LotR Episode 9: The SOC Data Breakdown

LotR Episode 9: The SOC Data Breakdown

In this conversation, we discuss the evolving landscape of security operations, focusing on the challenges and innovations in data management, particularly in relation to Security Information and Event Management (SIEM) systems, data lakes, and the role of data pipelines. They explore the concept of cybersecurity mesh, the importance of data governance, and the need for data engineers within security teams. The discussion also touches on the impact of AI on security operations and the complexities of navigating various security tools and technologies. Guests: * Jonathan Rau [https://www.linkedin.com/in/jonathan-r-2b2742112/] - VP and Distinguished Engineer at Query.ai [https://www.query.ai/] Summary Points: * The traditional SIEM model is being challenged by new data management approaches. * Data lakes are becoming essential for effective security data management. * Cybersecurity mesh offers a new way to access and utilize data across platforms. * Data hygiene is crucial for effective security operations. * Security teams often lack the necessary data management skills. * The role of data engineers is increasingly important in security teams. * Organizations need to be proactive in their data governance strategies. * AI is transforming how security operations are conducted. * Understanding the complexities of security tools is vital for effective management. * The future of cybersecurity standards is still evolving and requires adaptation. Chapters 00:00 Introduction to Cybersecurity and Data Management 02:21 The Evolution of Security Information and Event Management (SIEM) 05:39 Challenges with Traditional SIEMs and Data Centralization 08:16 The Shift Towards Data Lakes and Pipelines 10:44 Understanding Data Mesh and Federated Search 13:28 Navigating the Complexity of Modern Data Architectures 16:22 The Role of Data Normalization and Processing 19:21 Future Trends in Cybersecurity Data Management 26:26 Making Security Analysts' Jobs Easier 27:45 The Distinction Between Vulnerability Management and Incident Response 29:16 The Role of Data Engineers in Security 34:26 Data Hygiene and Security Hygiene 36:49 The Need for Data Engineers in Security Teams 39:41 Challenges in Tool Selection and Integration 43:56 Understanding OCSF and Apache Iceberg Get full access to Latio Pulse at pulse.latio.tech/subscribe [https://pulse.latio.tech/subscribe?utm_medium=podcast&utm_campaign=CTA_4]

LotR Episode 8: What is Reachability?

Featuring: * Omer Yair [https://www.linkedin.com/in/omeryair/] - Co-founder of Raven.io * Martin Torp [https://www.linkedin.com/in/martin-torp/] - Co-founder of Coana (Now part of Socket.dev) Summary In this conversation, the hosts explore how reachability technologies help in vulnerability management, the challenges faced in implementation, and the best practices for choosing the right approach. The discussion also highlights the significance of network reachability and function execution in assessing risks, as well as the importance of vendor comparisons in the cybersecurity landscape. Takeaways Reachability is about determining if a vulnerability is relevant to an application. The goal of reachability is to assess exploitability. Static analysis is simpler and does not require a running application. Runtime reachability provides real-time insights into application behavior. Network reachability helps prioritize vulnerabilities based on actual risk. Function execution during runtime indicates the highest priority vulnerabilities. Choosing between static and runtime reachability depends on organizational constraints. The volume of CVEs is increasing, making effective prioritization essential. Understanding vendor capabilities is crucial for effective reachability analysis. Performance monitoring tools like Grafana can help assess the impact of security sensors. Chapters 00:00 Introduction to Reachability Technologies 01:39 Defining Reachability and Its Importance 04:38 Exploring Static vs. Runtime Reachability 10:23 Diving Deeper into Static Reachability 19:02 Understanding Runtime Reachability and Its Types 26:19 Understanding Runtime Function Execution 28:33 Static vs. Runtime Analysis: A Complementary Approach 34:23 Choosing the Right Reachability Method 37:32 Challenges in In-House Vulnerability Management 39:47 The Importance of Effective CVE Management 42:45 Navigating Reachability Analysis Challenges 45:45 Optimizing Scan Times and Performance 50:47 Performance Insights and Attack Path Considerations Get full access to Latio Pulse at pulse.latio.tech/subscribe [https://pulse.latio.tech/subscribe?utm_medium=podcast&utm_campaign=CTA_4]

LotR Episode 7: Securing AI Applications

Featuring: * Dor Sarig [https://www.linkedin.com/in/dsarig/] - Co-Founder of Pillar Security * Vrajesh Bhavsar [https://www.linkedin.com/in/vrajeshio/] - Co-Founder of Operant AI In this episode, the hosts discuss the critical aspects of AI security with industry experts. They explore the unique challenges posed by AI technologies, the role of CISOs in navigating these challenges, and the emerging threats that organizations face. The conversation emphasizes the importance of data control, compliance, and the need for robust testing and red teaming strategies. The experts also highlight industry-specific concerns and the future of AI security tools, providing valuable insights for organizations looking to secure their AI applications. Takeaways * AI fundamentally changes how we approach security. * Protecting sensitive data and models is crucial. * Security must enable innovation, not hinder it. * Data is now executable, increasing risks. * CISOs need to focus on compliance and data control. * Emerging threats require new security strategies. * Testing AI systems is complex and requires new methods. * Industry-specific regulations impact AI security needs. * Collaboration between security and data teams is essential. * The future of AI security tools is evolving rapidly. Chapters 00:00 Introduction to AI Security 02:29 Understanding the Shift in Security Paradigms 05:18 The Rapid Evolution of AI Technologies 07:45 CISO Perspectives on AI Security 10:13 Top Concerns in AI Security 11:59 Emerging Threats and Attack Vectors 14:27 Data Governance and Compliance Challenges 17:21 The Role of Security Teams in AI Programs 22:30 Collaboration Between Security and Data Science 23:39 The Importance of Data Control in AI Security 25:00 Understanding Risks in AI Security 29:02 Identifying Malicious vs. Benign Activities 31:26 The Role of Testing Infrastructure in AI Security 33:45 Industry-Specific Security Concerns 35:52 Red Teaming and AI Security Testing 39:10 The Need for Comprehensive Threat Modeling 41:21 Data Security in the Age of AI Get full access to Latio Pulse at pulse.latio.tech/subscribe [https://pulse.latio.tech/subscribe?utm_medium=podcast&utm_campaign=CTA_4]

Lotr Episode 6 - What is a SOC in 2025?

