Guest:

• Svetla Yankova, Founder and CEO, Citreno

Topics:

• Why do so many organizations still collect logs yet don’t detect threats? In other words, why is our industry spending more money than ever on SIEM tooling and still not “winning” against Tier 1 ... or even Tier 5 adversaries?
• What are the hardest parts about getting the right context into a SOC analyst’s face when they’re triaging and investigating an alert? Is it integration? SOAR playbook development? Data enrichment? All of the above?
• What are the organizational problems that keep organizations from getting the full benefit of the security operations tools they’re buying?
• Top SIEM mistakes? Is it trying to migrate too fast? Is it accepting a too slow migration? In other words, where are expectations tyrannical for customers? Have they changed much since 2015?
• Do you expect people to write their own detections? Detecting engineering seems popular with elite clients and nobody else, what can we do?
• Do you think AI will change how we SOC (Tim: “SOC” is not a verb?) in the next 1- 3 -5 years?
• Do you think that AI SOC tech is repeating the mistakes SOAR vendors made 10 years ago? Are we making the same mistakes all over again? Are we making new mistakes?

Resources:

• EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025
• EP231 Beyond the Buzzword: Practical Detection as Code in the Enterprise
• EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines
• EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering
• “RSA 2025: AI’s Promise vs. Security’s Past — A Reality Check” blog
• Citreno, The Backstory
• “Parenting Teens With Love And Logic” book (as a management book)
• “Security Correlation Then and Now: A Sad Truth About SIEM” blog (the classic from 2019)

Guest:

• Cristina Vintila, Product Security Engineering Manager, Google Cloud

Topic:

• Could you share insights into how Product Security Engineering approaches at Google have evolved, particularly in response to emerging threats (like Log4j in 2021)?
• You mentioned applying SRE best practices in detection and response, and overall in securing the Google Cloud products. How does Google balance high reliability and operational excellence with the needs of detection and response (D&R)?
• How does Google decide which data sources and tools are most critical for effective D&R?
• How do we deal with high volumes of data?

Resources:

• EP215 Threat Modeling at Google: From Basics to AI-powered Magic
• EP117 Can a Small Team Adopt an Engineering-Centric Approach to Cybersecurity?
• Podcast episodes on how Google does security
• EP17 Modern Threat Detection at Google
• EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil
• Google SRE book
• Google SRS book

Guest:

• Sarah Aoun, Privacy Engineer, Google

Topic:

• You have had a fascinating career since we [Tim] graduated from college together – you mentioned before we met that you’ve consulted with a literal world leader on his personal digital security footprint. Maybe tell us how you got into this field of helping organizations treat sensitive information securely and how that led to helping keep targeted individuals secure?
• You also work as a privacy engineer on Fuschia, Google’s new operating system kernel. How did you go from human rights and privacy to that?
• What are the key privacy considerations when designing an operating system for “ambient computing”? How do you design privacy into something like that?
• More importantly, not only “how do you do it”, but how do you convince people that you did do it?
• When we talk about "higher risk" individuals, the definition can be broad. How can an average person or someone working in a seemingly less sensitive role better assess if they might be a higher-risk target? What are the subtle indicators?
• Thinking about the advice you give for personal security beyond passwords and multi-factor auth, how much of effective personal digital hygiene comes down to behavioral changes versus purely technical solutions?
• Given your deep understanding of both individual security needs and large-scale OS design, what's one thing you wish developers building cloud services or applications would fundamentally prioritize about user privacy?

Resources:

• Google privacy controls
• Advanced protection program