contextual security graphs, shifting metrics from volume to quality, and elevating humans to strategic judgment and governance.
AI Snips
Chapters
Transcript
Episode notes
Attackers Are Moving At Machine Speed
- Attackers are adopting AI faster and operate at machine speed, outpacing manual SOC response capabilities.
- Oren Saban warns this creates a coming Log4j-like moment where swarms of autonomous agents probe and adapt in real time.
Elevate Analysts Into Super Analysts
- Do elevate analysts into ‘super analysts’ by offloading repetitive triage to AI so humans focus on judgment and business impact.
- Oren compares AI to MRI assistants: agents gather context, humans make surgical decisions.
Make A Security Context Graph
- Security investigations are relational reasoning problems, not just log searches, so restructure data as a security context graph.
- The graph links assets, owners, roles, history and lets agents traverse organizational knowledge for precise investigations.