SuperSOC: Conversations with the People Shaping the Future of Security Operations

AI is making security operations faster but not necessarily smarter. In this episode, Ahmed Achchak (CEO & Co-founder of Qevlar AI) sits down with Raffael Marty, cybersecurity veteran and early pioneer of SIEM and security analytics, to unpack why SOCs still struggle to understand attacks and what’s been missing all along: a true intelligence layer.
You’ll discover:
→ Why 20+ years of SIEM and correlation technologies still leave analysts reconstructing attacks manually
→ What actually broke in the evolution from early context-rich systems to today’s event-driven detection models
→ Why adding “AI on top” of existing tools doesn’t fix the core problem
→ How to capture analyst decisions and unlock a new layer of institutional knowledge
→ What an intelligence layer really is and how it changes the way investigations happen
→ How shifting from alerts to risk and campaigns reshapes security operations
Agenda:
00:00 – Introduction: Why SOCs still can’t connect the dots
02:16 – What broke in SIEM and why correlation failed
04:23 – Why alerts are a flawed foundation
07:42 – From alerts to campaigns: a new way to investigate
10:57 – Turning analyst knowledge into an intelligence layer
15:08 – Why LLMs need structured context (and where they fail)
20:27 – Moving to risk-based, AI-driven SOC operations
24:49 – Fire Round: AI-ready SOCs, the end of tiers, and future skills
Follow Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/
Follow Raffael Marty on LinkedIn: https://www.linkedin.com/in/raffy/
Get more of Raffael’s insights on his blog: https://raffy.ch/blog/
Stay tuned for Qevlar AI updates: https://www.linkedin.com/company/qevlar
Curious to learn how Qevlar AI can help you build an intelligence layer that turns alerts into real understanding? Head to: qevlar.com

Security teams often try to improve their SOC by adding more tools. Mature organizations approach the problem differently: they design systems. The real leverage comes from architecture — how telemetry, detections, identities, and workflows fit together into a coherent operational platform.
In this episode, Ahmed Achchak (Co-founder & CEO of Qevlar AI) speaks with Demetrius Comes, VP of Security at Squarespace, about why the biggest operational gaps in security come from poorly designed systems rather than missing alerts. Drawing on his background in engineering and product development, Demetrius explains why SOCs benefit from thinking like architects, not just tool buyers.
You’ll discover:
→ Where the line is between a true SOC system and a stack of disconnected security tools. 
→ How engineering thinking helps design more resilient and scalable security operations. 
→ Why logging and telemetry decisions made early can create years of operational friction. 
→ What a well-designed security data layer actually looks like in practice. 
→ How to prevent your SOC architecture from slowly drifting into a patchwork of historical decisions.
Agenda
00:00 – Introduction: Why SOC performance is really an architecture problem
01:13 – The difference between a SOC system and a pile of tools
02:58 – How engineering thinking shapes security architecture decisions
03:18 – Deciding what to build, buy, or integrate in a modern security stack
05:18 – The rising challenge of non-human identities in modern systems
07:16 – Architectural mistakes that create years of SOC inefficiency
08:53 – Why missing or poorly designed logging breaks detection programs
10:20 – Designing a security data layer that can evolve with the product
11:13 – Operational readiness reviews and why security must be part of feature releases
12:23 – Preventing architecture drift with retrospectives and continuous improvement
13:30 – Fire Round
Follow Demetrius on LinkedIn: https://www.linkedin.com/in/demetriuscomes/
Follow Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/
Stay tuned for Qevlar AI updates: https://www.linkedin.com/company/qevlar/
Curious to learn how Qevlar AI can automate your alert investigation so your team can focus on the alerts that matter? Head to: qevlar.com