Summary In this conversation, James Berthoty, Kyle Polley [https://www.linkedin.com/in/kylepolley/] from Perplexity, and Ariful Huq [https://www.linkedin.com/in/arifhuq/] from Exaforce explore the complexities of security operations, focusing on the role of Security Operations Centers (SOCs), the integration of AI, and the evolving landscape of cloud security. They discuss the motivations behind purchasing SOCs, the importance of compliance, and the challenges faced by security teams in managing alerts and incidents. The conversation highlights the potential of AI to enhance SOC functions, reduce alert fatigue, and improve detection engineering, while also addressing the need for context in security operations. The discussion concludes with insights on the future of security data and the operationalization of detection engineering. Takeaways * The initial push for SOCs often stems from compliance needs. * Understanding the budget is crucial when considering SOC options. * AI can significantly enhance the efficiency of SOC operations. * The integration of CNAPP and SOC is becoming increasingly important. * Contextual information is vital for effective incident response. * MDR solutions can be beneficial but may lack the necessary context. * Detection engineering requires a blend of security and software engineering skills. * Alert fatigue is a significant challenge for SOC teams. * The future of security data will encompass more than just logs. * AI has the potential to democratize security operations and improve analyst capabilities. Chapters 00:00 Introduction to Security Operations 01:31 Understanding the Need for SOCs 05:42 The Role of CNAP in Security 08:34 Balancing SOC and CNAP Solutions 10:08 Traditional SOC Roles and Responsibilities 11:45 The Evolving Nature of SOC Teams 13:49 Contextualizing Alerts in Security 15:32 Integrating AI into SOC Operations 20:52 Enhancing Analyst Efficiency with AI 25:39 Learning from Past Investigations 27:06 The Importance of Threat Hunting in SOCs 29:43 Leveraging AI for Threat Intelligence and Detection 31:02 Modernizing SOC Skills and Detection Engineering 35:00 Reimagining Detection Engineering with AI 38:43 The Role of Data Normalization in AI Models 40:48 The Future of AI in Security Operations 43:12 The Evolution of SIEM and Security Data Lakes Get full access to Latio Pulse at pulse.latio.tech/subscribe [https://pulse.latio.tech/subscribe?utm_medium=podcast&utm_campaign=CTA_4]

LotR Episode 5 - Lessons from Shutting Down a Startup

Latio On The Record — Episode 5 Guest: Yoad [https://www.linkedin.com/in/yoadfekete/] https://www.linkedin.com/in/yoadfekete/Fekete [https://www.linkedin.com/in/yoadfekete/] (ex-Co-Founder & CEO, Mirror Security; now leads Security & Infrastructure at Lynx Security) Hosts: James Berthoty & Charrah Recorded: Wednesday, June 4 Why we wanted Yoad on Mirror Security caught our eye back in 2022 for one reason: it tackled SolarWinds-style software-supply-chain attacks head-on, instead of stopping at familiar SCA vulnerability scans. Myrror had the rare combination of genuinely differentiated and useful technology. Two years (and one graceful shutdown) later, Yoad has a rare 360-degree view of what happens when brilliant tech meets a market that just isn’t ready. Conversation highlights 0:17 Yoad’s background: Microsoft IR after SolarWinds → co-founding Mirror to catch supply-chain intrusions early 4:14 Why “traditional” SCA tools don’t flag injected build artifacts—and how Mirror’s binary-to-source matching tried to fix that 9:18 Early market signals vs. real product-market fit: the danger of mistaking enthusiasm for intent 15:35 Founder-led sales lessons: when a two-week POC needs to end at two weeks 26:20 How to judge pivots: technical edge, ecosystem partnerships, and the “three-year-contract” wall 51:45 Recognizing shutdown flags: stagnant pipeline, long sales cycles, and repeated VC “no’s” 56:23 Yoad’s three red lights before closing: 1) zero VC appetite, 2) no pipeline growth, 3) POCs that don’t convert Five takeaways you can use today * “Cool” isn’t a buying signalIf the prospect understands your tech and still won’t sign, it’s time to revisit the problem you solve. * Own the first sales yourselfHiring reps won’t save a product the founder can’t sell; use outside experts only to tighten the motion. * Two-week POC ruleValue uncovered after week two rarely tips a deal—set a stop date and stick to it. * Plan for the acquisition auditIf a big-box buyer mainly wants your team, a fully remote, distributed headcount can complicate the offer. * Graceful shutdowns take cashBudget early for vendor obligations and employee support; you owe the team a soft landing before worrying about yourself. What’s next for Yoad He’s publishing weekly LinkedIn essays on founder lessons, cybersecurity GTM strategy, and supply-chain security—worth a follow if you’re iterating on a security startup or wrestling with product-market fit. 🎧 Listen to the full episode wherever you get your podcasts, and let us know which insight resonated most. Get full access to Latio Pulse at pulse.latio.tech/subscribe [https://pulse.latio.tech/subscribe?utm_medium=podcast&utm_campaign=CTA_4]