SuperSOC: Conversations with the People Shaping the Future of Security Operations

Most SOCs say they’re “not ready for AI.” Others rush in, hoping AI will magically fix years of neglected fundamentals.
Both approaches aren’t ideal.
In this episode, Ahmed Achchak (CEO & Co-founder, Qevlar AI) sits down with Rafal Kitab, Director of SecOps & Incident Response at ConnectWise, to talk about when exactly AI should be added in the SOC.
Rafal argues that AI doesn’t fix broken SOCs. It amplifies whatever you already are. If your processes are solid, AI can extend your capacity. If they’re broken, AI just helps you fail faster with greener dashboards.
You’ll learn:
→ Which AI promises for SecOps in 2025 actually held up in production and which ones collapsed on contact with reality
→ Why adding AI too early can hide inefficiency instead of fixing it
→ The non-negotiable SOC fundamentals that must exist before AI delivers real value
→ How to measure “AI success” without vanity metrics
→ Rafal’s bold prediction for how AI will change day-to-day SOC work in 2026 (and who it benefits most)
Agenda
00:00 – Introduction: Are SOCs really “not ready” for AI?
01:27 – The big AI promises of 2025: what worked and what didn’t
02:44 – Why “AI SOC” testing often fails before it starts
04:41 – How AI can accelerate inefficiency instead of reducing it
05:58 – Why green SLAs don’t mean better detection and response
08:07 – The non-negotiable SOC fundamentals before AI adds value
09:34 – Measuring workload, quality, and real capacity in a SOC
10:26 – Why SOCs fix tools before processes — and pay for it later
13:45 – Rafał’s bold predictions for AI in the SOC in 2026
Follow Rafal Kitab on LinkedIn: https://www.linkedin.com/in/rafal-kitab/
Follow Ahmed Achchak on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/
Stay tuned for updates from Qevlar AI: https://www.linkedin.com/company/qevlar
Curious how Qevlar AI helps SOCs connect weak signals and surface real intrusions earlier? Head to: qevlar.com

Is your SOC ready for the new era of GenAI attacks?
In this episode, Ahmed Achchak sits down with Jai Minton, Senior Manager of Hunt & Response at Huntress, to break down how attackers consistently bypass even “mature” SOCs by abusing legitimate tools, blending into normal behavior, and operating in places defenders rarely monitor closely.
This conversation is for SOC leaders who want to understand:
→ Which intrusion patterns slip past EDR and SIEM without triggering alerts
→ Where telemetry is silently missing, shallow, or unusable when it matters
→ Why malware-free attacks are harder to catch than most teams expect
→ How weak signals can reveal early-stage intrusions, if you know how to connect them
→ What detection strategies no longer scale against how attackers operate today
Agenda
00:00 – Why SOC blind spots still exist
00:58 – Intrusion patterns that evade even mature SOCs
03:09 – Why context is the real detection problem
04:01 – Telemetry SOCs think they have (but actually don’t)
05:48 – Why logs are missing in the first place
07:00 – The weak signals attackers can’t avoid
08:19 – Can detection of weak signals actually scale?
10:20 – AI on offense: what SOCs are unprepared for
13:48 – Structural detection failures hunters see everywhere
14:45 – Redesigning detection for how attackers operate today
Follow Jai Minton on LinkedIn: https://www.linkedin.com/in/jaiminton/
Follow Ahmed Achchak on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/
Stay tuned for updates from Qevlar AI: https://www.linkedin.com/company/qevlar
Curious how Qevlar AI helps SOCs connect weak signals and surface real intrusions earlier? Head to: qevlar.com

Most enterprises talk about unifying IT, OT and cloud security, but very few actually pull it off. In this episode, Ahmed has invited Daniel Kästle, former Head of Cyber Defense at Mercedes-Benz, to break down what it really takes to move from three isolated security worlds to a risk-driven cyber defense capability.
You’ll discover:
→ Why IT, OT and cloud security remain stubbornly siloed, and why the real blockers have nothing to do with tools.
→A practical blueprint for building interoperability without chaos, even when threat models and data formats differ wildly.
→ Why no vendor will ever give you the mythical one platform for everything, and what unified visibility actually means in real life.
→ How some organizations successfully build teams that understand all three environments without hiring unicorn analysts.
→ The governance decisions that matter most when you need to isolate systems or contain fast-moving attacks
→ Why retention is Daniel’s surprising north-star metric for SOC health.
Agenda
00:00 – Introduction: Why unifying IT, OT, and cloud still feels impossible
02:03 – The real reason these environments stay siloed (not a tooling problem)
03:29 – Why the term SOC no longer reflects what modern teams actually do
04:42 – What unified visibility realistically looks like and where it stops
06:45 – Why a single platform can never cover IT, OT, and cloud
08:22 – The only viable starting point for interoperability
10:53 – How to build cross-domain talent without chasing unicorn hires
14:40 – Making governance work when IT and OT operate under different rules
17:01 – How unified cyber defense changes the response to global threats
19:23 – Why speed of response matters more than building perfect defenses
20:14 – Fire Round
Follow Daniel Kästle on LinkedIn: https://www.linkedin.com/in/dk31337/
Follow Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/
Stay tuned for Qevlar AI updates: https://www.linkedin.com/company/qevlar
Curious how Qevlar AI helps your analysts focus on the alerts that truly matter?
Head to qevlar.com