Most SOCs say they’re “not ready for AI.” Others rush in, hoping AI will magically fix years of neglected fundamentals.
Both approaches aren’t ideal.
In this episode, Ahmed Achchak (CEO & Co-founder, Qevlar AI) sits down with Rafal Kitab, Director of SecOps & Incident Response at ConnectWise, to talk about when exactly AI should be added in the SOC.
Rafal argues that AI doesn’t fix broken SOCs. It amplifies whatever you already are. If your processes are solid, AI can extend your capacity. If they’re broken, AI just helps you fail faster with greener dashboards.
You’ll learn:
→ Which AI promises for SecOps in 2025 actually held up in production and which ones collapsed on contact with reality
→ Why adding AI too early can hide inefficiency instead of fixing it
→ The non-negotiable SOC fundamentals that must exist before AI delivers real value
→ How to measure “AI success” without vanity metrics
→ Rafal’s bold prediction for how AI will change day-to-day SOC work in 2026 (and who it benefits most)
Agenda
00:00 – Introduction: Are SOCs really “not ready” for AI?
01:27 – The big AI promises of 2025: what worked and what didn’t
02:44 – Why “AI SOC” testing often fails before it starts
04:41 – How AI can accelerate inefficiency instead of reducing it
05:58 – Why green SLAs don’t mean better detection and response
08:07 – The non-negotiable SOC fundamentals before AI adds value
09:34 – Measuring workload, quality, and real capacity in a SOC
10:26 – Why SOCs fix tools before processes — and pay for it later
13:45 – Rafał’s bold predictions for AI in the SOC in 2026
Follow Rafal Kitab on LinkedIn: https://www.linkedin.com/in/rafal-kitab/
Follow Ahmed Achchak on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/
Stay tuned for updates from Qevlar AI: https://www.linkedin.com/company/qevlar
Curious how Qevlar AI helps SOCs connect weak signals and surface real intrusions earlier? Head to: qevlar.com

Is your SOC ready for the new era of GenAI attacks?
In this episode, Ahmed Achchak sits down with Jai Minton, Senior Manager of Hunt & Response at Huntress, to break down how attackers consistently bypass even “mature” SOCs by abusing legitimate tools, blending into normal behavior, and operating in places defenders rarely monitor closely.
This conversation is for SOC leaders who want to understand:
→ Which intrusion patterns slip past EDR and SIEM without triggering alerts
→ Where telemetry is silently missing, shallow, or unusable when it matters
→ Why malware-free attacks are harder to catch than most teams expect
→ How weak signals can reveal early-stage intrusions, if you know how to connect them
→ What detection strategies no longer scale against how attackers operate today
Agenda
00:00 – Why SOC blind spots still exist
00:58 – Intrusion patterns that evade even mature SOCs
03:09 – Why context is the real detection problem
04:01 – Telemetry SOCs think they have (but actually don’t)
05:48 – Why logs are missing in the first place
07:00 – The weak signals attackers can’t avoid
08:19 – Can detection of weak signals actually scale?
10:20 – AI on offense: what SOCs are unprepared for
13:48 – Structural detection failures hunters see everywhere
14:45 – Redesigning detection for how attackers operate today
Follow Jai Minton on LinkedIn: https://www.linkedin.com/in/jaiminton/
Follow Ahmed Achchak on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/
Stay tuned for updates from Qevlar AI: https://www.linkedin.com/company/qevlar
Curious how Qevlar AI helps SOCs connect weak signals and surface real intrusions earlier? Head to: qevlar.com

Most enterprises talk about unifying IT, OT and cloud security, but very few actually pull it off. In this episode, Ahmed has invited Daniel Kästle, former Head of Cyber Defense at Mercedes-Benz, to break down what it really takes to move from three isolated security worlds to a risk-driven cyber defense capability.
You’ll discover:
→ Why IT, OT and cloud security remain stubbornly siloed, and why the real blockers have nothing to do with tools.
→A practical blueprint for building interoperability without chaos, even when threat models and data formats differ wildly.
→ Why no vendor will ever give you the mythical one platform for everything, and what unified visibility actually means in real life.
→ How some organizations successfully build teams that understand all three environments without hiring unicorn analysts.
→ The governance decisions that matter most when you need to isolate systems or contain fast-moving attacks
→ Why retention is Daniel’s surprising north-star metric for SOC health.
Agenda
00:00 – Introduction: Why unifying IT, OT, and cloud still feels impossible
02:03 – The real reason these environments stay siloed (not a tooling problem)
03:29 – Why the term SOC no longer reflects what modern teams actually do
04:42 – What unified visibility realistically looks like and where it stops
06:45 – Why a single platform can never cover IT, OT, and cloud
08:22 – The only viable starting point for interoperability
10:53 – How to build cross-domain talent without chasing unicorn hires
14:40 – Making governance work when IT and OT operate under different rules
17:01 – How unified cyber defense changes the response to global threats
19:23 – Why speed of response matters more than building perfect defenses
20:14 – Fire Round
Follow Daniel Kästle on LinkedIn: https://www.linkedin.com/in/dk31337/
Follow Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/
Stay tuned for Qevlar AI updates: https://www.linkedin.com/company/qevlar
Curious how Qevlar AI helps your analysts focus on the alerts that truly matter?
Head to qevlar.com