Building the SOC of the Future – JP Bourget, Michael Mumcuoglu – ESW #399
Full Audio
View Show IndexSegments
1. Building the SOC of the Future – JP Bourget – ESW #399
What does a mature SecOps team look like? There is pressure to do more with less staff, increase efficiency and reduce costs. JP Bourget's experience has led him to believe that the answer isn't a tool upgrade, it's better planning, architecture, and process.
In this interview, we'll discuss some of the common mistakes SecOps teams make, and where to start when building the SOC of the future.
Announcements
I'll be running an panelcast with Fastly, titled Security Without Speed Bumps: Using WAF Simulator to Transform DevSecOps Workflows. Join me for this exciting webcast on April 16th. To register for this panelcast, go to securityweekly.com/WAF
Guest
JP is a recovered SOAR founder, Security Data Pipeline junkie, EIR at Lytical Ventures, and President of Blue Cycle, a boutique consulting firm focusing on SecOps Maturity and modernizing MSSPs and SOCs to the era of devOps, Config as Code and other current and nascent approaches to getting more done with less resources. JP is also a cyclist (was on PauldotCom 10 years ago), and still runs the Defcon bike ride, which you can sign up for at cycleoverride.org.
Hosts
2. We need better detection feedback loops – Michael Mumcuoglu – ESW #399
It feels like forever ago, but in the mid-2010s, we collectively realized, as an industry, that prevention was never going to be enough. Some attacks were always going to make their way through. Then ransomware got popular and really drove this point home. Detection engineering is a tough challenge, however.
Where do we start? Which attacks should we build detections for? How much of the MITRE ATT&CK matrix do we need to cover? How often do these detections need to be reviewed and updated? Wait, are any of our detections even working?
In this interview with Michael Mumcuoglu, we'll discuss where SecOps teams get it wrong. We'll discuss common pitfalls, and strategies for building more resilient and effective detections.
Again, as an industry, we need to understand why ransomware attacks keep going unnoticed, despite attackers using routine techniques and tools that we see over and over and over again.
Guest
Michael is a serial entrepreneur that is passionate about technology, cybersecurity and leadership. Prior to CardinalOps, Michael co-founded LightCyber, a pioneer in behavioral attack detection acquired by Palo Alto Networks (NYSE: PANW) in 2017 where he served as Vice President of Engineering for the Cortex XDR platform. Prior to founding his three startups, Michael served in various cybersecurity roles in an elite intelligence division of the Israel Defense Forces.
Hosts
3. Google picks up a Wiz kid, GitHub’s malicious actions, Agentic AI is sus – ESW #399
This week, JP Bourget from Blue Cycle is with us to discuss Building the SOC of the Future
Then, Michael Mumcuoglu (Moom-cuoglu) from CardinalOps joins us to talk about improving detection engineering.
In the enterprise security news,
Google bets $32B on a Wiz Kid Cybereason is down a CEO, but $120M richer EPSS version 4 is out Github supply chain attacks all over A brief history of supply chain attacks Why you might want to wait out the Agentic AI trend Zyxel wants you to throw away their (old) products HP printers are quantum resilient (and no one cares) A giant rat is my hero All that and more, on this episode of Enterprise Security Weekly.
Announcements
Identiverse 2025 is returning to Las Vegas, June 3-6. Hear from 250+ expert speakers and connect with 3,000+ identity security professionals across four days of keynotes, breakout sessions, and deep dives into the latest identity security trends. Plus, take part in hands-on workshops and explore the brand-new Non-Human Identity Pavilion. Register now and save 25% with code IDV25-SecurityWeekly at https://www.securityweekly.com/IDV2025
Hosts
- 1. FUNDING: brought to you by the Security, Funded newsletter
"Cybereason, a United States-based endpoint detection and response (EDR) platform, raised a $120.0M Venture Round from Liberty Strategic Capital and SoftBank Vision Fund."
With the CEO gone, the deal happened pretty quickly. I haven't seen a public drama like this with the exec team at a security startup since Norse Networks!
"Pentera, an Israel-based automated security validation platform, raised a $60.0M Series D from Evolution Equity Partners."
- 2. ACQUISITIONS: Google to acquire cloud security startup Wiz for $32 billion
Sure, this is the largest security acquisition ever, even larger than Cisco's $28b deal for Splunk, which arguably, wasn't pure play security.
What really makes it remarkable is the speed and confidence with which Wiz grew and gobbled up the cloud security TAM. The company has been putting out mind-blowing press releases since the beginning.
Remember when they claimed $100M ARR after being out of stealth for only 18 months? We racked our brains to even conceive of how the company could add headcount quick enough to grow at this rate.
Meanwhile, the company's research team was regularly churning out incredible research, finding vulnerability after vulnerability in cloud security platforms. Research that made everyone safer, not just Wiz customers.
They rejected a $23b offer from Google and stated IPO as their goal, but IPOs aren't what they used to be, and I'd argue that a cloud security company isn't a good fit for the risk-adverse public market. This seems like a great outcome, but some folks aren't so sure. Will Wiz's support for non-Google platforms degrade post-acquisition? Only time will tell, but Ian Iamit has some thoughts on this over on LinkedIn.
- 3. NEW PRODUCTS: Introducing EPSS Version 4
The savior of the vuln management market, or no?
Adrian has some thoughts.
- 4. ATTACKS: GitHub supply chain attack prints out everyone’s secrets
Man, what's the best practice here? Should customers be looking for signs of compromise across all their third parties? Do we want to risk waiting for GitHub to send out a notice?
The shared responsibility model has never been so stressed.
- 5. ATTACKS: Fake “Security Alert” issues on GitHub use OAuth app to hijack accounts
It's rough out there for developers and GitHub users. Whether it's vulnerabilities or social engineering, attackers know that the world's largest repo is the watering hole that puts food on the table (sorry for the very bad predator/prey metaphor).
- 6. TRENDS: A brief history of mass hacks
And this truly is brief! It only goes back a few years, but there have been a shocking number of attacks on vulnerable tech/security providers. The supply chain is really where attackers are focusing these days (also see our two GitHub stories!)
- 7. ESSAYS: Why you should most definitely wait out the current “Agentic Security” wave
Even this self-proclaimed futurist, and some of the most AI-bullish folks I know are raising a few eyebrows at claims of "full autonomy", and agentic AI.
- 8. ENTROPY: Chaos in Cloudflare’s Lisbon office: securing the Internet with wave motion
- 9. DUMPSTER (literally): Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers
How disposable should tech be? How long should it last? Who should be responsible for decommissioning it?
Should Zyxel pull a Spotify and brick their old devices once they reach end-of-life?
- 10. STUFF NO ONE ASKED FOR: HP Launches Printers With Quantum Resilient Cryptography
Any guesses as to how large the 2D printing on ink/tree pulp industry is?
Larger or smaller than what Google just paid for Wiz?
- 11. SQUIRREL (RAT?) – Carolina the giant rat retires as a hero after saving many lives
