Disclaimer: Opinions expressed are solely my own and do not reflect the views or opinions of my employer or any other affiliated entities. Any sponsored content featured on this blog is independent and does not imply endorsement by, nor relationship with, my employer or affiliated organisations.

Here's another edition of the CyberSec Automation blog, and you're probably noticing it looks a little different. I recently launched the CyberSec Automation Interview Series / Podcast, and I wanted to share some of the recent episodes with you.

In these sessions, I chat with founders of cybersecurity companies, especially in the SecOps space, and other practitioners. The idea is to have a casual, no-BS conversation about what's really happening in security automation. Events are streamed live on LinkedIn, and I've also created a YouTube channel where you can catch up on past episodes. Go ahead and subscribe if you want to get notified about new ones.

The episodes are usually tied to a blog post, making it easier to follow the topic. Some are vendor-agnostic, while in others, founders explain how they're tackling a specific problem with their solution.

This monthly edition of the blog will be all about the podcasts I host and the ones where I'm a guest.

Since this is the first one, here are the episodes and the related blogs.

When Does It Make Sense to Automate? When Does AI SOC Actually Work?

Join us for the next episode of the CyberSec Automation Interview Series!

In this episode, I sit down with security pros Andrei Cotaie and Cristian Miron to tackle a big question in modern SOCs: when does it make sense to automate, and when should we trust AI in the SOC?

We'll talk about the three main stages of the SOC workflow: detection and log ingestion, investigation, and response. We'll get into where automation provides the most bang for your buck, where AI SOC is starting to make a real impact, and where it’s still too early to rely on it.

It's just a laid-back chat with real-world examples of how we're implementing and using AI SOC and automation.

You can check out the upcoming event here: https://www.linkedin.com/events/whendoesitmakesensetoautomate-w7360612707361841152/

And the related blog post is here:

Why SOC Analysts Ignore Your Playbooks

Uncover why SOC analysts resist traditional playbooks and learn how to create more effective, actionable security automation strategies that actually work.

www.cybersec-automation.com/p/why-soc-analysts-ignore-your-playbooks-72e6ec0f57d03b15

Smashing the Myth of the Single Pane of Glass

I sat down with Senad Aruc, CEO of Imperum, to deconstruct the "single pane of glass" architecture.

We got pretty technical, talking about why simple LLM wrappers don't work without native Threat Detection, Investigation, and Response (TDIR), the future of SIEM, how to deal with API limitations, and the kind of stack you need for a real Autonomous SOC.

Watch the full episode here:

And here's the blog post that goes with it:

Stop Chasing the Single Pane of Glass

Debunk the "single pane of glass" myth in cybersecurity: Explore why chasing unified platforms falls short and discover smarter approaches to security monitoring and response.

www.cybersec-automation.com/p/stop-chasing-the-single-pane-of-glass-1555d42f940d3642

Building AI for SOCs That Analysts Don’t Hate

In this episode, Tom Findling from Conifers.ai joins me to talk about what it takes to build an AI-driven SOC platform that analysts actually want to use.

We dive into the key features every AI SOC platform should have, best practices for implementation, and how to set realistic expectations from the get-go. No hype, just practical advice.

Check out the conversation here:

The related blog is:

Automate Smarter, Not Louder: Using Interactive AI Feedback Loops

Revolutionize SecOps with AI-driven feedback loops: Learn how smart automation transforms threat intelligence, detection, and response strategies effectively.

www.cybersec-automation.com/p/automate-smarter-not-louder-using-interactive-ai-feedback-loops

Where I Was a Guest

I also had the chance to be a guest on a couple of other podcasts.

EP 6. From Data Chaos to Detection Engineering: How to Automate What Really Matters in the SOC

I joined Balázs Scheidler on the Data Strikes Back podcast to talk about a topic that's close to my heart: your SOC isn’t failing because of bad detections; it's failing because your data is a mess.

We talked about:

  • How to use automation for more than just incident response, like in log management and data pipelines.

  • Why "detection as code" is a waste of time without good schema discipline.

  • How to handle massive amounts of legacy syslog data (we're talking 50TB/day) without blowing your SIEM budget.

  • When it makes sense to standardize, transform, or just automate everything.

You can listen to it here: Data Strikes Back on Spotify

Defender Fridays by LimaCharlie

I was also invited to join an episode of Defender Fridays by LimaCharlie. It was a great conversation about the current state of security automation and where things are headed.

You can watch that here: Defender Fridays

🏷️  Blog Sponsorship

Want to sponsor a future edition of the Cybersecurity Automation Blog? Reach out to start the conversation. 🤝

Sponsorship details

🗓️  Request a Services Call

If you want to get on a call and have a discussion about security automation, you can book some time here

Book a call

Join as a top supporter of our blog to get special access to the latest content and help keep our community going.

As an added benefit, each Ultimate Supporter will receive a link to the editable versions of the visuals used in our blog posts. This exclusive access allows you to customize and utilize these resources for your own projects and presentations.

Upgrade

Reply

or to participate

Keep Reading

No posts found

© 2025 Filip Stojkovski.

Privacy policy

Terms of use

Powered by beehiiv