Building security operations from scratch and when MDR makes sense with Patrick McKinney

Why most teams are flying blind in security operations with Bleon Proko

In this episode of SecOps Confidential, James Berthoty talks with Bleon Proko, cloud security researcher at Exaforce, about why cloud security operations are still tripping up teams that are otherwise solid at traditional SOC work. Bleon breaks down the structural gap between cloud security engineers focused on posture and SOC teams drowning in raw log sources they don't know what to do with. They get into which log sources matter most (including S3 data events and Bedrock logs that most people skip), how to approach basic detection building without getting buried in false positives, and how attackers tend to stay basic while defenders often miss things hiding in plain sight. Bleon also shares lessons from his own cloud research, including a real honeypot that caught a full threat actor team, and his framework for building detection coverage you can actually maintain.

Building security operations from scratch and when MDR makes sense with Raghuraman Sethuraman

Most security conversations happen on the security side of the org chart. Raghuraman Sethuraman, VP of Engineering at Automation Anywhere, has been in the room from the engineering side, and the view is different. In this episode, Raghu joins host James Berthoty to talk about how one of the world's leading AI automation platforms thinks about security from the inside: how product security, infrastructure security, and IT InfoSec operate as separate functions but stay tightly coordinated; why AI-generated code from coding assistants is creating threat vectors traditional security processes weren't built to catch; and how to break AI security into three distinct areas, coding assistant security, prompt injection and system prompt security, and runtime monitoring. They also get into what the explosion of internal agents actually means for security teams: every department will have its own agents, each needing access to specific data, each requiring identity controls and secure communication protocols. And why the organizations that aren't thinking about agentic security frameworks today will be the ones caught scrambling when adoption hits. Raghu's advice for security leaders: governance cannot be an afterthought, and one to 100 happens very fast.

Building security-first crypto infra and the CTO-CISO partnership with Srijan Shetty

In this episode of SecOps Confidential, host James Berthoty talks with Srijan Shetty, co-founder and CTO at Fuse, about building security into crypto and fintech infrastructure. Srijan explains why Zero Trust and least privilege access are easier to scale than bolting security onto legacy systems later. They dig into how AI tools speed up both development and security ops, why comprehensive test suites let teams ship fast while meeting regulatory requirements, and what it actually looks like to run 99% unit test coverage on a million-line codebase. Srijan shares what's working with AI SOC platforms, DAST scanning, and LLM-assisted development, and explains how security becomes an advantage when you tie it to developer experience and deployment speed. In this episode * The shift from security as a blocker to security as a business enabler in CTO-CISO partnerships * Why building on Zero Trust and least privilege from day one beats retrofitting security later * How progressive regulators like the UAE's VARA can enable rather than block security innovation * The strategic use of AI across infrastructure, CI/CD pipeline, and developer experience layers * Why AI SOC platforms reduce alert fatigue and improve investigation speed for lean security teams * Balancing developer velocity with security through comprehensive testing infrastructure * How 99% unit test coverage and end-to-end regression suites enable confident, frequent deployments Links * Fuze [https://fuze.finance/] * Exaforce [https://www.exaforce.com/]

Building security operations from scratch and when MDR makes sense with Patrick McKinney

In the inaugural episode of SecOps Confidential, host James Berthoty sits down with Patrick McKinney (VP of Security, Invisible) to break down how to build and scale a security operations program. They cover when companies should move beyond “CTO-owned security,” how to approach tooling organically without overbuying, and how MDR and emerging AI SOC platforms can reduce operational burden while improving investigation speed and access to data. Patrick shares practical guidance on tying security spend to revenue retention, sales enablement, and risk, plus how to think about open-source vs. SaaS, vendor transparency, and the evolving SOC tool landscape as AI accelerates change. In this episode: * The practical triggers for standing up a formal SecOps program * How to sequence tooling decisions without “$500K worth of tools” on day one * How to justify security budget with revenue retention, sales cycle impact, and risk framing * Open-source vs. SaaS tradeoffs (including the often-ignored operational overhead) * When (and whether) to off-board MDR as internal maturity grows * Why AI SOC value is often analysis quality and investigation speed, not just headcount reduction * What vendors can do to earn trust: transparency, proof, realistic promises, and fast time-to-value Learn more * Invisible [https://invisibletech.ai/] * Exaforce [https://www.exaforce.com/]

Introducing SecOps Confidential

Welcome to SecOps Confidential - a cybersecurity podcast about the SOC programs that survived contact with reality. Hosted by James Berthoty, founder of Latio, each episode features security leaders, CTOs, and practitioners sharing what actually happened when they built their security operations centers. The 2 AM pages. The budget battles. The moments where perfect met reality. The automation wins. The complete rebuilds. Whether you're running a lean SOC, scaling to enterprise, or trying to figure out what actually works in modern security operations, this show is for you. You'll hear real stories from people who've been in the trenches. How SOCs are built, scaled, and automated. The people, processes, and technologies driving the next era of SecOps. New episodes drop monthly. Subscribe now on YouTube, Spotify, Apple Podcasts, or wherever you listen.