SuperSOC: Conversations with the People Shaping the Future of Security Operations

Is your SOC ready for the new era of GenAI attacks?
In this episode, Ahmed Achchak sits down with Jai Minton, Senior Manager of Hunt & Response at Huntress, to break down how attackers consistently bypass even “mature” SOCs by abusing legitimate tools, blending into normal behavior, and operating in places defenders rarely monitor closely.
This conversation is for SOC leaders who want to understand:
→ Which intrusion patterns slip past EDR and SIEM without triggering alerts
→ Where telemetry is silently missing, shallow, or unusable when it matters
→ Why malware-free attacks are harder to catch than most teams expect
→ How weak signals can reveal early-stage intrusions, if you know how to connect them
→ What detection strategies no longer scale against how attackers operate today
Agenda
00:00 – Why SOC blind spots still exist
00:58 – Intrusion patterns that evade even mature SOCs
03:09 – Why context is the real detection problem
04:01 – Telemetry SOCs think they have (but actually don’t)
05:48 – Why logs are missing in the first place
07:00 – The weak signals attackers can’t avoid
08:19 – Can detection of weak signals actually scale?
10:20 – AI on offense: what SOCs are unprepared for
13:48 – Structural detection failures hunters see everywhere
14:45 – Redesigning detection for how attackers operate today
Follow Jai Minton on LinkedIn: https://www.linkedin.com/in/jaiminton/
Follow Ahmed Achchak on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/
Stay tuned for updates from Qevlar AI: https://www.linkedin.com/company/qevlar
Curious how Qevlar AI helps SOCs connect weak signals and surface real intrusions earlier? Head to: qevlar.com

Most enterprises talk about unifying IT, OT and cloud security, but very few actually pull it off. In this episode, Ahmed has invited Daniel Kästle, former Head of Cyber Defense at Mercedes-Benz, to break down what it really takes to move from three isolated security worlds to a risk-driven cyber defense capability.
You’ll discover:
→ Why IT, OT and cloud security remain stubbornly siloed, and why the real blockers have nothing to do with tools.
→A practical blueprint for building interoperability without chaos, even when threat models and data formats differ wildly.
→ Why no vendor will ever give you the mythical one platform for everything, and what unified visibility actually means in real life.
→ How some organizations successfully build teams that understand all three environments without hiring unicorn analysts.
→ The governance decisions that matter most when you need to isolate systems or contain fast-moving attacks
→ Why retention is Daniel’s surprising north-star metric for SOC health.
Agenda
00:00 – Introduction: Why unifying IT, OT, and cloud still feels impossible
02:03 – The real reason these environments stay siloed (not a tooling problem)
03:29 – Why the term SOC no longer reflects what modern teams actually do
04:42 – What unified visibility realistically looks like and where it stops
06:45 – Why a single platform can never cover IT, OT, and cloud
08:22 – The only viable starting point for interoperability
10:53 – How to build cross-domain talent without chasing unicorn hires
14:40 – Making governance work when IT and OT operate under different rules
17:01 – How unified cyber defense changes the response to global threats
19:23 – Why speed of response matters more than building perfect defenses
20:14 – Fire Round
Follow Daniel Kästle on LinkedIn: https://www.linkedin.com/in/dk31337/
Follow Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/
Stay tuned for Qevlar AI updates: https://www.linkedin.com/company/qevlar
Curious how Qevlar AI helps your analysts focus on the alerts that truly matter?
Head to qevlar.com

