EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI

Описание: Guest:


• Manija Poulatova (  / manija-poulatova-165a5966  ) , Director of Security Engineering and Operations at Lloyd's Banking Group


Topics:


• SIEM migration (https://security.googlecloudcommunity...) is hard, and it can take ages. Yours was - given the scale and the industry - on a relatively short side of 9 months. What's been your experience so far with that and what could have gone faster?

• Anton might be a "reformed" analyst but I can't resist asking a three legged stool question: of the people/process/technology aspects, which are the hardest for this transformation? What helped the most in solving your big challenges?

• Was there a process that people wanted to keep but it needed to go for the new tool?

• One thing we talked about was the plan to adopt composite alerting techniques (https://cloud.google.com/chronicle/do...) and what we've been calling the "funnel model" for detection in Google SecOps. Could you share what that means and how your team is adopting?

• There are a lot of moving parts in a D&R journey from a process and tooling perspective, how did you structure your plan and why?

• It wouldn't be our show in 2025 if I didn't ask at least one AI question! What lessons do you have for other security leaders preparing their teams for the AI in SOC transition?


Resources:


• EP234 The SIEM Paradox: Logs, Lies, and Failing to Detect (https://cloud.withgoogle.com/cloudsec...)

• EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective (https://cloud.withgoogle.com/cloudsec...)

• EP231 Beyond the Buzzword: Practical Detection as Code in the Enterprise (https://cloud.withgoogle.com/cloudsec...)

• EP184 One Week SIEM Migration: Fact or Fiction? (https://cloud.withgoogle.com/cloudsec...)

• EP125 Will SIEM Ever Die: SIEM Lessons from the Past for the Future (https://cloud.withgoogle.com/cloudsec...)

• EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025 (https://cloud.withgoogle.com/cloudsec...)

• "Maverick" — Scorched Earth SIEM Migration FTW! (  / maverick-scorched-earth-siem-migration-ftw  ) blog

• "Hack the box" (https://www.hackthebox.com/) site