Dropzone AI
Beyond the Alert
Beyond the Alert features security operations leaders and SOC professionals sharing battle-tested insights on scaling security capabilities, managing high-performing teams, and leveraging emerging technologies to transform their operations. Join us as we discuss investigation techniques, leadership strategies, and real-world approaches to delivering effective security outcomes in an increasingly complex environment.
Author
Dropzone AI
Category
Podcast website
Latest episode
Jul 2, 2026
Where to listen?
Podcasts in the app Replaio Radio Coming soonPodcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts
Episodes
Will AI replace tier-1 SOC analysts? A fraud hunter's take 02.07.2026 36:29
The least sophisticated fraudsters often teach the sharpest lessons. Blake Butler , who leads financial crime threat intelligence at PayPal, has picked up tradecraft from teenagers who spotted abuse paths that seasoned actors overlooked. He shows Anne how to read an attacker's sophistication, why product abuse outpaces zero-day patching, where human intelligence beats automation, and what stol...
Why initial access brokers are an intelligence advantage, not just a threat 18.06.2026 35:55
Alex Bovicelli runs cyber threat intelligence across 15,000+ insured organizations at Tokio Marine HCC , and his program sits on something most teams will never have: direct visibility into thousands of ransomware claims and full DFIR engagements. That means he's not theorizing about how breaches happen. He's watching them close out in real time. In this episode, Alex gets into why the thr...
40% of IT teams already hired a fraudulent candidate and still think they can spot a deepfake 04.06.2026 49:58
GetReal surveyed 700 IT professionals at mid-to-large businesses and found that roughly 40% said they had already hired a fraudulent candidate. Most of those same respondents also said they were confident they could spot a deepfake. Tom Cross has tested face swaps and voice clones against leading biometric models, and they pass. Not sometimes. Typically. In this episode, he maps out exactly how th...
If it's predictable, it's preventable: Duaine Labno’s framework for staying ahead of incidents 21.05.2026 30:38
Duaine Labno came up through law enforcement before taking over a workplace violence and threat assessment program, and that transition shaped everything about how he runs his threat intel teams. His team processes millions of data points and handles life-safety events in real time. What he lays out in this conversation is less about theory and more about the operational habits that separate teams...
What Happens When Your AI Agent Learns How to Escape Your Own Lab? 07.05.2026 54:33
Dhruv Majumdar has 15 years across red teams, incident response, EY and Deloitte consulting, and co-founding an MDR company before Gartner coined the term. That history gives him a vantage point most vendor-side voices don't have: he's been the person buying tools, building detection programs from scratch, and managing ransomware incidents in real time. In this episode, he makes a clear ca...
Elastic's Darren LaCasse on Why SOC Teams Should Sort Alerts by Volume Before Severity 26.03.2026 35:30
Darren LaCasse , Director of Threat Intelligence, Detection, & Response at Elastic , makes a case that most SOC leaders are solving alert fatigue the wrong way. Starting with critical alerts keeps teams treading water. His approach of sorting by volume first, clearing the biggest bucket, then using that momentum to ask why those alerts existed at all separates short-term queue management from...
ECS's Dave Howard & Jesse Mainor on 40% Faster Triage with 12 Analysts & 30K Monthly Alerts 12.03.2026 41:27
ECS now operates with 12 tier-one analysts instead of 14 while triaging 30,000 monthly alerts, achieving a 40% reduction in mean time to triage for Dropzone-handled alerts. Dave Howard , Senior Director of Cyber Operations, and Jesse Mainor , SOC Manager, built a hybrid model where alert sources flow to SOAR first for initial enrichment and configured auto-closure patterns, then route remaining al...
How Analyst Feedback Says More Than Any SOC 26.02.2026 38:12
Austin Amraen , SOC Director at CommandLink , has built SOC teams from the ground up multiple times, and his approach challenges some of the field's most accepted assumptions. He rejects the tier-one-to-tier-three analyst model entirely, arguing that the biggest capability gap in most mature stacks isn't endpoint or identity but unmonitored network traffic, and measures SOC effectiveness n...
Sneha Regmi on Using Blameless Retros to Enable High-Pressure Decisions 10.02.2026 49:43
Sneha Regmi , Director of Security Operations & Resilience Engineering at a major Financial Services organization, has an incident command framework that prioritizes scope and impact determination over immediate containment, even when executives are panicking. Her teams assign ownership in the first 60 seconds, then the lead verbalizes every decision and next three actions aloud, continuous n...
The commodity vs. custom threat split: How automation reshapes SOC work | Allen Carter 22.01.2026 43:55
Allen Carter , former Director of IT Security Operations, ran security operations at Gilead Sciences for a decade, building three teams including a global SOC across India, the UK, and multiple US locations. He developed an approach to burnout prevention where managers function as coaches who spot which team members are "struggling with a twisted ankle" before exhaustion hits,. When onboarding SOA...
