SuperSOC: Conversations with the People Shaping the Future of Security Operations

Claude Mythos: Security Armageddon or Marketing Stunt? ft. Dave McKenzie

Mythos may be the biggest cybersecurity AI announcement we’ve seen so far but is it actually a revolution for attackers, or just another overhyped AI moment? In this episode, Ahmed Achchak (CEO of Qevlar AI) sits down with cybersecurity consultant Dave McKenzie to break down what Mythos really changes for defenders, why most organizations are focusing on the wrong risks, and what SOC teams should prepare for now. You’ll discover: *  Why Mythos is less about “AI hacking the world overnight” and more about accelerating targeted attacks.  *  The hidden operational problem AI creates for SOCs: more signals, more vulnerabilities, and more difficult prioritization decisions.  *  Why patching everything is no longer realistic and how mature teams should think about exposure instead.  *  How AI can actually help defenders by connecting weak signals humans would normally miss.  *  Why regulatory frameworks like PCI DSS may become unexpectedly painful in an AI-driven vulnerability landscape.  Agenda: 00:00 – Introduction: Is Mythos hype or a real shift for defenders? 02:16 – What Mythos actually changes in cybersecurity 06:11 – Why AI won’t “hack the world overnight” 09:22 – The SOC workflows most likely to break first 13:18 – How AI can help defenders connect weak signals 16:48 – Why patching everything no longer works 20:46 – The overlooked compliance and business risks 26:18 – Why prioritization becomes the key SOC capability 27:20 – Wrap-up: What defenders should focus on next Follow Dave McKenzie on LinkedIn: https://www.linkedin.com/in/davewmckenzie/ Follow Ahmed Achchak on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/ Stay tuned for updates from Qevlar AI: https://www.linkedin.com/company/qevlar Curious to learn how Qevlar AI can automate alert investigation and help your SOC scale against increasingly complex attacks? Head to: www.qevlar.com

The Intelligence Layer: The Missing Piece Every SOC Has Been Waiting For ft. Raffael Marty (ex-ConnectWise, ArcSight, Splunk)

AI is making security operations faster but not necessarily smarter. In this episode, Ahmed Achchak (CEO & Co-founder of Qevlar AI) sits down with Raffael Marty, cybersecurity veteran and early pioneer of SIEM and security analytics, to unpack why SOCs still struggle to understand attacks and what’s been missing all along: a true intelligence layer. You’ll discover: → Why 20+ years of SIEM and correlation technologies still leave analysts reconstructing attacks manually → What actually broke in the evolution from early context-rich systems to today’s event-driven detection models → Why adding “AI on top” of existing tools doesn’t fix the core problem → How to capture analyst decisions and unlock a new layer of institutional knowledge → What an intelligence layer really is and how it changes the way investigations happen → How shifting from alerts to risk and campaigns reshapes security operations Agenda: 00:00 – Introduction: Why SOCs still can’t connect the dots 02:16 – What broke in SIEM and why correlation failed 04:23 – Why alerts are a flawed foundation 07:42 – From alerts to campaigns: a new way to investigate 10:57 – Turning analyst knowledge into an intelligence layer 15:08 – Why LLMs need structured context (and where they fail) 20:27 – Moving to risk-based, AI-driven SOC operations 24:49 – Fire Round: AI-ready SOCs, the end of tiers, and future skills Follow Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/ [https://www.linkedin.com/in/ahmed-achchak-872554109/] Follow Raffael Marty on LinkedIn: https://www.linkedin.com/in/raffy/ [https://www.linkedin.com/in/raffy/] Get more of Raffael’s insights on his blog: https://raffy.ch/blog/ [https://raffy.ch/blog/] Stay tuned for Qevlar AI updates: https://www.linkedin.com/company/qevlar [https://www.linkedin.com/company/qevlar] Curious to learn how Qevlar AI can help you build an intelligence layer that turns alerts into real understanding? Head to: qevlar.com [http://qevlar.com]

Stop Buying Tools, Start Designing Systems: The Architecture Mindset Modern SOCs Need ft. Demetrius Comes @Squarespace

