I walked into NASDAQ MarketSite Times Square on April 27th for the inaugural AI SOC LIVE which promised big conversations about the future of security operations and I expected a blend of vision and vendor messaging. What I did not expect was just how direct those conversations would be.
From the moment Trace Sheridan took the stage as emcee, I knew this was not going to be a typical conference. He kept the energy high, weaving humor throughout the day and making even the most complex topics feel accessible. And honestly, when talking cyber security, humor is needed!
The event brought together CISOs, practitioners, and technology leaders who are all grappling with the same reality. The traditional SOC model is under strain, and incremental improvements are no longer enough. The conversations throughout the day reflected a shared understanding that something has to change.
The SOC Model Is Breaking Under Pressure
The opening session by Itai Tevet, CEO and Co-Founder of Intezer, set the tone immediately. His message was clear, the SOC model as we know it is broken. Throwing more people at the problem is no longer viable, and many of the tools that were supposed to solve these challenges have fallen short.
What resonated with me most was his reframing of a problem we talk about constantly. For years, the industry has focused on alert fatigue as the central issue. His perspective challenged that assumption. It is about the risk, not about the alert fatigue.
That distinction matters. If the problem is framed as too many alerts, the solution becomes filtering, prioritization, or suppression. If the problem is risk, then the focus shifts to ensuring that every alert is properly understood and investigated and that is a very different operating model.
Tevet also highlighted a reality that many organizations are already experiencing. Attackers are using AI to accelerate their efforts. That changes the math entirely. Defenders cannot rely on processes that require linear human scaling when adversaries are operating at machine speed and the imbalance becomes unsustainable.
The concept of the AI SOC began to take shape through this lens. In this model, AI executes and humans supervise. It is not about replacing analysts, but about redefining their role. Instead of spending time triaging alerts or performing repetitive investigations, humans focus on oversight, decision making, and higher level analysis.
One of the more ambitious ideas presented was the notion that every alert could be investigated with depth and accuracy. At first, that sounds unrealistic, especially for organizations already struggling to keep up. But when you consider the potential of AI to handle repetitive and time consuming tasks, it starts to feel less like a stretch and more like a necessary evolution.
Another interesting point was the idea that the future SOC may not require a separate SOAR platform. Instead, the full lifecycle of security operations, from detection to response to investigation, could be integrated into a single system. That kind of consolidation would fundamentally change how teams operate and how tools are evaluated.
As the day progressed, it became clear that this was not just one company’s perspective. Variations of this theme came up repeatedly. The pressure on SOC teams is not easing. If anything, it is intensifying, and the current model cannot keep up.
From Data to Outcomes: What Actually Matters
One of the most memorable moments of the day came during the keynote by Alon N. Cohen. Instead of delivering the presentation himself, he introduced an AI-generated version of himself to take the stage. It was both entertaining and slightly surreal.
The audience laughed when the AI version spoke in a completely different voice, stripped of his accent. But beneath the humor was a powerful message. If we can convincingly replicate something as nuanced as a human presentation, what does that mean for other areas of security and operations?
Cohen’s vision extended well beyond novelty. He spoke about the emergence of autonomous security architecture and a future where much of the SOC operates independently. The timelines he shared were ambitious. A sovereign SOC by 2028 and a more fully autonomous cybersecurity landscape by 2030.
It takes years to develop a skilled human analyst, yet AI can identify and assess vulnerabilities in seconds. That gap in speed is impossible to ignore. It reinforces the idea that we are not simply augmenting human capability. We are redefining what capability looks like.
The Human Side of AI in the SOC
The panel on the role of humans in the SOC reinforced this reality from a leadership perspective. Hearing from Jen Greulich, Co-Founder and COO, Legato Security, Pavi Ramamurthy, CISO, Blackhawk Network , Mor Levi, VP Detection, Analysis & Response, Salesforce and Deepak Kolingivadi, Security BU, Service Now brought a level of honesty that felt refreshing. Being a CISO today is not just challenging. It is relentless.
The speed at which attackers are leveraging AI is forcing leaders to rethink everything from staffing to strategy. There is a constant tension between needing to move fast and needing to get things right. Add to that the ongoing talent shortage, and it becomes clear why burnout is such a prevalent issue in the industry.