How to Stop SOC Analyst Burnout: Peacetime vs Wartime Framework 08.01.2026 33:41
Robert Maxwell , Security Operations Leader, has a peacetime versus wartime operating model that gives analysts flexibility during normal operations to balance out the 16-hour days that often happen during incidents. He also automated Google Drive "did you share this publicly on purpose?" alerts into Slack bot interactions, eliminating repetitive analyst work. Robert also amplifies team successes...
How to Build Efficient Security Teams with AI and Automation 18.12.2025 43:45
Joe Albers , Director of Information Security Operations at Element Solutions, Inc. , manages a six-person follow-the-sun security team with a counterintuitive framework: accept reduced alert coverage for 6 months while building strategic automation, then gain exponentially more capacity for threat hunting. His approach to AI rejects black box solutions in favor of transparent contextual enrichmen...
Advanced Persistent Threats Targeting Nonprofits Explained 04.12.2025 39:33
Robert Keefer , Associate Director of Security Operations at The Pew Charitable Trusts , has reversed the traditional security equation by building defense in depth that forces attackers to succeed multiple times rather than once. Unlike opportunistic criminal attacks that move on when initial methods fail, nation-state actors now specifically target nonprofits to destroy their ability to gather a...
Interview Questions That Predict SOC Analyst Burnout Risk 20.11.2025 40:54
Andrew “AJ” Jarrett , Director of Cyber Monitoring & Incident Response at DTCC , applies emergency response frameworks from his firefighting career to build SOC teams that execute under pressure rather than panic. His approach centers on the Incident Command System, where establishing clear roles, management by objectives, and documentation unit leaders replaces ad-hoc crisis response. Even ju...
TransUnion's Eder Ribeiro on Teaching "Barney Style" and with Empathy 06.11.2025 26:25
When seven different responders and law firms were thrown into the same ransomware negotiation chat by a threat actor, Eder Ribeiro , Director of Global Incident Response at TransUnion , it became his framework for managing global incident response: map the data, map the people, and look as holistically as possible before acting. To do this, executive trust must be built long before the 3AM phone...
Cyderes’ Stephen Fridakis on Why IT & CISOs Are the Moon (They Reflect) 23.10.2025 32:30
Cyderes ' CISO in Residence Stephen Fridakis ’s vulnerability management framework rejects the "list problem" mindset — scan, report, patch what you can — in favor of contextual risk assessment. His approach asks four critical questions: Is this vulnerability applicable to my environment? Can it actually be exploited? Will exploitation expose sensitive data? This methodology allowed his teams to d...
Vulnerable U’s Matt Johansen on Capturing Cybersecurity's Authentic Voice 02.10.2025 39:59
Matt Johansen , Founder of Vulnerable U , built a following of 133,000 cybersecurity professionals by abandoning corporate messaging for authentic practitioner-to-practitioner communication. His systematic approach combines daily content creation with AI workflows that transform security operations. This proves his "humans to the power of AI" framework, where teams multiply capabilities without lo...
ThoughtSpot's Alessio Faiella on Measuring Real ROI from AI Security Tools 18.09.2025 28:57
Alessio Faiella , Sr. Director of Security Engineering at ThoughtSpot , sees security teams making the same mistakes with AI that they've made with every new technology: rushing to implement without understanding the fundamentals. He's learned that the most effective AI security deployments come from teams who first attempt to build solutions internally. His approach of running 30-day AI hackathon...
Rezliant Inc.'s Brook Schoenfield on AI Error Rates vs Human SOC Analysis 04.09.2025 32:35
Brook Schoenfield , Chief Scientist and EVP of Services at Rezliant Inc. , brings decades of security architecture experience to explain why SOCs function as the ultimate firewall when all other defenses fail. His mathematical framework for understanding software vulnerabilities reveals why human expertise remains irreplaceable in modern threat detection. Brook demonstrates how sophisticated attac...
TALAS Security’s Paul Marco on the Four Data Types Every Security Investigation Needs 21.08.2025 45:08
Paul Marco , Co-founder of TALAS Security , challenges the assumption that effective security operations follow a universal playbook. His decades of hands-on SOC experience reveal that the most successful teams customize their approach based on organizational context rather than copying industry templates. Paul's methodology for complex security environments centers on four critical data requireme...
Theory Ventures' Andy Triedman on AI-Native vs AI-Feature Teams 06.08.2025 31:55
Andy Triedman , Partner at Theory Ventures , argues that AI is reshaping not just security capabilities, but the entire business model of security companies. Unlike traditional "insurance-style" security products that were difficult to evaluate quantitatively, AI-enabled platforms provide clear scoreboards that buyers can use to measure effectiveness, speed, and cost efficiency. This shift from re...
FanDuel's Tyler Martin on 70% Automation Without Losing Human Oversight 07.07.2025 26:59
In our inaugural episode of Beyond the Alert, we explore how Tyler Martin , Senior Director of Enterprise Security Engineering and Operations at FanDuel , has reimagined what a modern SOC can accomplish when AI becomes the foundation rather than an add-on tool. His team eliminated traditional shift-based operations entirely, replacing 30-40 potential analyst positions with custom agentic AI that d...
Similar podcasts
Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.