Let's SOC About It

Amy Tom sits down with Ali Alame, co-founder and CTO of CyberArmor, to talk about what's actually happening in the world of AI-generated phishing attacks. Ali shares what his team is seeing on the front lines: from 13-year-old hackers running phishing campaigns between classes, to criminal organizations running internship programs for budding cybercriminals. They dig into how attackers are bypassing AI guardrails on tools like ChatGPT and Grok, why MFA isn't the silver bullet we think it is, and why shutting down phishing sites may actually be doing more harm than good. If you think your security stack has you covered, this episode will make you think twice.In this episode, you'll learn:🤔 How are cybercriminals using mainstream AI tools to build phishing kits, and why aren't the guardrails stopping them?🧑‍💻 Who exactly are these attackers, and how young are they getting?🐟 Why do Microsoft phishing kits dominate the threat landscape?👀 If MFA can be hijacked, what does real protection actually look like?😱 Is dark web threat intel actually useful, or is near real-time monitoring the smarter play?Ali Alame is CTO and co‑founder of CyberArmor, the company behind DarkArmor, a pre‑breach, pre‑dark‑web threat intelligence platform. With a background in cloud and security across IBM, Lululemon, and UBC, Ali focuses on turning attacker‑side telemetry into operational early warning for SOC teams, MSSPs, and large enterprises.Relevant links:Check out CyberArmor: https://cyberarmor.tech/Follow Ali on LinkedIn: https://www.linkedin.com/in/aalame/

They say modern SOCs are drowning in alerts. But what if the real problem is not the tools, it is the lack of strategy and unification?In this episode of the podcast, Amy Tom sits down with Reza Adineh, SOC Architect and Detection Engineer, to break down why today’s security operations models are fundamentally misaligned and what to do about it. Reza introduces his new framework, UTIOM - Unified Threat Informed Operational Model, designed to bring strategy, visibility, detection, and response into one cohesive cycle.In this episode, you'll learn:
👉 Why most SOCs operate like “alert factories” and how that leads to burnout and false positives
🎯 What it really means to protect your “crown jewels” and align detection to real threats
🔁 Why strategy must guide tools, automation, and response, not the other way around
🚀 How to communicate a unifying security vision across a 100 person SOC teamIf your SOC feels siloed, overwhelmed, or disconnected from the business it is meant to protect, this episode will challenge how you think about security operations and give you a blueprint to unify it.Relevant Links:Learn more about UTIOM: https://utiom.de/what-is-utiom/Follow Reza on LinkedIn: https://www.linkedin.com/in/rezaadineh/Follow Reza on GitHub: https://github.com/ReZaAdineHTimestamps:00:00 Why is the current SOC operating model fundamentally broken?
10:00 What does unification look like in practical terms inside a SOC?
12:31 What does strategy actually look like in a real world example?
18:17 How should a SOC analyst think about protecting crown jewels day to day?
23:13 How do you unify strategy across a 100 person SOC team?
24:06 How should detection engineers prioritize their rules?
25:40 If starting from scratch, what should you prioritize first?
27:10 How do you ensure every SOC team member truly understands the strategy?

In this episode, D3 Security's President – Gordon Benoit – explains why the next step for the SOC is not just faster triage, but autonomous investigation built around attack paths. Learn how Morpheus connects behaviors across the stack, builds attack paths, and shows its work so engineers can trust it, tune it, and scale it. If you are comparing L1 bots to real autonomous investigation, this episode draws the line.

They say that Agentic AI is the new hot topic of cybersecurity. But what does that really mean? How does Agentic AI work? Can AI take over cybersecurity functions like threat hunting and detection?In this episode of the podcast, you'll hear from Rob Goehring, CEO and Founder of Wisr AI, about Agentic AI.You'll learn:👉 What happens when we use multiple AI threat intelligent agents?😱 How is Agentic AI changing the way we do threat hunting and detection?🙏 Will Agentic AI make us hyper-reliant on AI?Relevant links:Check our Wisr AI: https://wisr.ai/Follow Wisr on LinkedIn: https://www.linkedin.com/company/wisr-ai/Follow Rob on LinkedIn: https://www.linkedin.com/in/robgoehring/

