Evolving the SOC: Automating Manual Work while Maintaining Quality at Scale – Allie Mellen, Tim MalcomVetter – ESW #394
Full Audio
View Show IndexSegments
1. Evolving the SOC: Automating Manual Work while Maintaining Quality at Scale – Tim MalcomVetter – ESW #394
We've got a few compelling topics to discuss within SecOps today. First, Tim insists it's possible to automate a large amount of SecOps work, without the use of generative AI. Not only that, but he intends to back it up by tracking the quality of this automated work with an ISO standard unknown to cybersecurity.
I've often found useful lessons and wisdom outside security, so I get excited when someone borrows from another, more mature industry to help solve problems in cyber. In this case, we'll be talking about Acceptable Quality Limits (AQL), an ISO standard quality assurance framework that's never been used in cyber.
Segment Resources:
Announcements
Security Weekly listeners save $100 on their RSAC Conference 2025 Full Conference Pass! RSA Conference will take place April 28 to May 1 in San Francisco and on demand. To register using our discount code, please visit securityweekly.com/rsac25 and use the code 5U5SECWEEKLY! We hope to see you there!
Guest
Tim MalcomVetter (@malcomvetter) is the Co-Founder of ⚡Wirespeed, a 100% Automated and SaaS-based MDR that is faster, more consistent, easier to use, and significantly cheaper than the legacy MDR approaches. We’re changing your relationship with MDR!
Tim has been building, defending, and hacking computer systems since the 1980s as a kid. Tim’s accomplishments include:
– startup exit to a world leading private equity firm
– scaling a security business to 300% growth in a little over a year
– building the Red Team program at the world’s largest company
– advising and consulting startups, enterprises, and mergers & acquisitions
– leading high performing teams
– hacking everything from mainframes to apps to AI
– holding an academic university cybersecurity research fellowship
– presenting at numerous technical conferences
– contributing to open source software and frameworks like MITRE ATT&CK
Hosts
2. A SecOps Medley: we talk automation, AI, data management, and EDR evaluations – Allie Mellen – ESW #394
We couldn't decide what to talk to Allie about, so we're going with a bit of everything. Don't worry - it's all related and ties together nicely.
- First, we'll discuss AI and automation in the SOC - Allie is covering this trend closely, and we want to know if she's seeing any results yet here.
- Next, we'll discover SecOps data management - the blood that delivers oxygen to the SOC muscles.
- Finally, we'll discuss MITRE's recent EDR evaluations - there was some contention around some vendors claiming to ace the test and we're going to get the tea on what's really going on here!
For each of these three topics, these are the blog posts they correspond with if you want to learn more:
Guest
Allie Mellen is a Forrester analyst covering security operations, nation-state threats, and the use of automation, machine learning, and AI in security tools. She has been in the technology industry for over a decade in various engineering roles: doing research at MIT, running her own engineering consultancy, and being a hacker before finally becoming a security practitioner. She now advises Fortune 500 CISOs and security teams on their detection and response practice and frequently speaks at industry-leading events and with the press.
Hosts
3. The dark side of security leadership, will agentic be a thing, OWASP AI resources – ESW #394
In this week's enterprise security news, we've got
- 5 acquisitions
- Tines gets funding
- new tools and DFIR reports to check out
- A legal precedent that could hurt AI companies
- AI garbage is in your code repos
- the dark side of security leadership
- HIPAA fines are broken
- Salt Typhoon is having a great time
- Don't use ChatGPT for legal advice!!!!!
All that and more, on this episode of Enterprise Security Weekly.
Hosts
- 1. FUNDING: Tines – Announcing our $125M Series C fundraise
- 2. ACQUISITIONS: List of acquisitions in title
We've got a bunch of mergers and acquisitions this week, so we've compiled them here.
- CyberArk Acquires Zilla Security to Reshape Identity Governance and Administration for the Modern Enterprise
- Drata to Acquire SafeBase, Accelerating Trust Management within Enterprise Governance, Risk, and Compliance - SafeBase always felt like a feature intended to slot into a OneTrust, Vanta, or Drata eventually, so no shock here.
- AttackIQ Acquires DeepSurface - Unsurprising, as we're seeing all the BAS vendors pivot towards attack surface management, posture management, CTEM, and "adversarial exposure validation" (automated pentesting, basically)
- The SolarWinds $4.4 billion acquisition gives CISOs what they least want: Uncertainty
- https://www.cnbc.com/2025/02/10/appdynamics-founder-jyoti-bansal-merges-startups-harness-traceable-.html
- 3. NEW COMPANIES: Hello, World. 7AI Emerges from Stealth. Here We Go.
- 4. TOOLS: GitHub – HuskyHacks/cazadora: Simple hunting script for suspicious M365 OAuth Apps
- 5. DFIR: Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware
- 6. AI TRENDS: Thomson Reuters wins AI copyright ‘fair use’ ruling against one-time competitor
IT'S HAPPENING
If this ruling stands, the courts might be wide open for anyone whose data was scraped and trained on by tech companies that have built foundation models. It's too early to guess how serious this could be, but the list of folks who had data scraped is nearly everyone with a public presence on the Internet.
If you're dependent on generative AI tech, it might be good to have a business continuity plan in place if your chosen product/vendor gets sued into oblivion. This kind of David/Goliath scenario is absolutely possible - we saw Apple recently forced to disable the blood oxygen sensors in its line of smartwatches after a much smaller competitor sued to enforce its patent rights.
- 7. AI TRENDS: Mike Mason on LinkedIn: AI Copilot Code Quality: 2024 Data Shows 4x More Code Cloning
- 8. AI TRENDS: OWASP Dramatically Expands GenAI Security Guidance with Guides for Handling Deepfakes, Building an AI Security Center of Excellence, and a GenAI Security Solutions Landscape
OWASP just dropped a ton of super useful AI resources!
In particular, I think their AI security solutions landscape is super useful.
There is also an AI security solutions cheat sheet, a guide to preparing for deepfake events, and an LLM and Generative AI Security Center of Excellence Guide.
- 9. ESSAYS: The Dark Side of Security Leadership
- 10. FINES: UHG Increases Change Healthcare Data Breach Victim Count to 190 Million
"The maximum financial penalty for a HIPAA violation set by the HITECH Act is $1.5 million, and adjusted for inflation is just over $2.1 million."
Do WHAT? If this was the EU, UHG would be getting hit with a $1B+ fine. I had no idea that HIPAA fines had so little bite. Why bother even fine - it's less than 10% of the ransom they paid the attackers!