How do you guarantee the same investigative depth and accuracy when you’re running security operations for thousands of customers and processing billions of alerts per day?
In this episode, Beatrice Francon, Director of MDR Services at Atos, joins Ahmed Achchak (CEO and co-founder of Qevlar AI) to unpack how Atos scales investigative quality across diverse client environments — from critical infrastructure to finance and healthcare — without losing the human context that defines great security operations.
You’ll discover:
→ Where AI truly adds value in MDR operations today, and where human expertise remains irreplaceable.
→ How Atos balances standardization for efficiency with customization for client-specific risks.
→ Why “no black box” AI and a human-in-the-loop approach are essential for auditability and trust.
→ How Atos turns every AI-generated investigation report into a training accelerator for junior analysts.
→ The evolving boundary between SOAR automation and AI-led investigation, and where each shines today.
Agenda:
00:00 – Introduction: The multi-tenant investigation challenge
02:23 – Where AI delivers real value in MDR workflows
03:54 – Why human oversight still dominates in response and context
06:29 – Balancing efficiency with client-specific risk and context
10:25 – Why “no black box” AI is key to accountability and compliance
13:19 – How Atos ensures knowledge transfer across hundreds of clients
15:27 – AI investigation reports as a new training model for analysts
18:33 – Integrating SOAR and AI SOC: avoiding overlap and maximizing value
21:37 – Fire Round
About Atos:
Atos Group is a global leader in digital transformation with c. 70,000 employees and annual revenue of c. € 10 billion, operating in 67 countries under two brands — Atos for services and Eviden for products. European number one in cybersecurity, cloud and high-performance computing, Atos Group is committed to a secure and decarbonized future and provides tailored AI-powered, end-to-end solutions for all industries. Atos is a SE (Societas Europaea) and listed on Euronext Paris.
Learn more about Qevlar for your SOC: www.qevlar.com
Follow Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/
Follow Beatrice on LinkedIn: https://www.linkedin.com/in/beatrice-francon/

Tier 1, Tier 2, Tier 3 — the hierarchy every SOC grew up with. But as AI takes over triage and investigation, does that model still make sense?
In this episode, Ahmed Achchak (CEO and co-founder of Qevlar AI) talks with Rob van Os, Strategic SOC Advisor and creator of the SOC-CMM framework — one of the most widely adopted models for assessing and improving SOC maturity worldwide.
Together, they unpack whether modern AI-driven operations make the tiered model obsolete, how skills-based SOCs are emerging, and what this shift means for talent, economics, and trust in AI-assisted decisions.
You’ll discover:
→ Why AI automation challenges the core logic behind tiered SOCs.
→ How the SOC-CMM framework helps leaders benchmark and evolve toward post-tier models.
→ The real blocker to full autonomy: missing infrastructure and business context.
→ How to grow and mentor analysts when “entry-level” alerts no longer exist.
→ How to prevent “shadow tiering” from silently reappearing in AI-augmented SOCs.
Rob also shares his prediction on when large enterprises will finally abandon tier and the new engineering and AI skills every modern analyst will need to thrive.
Agenda
00:00 – Introduction: What happens to the tiered SOC when AI takes over L1 and L2?
01:11 – New roles emerging: AI orchestrators and complex-case specialists
03:03 – Trust in AI and why automation still hits the “context” wall
04:54 – Developing junior talent in a post-tier world
06:46 – From tiers to skills: the rise of the skills-based SOC
07:11 – Does AI break the business logic of tiering?
09:19 – Engineering skills every modern analyst will need
10:15 – Why a fully autonomous SOC remains out of reach
13:21 – MSSPs vs in-house SOCs: different economics, same lessons
15:07 – Avoiding “shadow tiering” with proper knowledge management
17:27 – Rob’s prediction: Will enterprises abandon tiers in 3–5 years?
18:19 – Fire Round
Learn more about Qevlar for your SOC: https://www.qevlar.com/
Follow Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/
Follow Rob on LinkedIn: https://www.linkedin.com/in/socadvisor/