AI is changing the way SOCs function, pushing organizations to rethink technology, processes, and people. Filip Stojkovski, Founder of SecOps Unpacked and a cybersecurity veteran with 15 years of experience, joins us on the Let's SOC About It podcast to explore how SOC teams can gain value from implementing AI into their practices.Learn how to maximize your organization's ROI on AI SOC platforms, and ensure your processes and people evolve alongside it. Filip walks us through real lessons learned from his own experimentation with AI in the SOC.In this episode of Let's SOC About It, learn:🔁 How is AI transforming the SOC space?🧐 What are the three types of AI SOC types, and which one is right for your organization?😱 Is your current security process ready for AI integration?⚖️ How do you balance customizability, control, and cost with AI SOC implementation?Relevant links:Follow Filip Stojkovski's Blog, SecOps Unpacked: https://secops-unpacked.ai Connect with Filip on LinkedIn: https://www.linkedin.com/in/filipstojkovski

Francis Odum, a cybersecurity expert and author focused on SOC operations, is joined by David Torres, D3 Security's director of sales engineering. They explore how Morpheus AI revolutionizes SOC functions by generating dynamic playbooks using natural language, drastically cutting down the need for manual tuning. David demonstrates the platform's ability to create context-aware playbooks and enhance analyst workflows while keeping human analysts in control. Francis highlights the significance of AI-driven efficiency in modern cybersecurity.

In this episode of the Let's SOC About It podcast, Amy Tom chats with Sarim Khawaja, a Product Lead at Styx Intelligence, about the dangers of cyber scam mills. They discuss the growing threat of organized, factory-like operations that execute online scams on an industrial scale.In this episode, you'll learn:🏭 What cyber scam mills are and how they operate🌏 Why they are prevalent in Southeast Asia and other regions 🎭 What types of scams and targeting strategies they use💼 What the impact is on individuals and businesses 🛡️ Best practices for organizational cybersecurityRelevant links:Follow Sarim on LinkedIn: https://www.linkedin.com/in/sarimkhawaja/Join the White Hat Security Community: https://www.linkedin.com/company/white-hat-security-community/Join PM Hive: https://www.linkedin.com/company/pmhivevan/Learn about Styx Intelligence: https://styxintel.com/

Threat detection teams are on the frontlines of detecting, inspecting, and publishing findings on new threats. But how do they get there? And what does it take to understand and dissect malware?On this episode of the podcast, we're joined by Randy Pargman, the Senior Director of Threat Detection at Proofpoint, to ask him:🔄 How does reverse malware engineering work?🔎 How do you know what you’re looking for when things evolve so quickly? 🤔 How do you stay on top of evolving tactics from bad actors? Relevant links:💜 Read Proofpoint's threat insights blog: http://proofpoint.com/us/blog/threat-...💜 Follow Randy Pargman on LinkedIn:   / randy-pargman-131b773  💜 Check out DEATHCon: https://deathcon.io/

Online data brokers may seem like a consumer privacy issue –but as our guest explains on this episode of Let's SOC About It, they’re a growing business risk. Paul Mander, General Manager of Optery, joins us to expose the scale of the online data broker ecosystem and how it fuels targeted cyberattacks like phishing, smishing, and impersonation. The line between personal and business identity is blurrier than ever – and it’s putting organizations at risk.In this episode, you'll learn about:🕵️‍♂️ How data brokers harvest and resell your employees’ personal data📲 Why that information is fueling phishing and smishing attacks🧠 The impact of AI on the sophistication and scale of social engineering🛡️ How to proactively protect your people – and reduce alerts in the SOCRelevant Links:Follow Paul on LinkedIn: linkedin.com/in/paulmanderLearn more about Optery: http://optery.com/getting-started-business/

Identity-based attacks aren't slowing down. In fact, as Chip Bircher tells us on this episode of Let's SOC About It, it's not something you can ignore. Chip Bircher, CTO of SOFTwarfare, talks about execution methods and ways to combat identity-centric threats.In this episode, you'll learn about:👮 The military/cybersecurity crossover⚠️ How bad actors execute identity-based attack methods🤨 The use of behavioral analytics and the ethics of privacy⚙️ How AI is fuelling an identity-based attack fireRelevant Links:Follow Chip on LinkedIn:   / chipbircher  Learn more about SOFTwarfare: https://www.softwarfare.com/