Security teams often try to improve their SOC by adding more tools. Mature organizations approach the problem differently: they design systems. The real leverage comes from architecture — how telemetry, detections, identities, and workflows fit together into a coherent operational platform. In this episode, Ahmed Achchak (Co-founder & CEO of Qevlar AI) speaks with Demetrius Comes, VP of Security at Squarespace, about why the biggest operational gaps in security come from poorly designed systems rather than missing alerts. Drawing on his background in engineering and product development, Demetrius explains why SOCs benefit from thinking like architects, not just tool buyers. You’ll discover: → Where the line is between a true SOC system and a stack of disconnected security tools.  → How engineering thinking helps design more resilient and scalable security operations.  → Why logging and telemetry decisions made early can create years of operational friction.  → What a well-designed security data layer actually looks like in practice.  → How to prevent your SOC architecture from slowly drifting into a patchwork of historical decisions. Agenda 00:00 – Introduction: Why SOC performance is really an architecture problem 01:13 – The difference between a SOC system and a pile of tools 02:58 – How engineering thinking shapes security architecture decisions 03:18 – Deciding what to build, buy, or integrate in a modern security stack 05:18 – The rising challenge of non-human identities in modern systems 07:16 – Architectural mistakes that create years of SOC inefficiency 08:53 – Why missing or poorly designed logging breaks detection programs 10:20 – Designing a security data layer that can evolve with the product 11:13 – Operational readiness reviews and why security must be part of feature releases 12:23 – Preventing architecture drift with retrospectives and continuous improvement 13:30 – Fire Round Follow Demetrius on LinkedIn: https://www.linkedin.com/in/demetriuscomes/ [https://www.linkedin.com/in/demetriuscomes/] Follow Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/ [https://www.linkedin.com/in/ahmed-achchak-872554109/] Stay tuned for Qevlar AI updates: https://www.linkedin.com/company/qevlar/ [https://www.linkedin.com/company/qevlar/] Curious to learn how Qevlar AI can automate your alert investigation so your team can focus on the alerts that matter? Head to: qevlar.com [http://qevlar.com/]

AI Readiness in the SOC Exists, But Not the Way You Define It ft. Rafal Kitab @ ConnectWise

Most SOCs say they’re “not ready for AI.” Others rush in, hoping AI will magically fix years of neglected fundamentals. Both approaches aren’t ideal. In this episode, Ahmed Achchak (CEO & Co-founder, Qevlar AI) sits down with Rafal Kitab, Director of SecOps & Incident Response at ConnectWise, to talk about when exactly AI should be added in the SOC. Rafal argues that AI doesn’t fix broken SOCs. It amplifies whatever you already are. If your processes are solid, AI can extend your capacity. If they’re broken, AI just helps you fail faster with greener dashboards. You’ll learn: → Which AI promises for SecOps in 2025 actually held up in production and which ones collapsed on contact with reality → Why adding AI too early can hide inefficiency instead of fixing it → The non-negotiable SOC fundamentals that must exist before AI delivers real value → How to measure “AI success” without vanity metrics → Rafal’s bold prediction for how AI will change day-to-day SOC work in 2026 (and who it benefits most) Agenda 00:00 – Introduction: Are SOCs really “not ready” for AI? 01:27 – The big AI promises of 2025: what worked and what didn’t 02:44 – Why “AI SOC” testing often fails before it starts 04:41 – How AI can accelerate inefficiency instead of reducing it 05:58 – Why green SLAs don’t mean better detection and response 08:07 – The non-negotiable SOC fundamentals before AI adds value 09:34 – Measuring workload, quality, and real capacity in a SOC 10:26 – Why SOCs fix tools before processes — and pay for it later 13:45 – Rafał’s bold predictions for AI in the SOC in 2026 Follow Rafal Kitab on LinkedIn: https://www.linkedin.com/in/rafal-kitab/ [https://www.linkedin.com/in/rafal-kitab/] Follow Ahmed Achchak on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/ [https://www.linkedin.com/in/ahmed-achchak-872554109/] Stay tuned for updates from Qevlar AI: https://www.linkedin.com/company/qevlar [https://www.linkedin.com/company/qevlar] Curious how Qevlar AI helps SOCs connect weak signals and surface real intrusions earlier? Head to: qevlar.com [http://qevlar.com/]

SOC Blind Spots: The Threats That Always Get Through and Why You Don’t Detect Them ft. Jai Minton @ Huntress

Is your SOC ready for the new era of GenAI attacks? In this episode, Ahmed Achchak sits down with Jai Minton, Senior Manager of Hunt & Response at Huntress, to break down how attackers consistently bypass even “mature” SOCs by abusing legitimate tools, blending into normal behavior, and operating in places defenders rarely monitor closely. This conversation is for SOC leaders who want to understand: → Which intrusion patterns slip past EDR and SIEM without triggering alerts → Where telemetry is silently missing, shallow, or unusable when it matters → Why malware-free attacks are harder to catch than most teams expect → How weak signals can reveal early-stage intrusions, if you know how to connect them → What detection strategies no longer scale against how attackers operate today Agenda 00:00 – Why SOC blind spots still exist 00:58 – Intrusion patterns that evade even mature SOCs 03:09 – Why context is the real detection problem 04:01 – Telemetry SOCs think they have (but actually don’t) 05:48 – Why logs are missing in the first place 07:00 – The weak signals attackers can’t avoid 08:19 – Can detection of weak signals actually scale? 10:20 – AI on offense: what SOCs are unprepared for 13:48 – Structural detection failures hunters see everywhere 14:45 – Redesigning detection for how attackers operate today Follow Jai Minton on LinkedIn: https://www.linkedin.com/in/jaiminton/ Follow Ahmed Achchak on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/ Stay tuned for updates from Qevlar AI: https://www.linkedin.com/company/qevlar Curious how Qevlar AI helps SOCs connect weak signals and surface real intrusions earlier? Head to: qevlar.com [http://qevlar.com]