One point that stood out to me during this discussion was how difficult it is to balance innovation with risk management. On one hand, organizations need to adopt new technologies to stay competitive. On the other, every new technology introduces additional risk that the SOC must manage. That balancing act is becoming increasingly complex.
Data First Strategies
The session on data-first strategies built on this idea from a different angle. Devon Lattell and Marcus Mingo focused on a question that seems simple but is often overlooked. Do we actually understand our data?
Many organizations have invested heavily in collecting and storing data, particularly within SIEM platforms. But the conversation challenged the assumption that more data automatically leads to better outcomes. In many cases, data is available but not actionable.
There was also an interesting discussion around the cost of data. Log spend continues to rise, and pricing models for SIEM solutions often become a point of frustration. But the panel suggested that focusing too much on cost can be a distraction. The real issue is not how much data you have or how much it costs. It is whether the data is being used effectively.
Another key point was how data quality impacts the handoff between machines and humans. If the data feeding AI systems is incomplete or inconsistent, the outputs will reflect those weaknesses. That has direct implications for trust. If analysts do not trust the outputs of AI systems, adoption will stall.
Advancing SOC outcomes Panel
I also had the opportunity to participate in a CISO panel focused on advancing SOC outcomes featuring Paul Carpenito, CISO, ION Group, Doug Mayer, CISO, WCG Clinical and Mitchem Boles, Field CISO, Intezer. This conversation shifted the focus from activity to impact. For years, SOC performance has been measured by metrics like the number of alerts processed or the speed of response. While those metrics still have value, they do not fully capture effectiveness.
The discussion centered on what organizations should be measuring. Risk reduction, faster threat containment, and improved decision making were all highlighted as more meaningful indicators. AI is playing a role here as well, not just in execution but in how metrics are defined and tracked.
This shift toward outcome-based measurement feels like an important step forward. It aligns security more closely with business objectives and helps demonstrate value in a way that resonates beyond the SOC.
DLP Sucks (Did they actually say that?)
Yes, they really did! This session featuring Pieter Vaniperen, CISO, Alpha Sense, Sean McCormack, Director of Insider Protection and Yonatan Zohar, CTO, Jazz tackled a topic that often generates strong opinions. Data loss prevention. The session title, “DLP Sucks,” set the stage for an honest discussion about the challenges and potential of these programs.
Vaniperen, who spoke highly of Jazz and the positive shifts since using them provided the example which was particularly striking. An employee was sending confidential information outside the organization through a synced messaging application during a meeting. The system detected this behavior without being explicitly trained on it and alerted the security team.
What made this example powerful was not just the detection, but the implications. When DLP works effectively, it exposes how data is actually being handled within an organization. That visibility can be uncomfortable. It forces organizations to confront behaviors and practices that might otherwise go unnoticed.
As one speaker put it, data is our currency. Protecting it has to be a priority.
At the same time, there was an acknowledgment that effective DLP requires careful consideration. It is not just about technology. It is about understanding the human element. How people interact with data, why they make certain choices, and how security controls can support rather than hinder their work.
The day concluded on a lighter note with a live podcast recording hosted by David Spark. The conversation with Nick Vigier and Mitchem Boles brought a mix of insight and entertainment, with trivia questions and candid exchanges that kept the audience engaged.
After a full day of sessions, the closing reception and Nasdaq photo opportunity provided a chance to reflect and connect with others who are navigating the same challenges. Those informal conversations often add as much value as the sessions themselves.
So Where Does This Leave Us?
We are at an inflection point in security operations. The shift toward AI-driven models is not a distant possibility. It is already underway.
What stood out to me was not just the technology, but the mindset shift required. Moving from a human-centric model to one where machines take on a larger role requires trust, adaptability, and a willingness to rethink long-standing assumptions.
There are still many questions to answer. How do we ensure transparency in AI-driven decisions? How do we maintain accountability? How do we balance efficiency with oversight?
But despite those questions, the future of the SOC will look very different from what we have today. Organizations that embrace this change and focus on outcomes rather than processes will be better positioned to succeed.