How do you guarantee the same investigative depth and accuracy when you’re running security operations for thousands of customers and processing billions of alerts per day?
In this episode, Beatrice Francon, Director of MDR Services at Atos, joins Ahmed Achchak (CEO and co-founder of Qevlar AI) to unpack how Atos scales investigative quality across diverse client environments — from critical infrastructure to finance and healthcare — without losing the human context that defines great security operations.
You’ll discover:
→ Where AI truly adds value in MDR operations today, and where human expertise remains irreplaceable.
→ How Atos balances standardization for efficiency with customization for client-specific risks.
→ Why “no black box” AI and a human-in-the-loop approach are essential for auditability and trust.
→ How Atos turns every AI-generated investigation report into a training accelerator for junior analysts.
→ The evolving boundary between SOAR automation and AI-led investigation, and where each shines today.
Agenda:
00:00 – Introduction: The multi-tenant investigation challenge
02:23 – Where AI delivers real value in MDR workflows
03:54 – Why human oversight still dominates in response and context
06:29 – Balancing efficiency with client-specific risk and context
10:25 – Why “no black box” AI is key to accountability and compliance
13:19 – How Atos ensures knowledge transfer across hundreds of clients
15:27 – AI investigation reports as a new training model for analysts
18:33 – Integrating SOAR and AI SOC: avoiding overlap and maximizing value
21:37 – Fire Round
About Atos:
Atos Group is a global leader in digital transformation with c. 70,000 employees and annual revenue of c. € 10 billion, operating in 67 countries under two brands — Atos for services and Eviden for products. European number one in cybersecurity, cloud and high-performance computing, Atos Group is committed to a secure and decarbonized future and provides tailored AI-powered, end-to-end solutions for all industries. Atos is a SE (Societas Europaea) and listed on Euronext Paris.
Learn more about Qevlar for your SOC: www.qevlar.com
Follow Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/
Follow Beatrice on LinkedIn: https://www.linkedin.com/in/beatrice-francon/

Tier 1, Tier 2, Tier 3 — the hierarchy every SOC grew up with. But as AI takes over triage and investigation, does that model still make sense?
In this episode, Ahmed Achchak (CEO and co-founder of Qevlar AI) talks with Rob van Os, Strategic SOC Advisor and creator of the SOC-CMM framework — one of the most widely adopted models for assessing and improving SOC maturity worldwide.
Together, they unpack whether modern AI-driven operations make the tiered model obsolete, how skills-based SOCs are emerging, and what this shift means for talent, economics, and trust in AI-assisted decisions.
You’ll discover:
→ Why AI automation challenges the core logic behind tiered SOCs.
→ How the SOC-CMM framework helps leaders benchmark and evolve toward post-tier models.
→ The real blocker to full autonomy: missing infrastructure and business context.
→ How to grow and mentor analysts when “entry-level” alerts no longer exist.
→ How to prevent “shadow tiering” from silently reappearing in AI-augmented SOCs.
Rob also shares his prediction on when large enterprises will finally abandon tier and the new engineering and AI skills every modern analyst will need to thrive.
Agenda
00:00 – Introduction: What happens to the tiered SOC when AI takes over L1 and L2?
01:11 – New roles emerging: AI orchestrators and complex-case specialists
03:03 – Trust in AI and why automation still hits the “context” wall
04:54 – Developing junior talent in a post-tier world
06:46 – From tiers to skills: the rise of the skills-based SOC
07:11 – Does AI break the business logic of tiering?
09:19 – Engineering skills every modern analyst will need
10:15 – Why a fully autonomous SOC remains out of reach
13:21 – MSSPs vs in-house SOCs: different economics, same lessons
15:07 – Avoiding “shadow tiering” with proper knowledge management
17:27 – Rob’s prediction: Will enterprises abandon tiers in 3–5 years?
18:19 – Fire Round
Learn more about Qevlar for your SOC: https://www.qevlar.com/
Follow Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/
Follow Rob on LinkedIn: https://www.linkedin.com/in/socadvisor/

In this episode, Ahmed Achchak (CEO & co-founder of Qevlar AI) invited Shane Shook, Venture Partner at Forgepoint Capital and longtime advisor to top security startups, to explore why false negatives (not false positives) are still the SOC’s most dangerous blind spot.

Shane shares insights from 30+ years in incident response and threat detection on where organizations miss early signals, why overtuning rules makes things worse, and how AI can finally shift detection left without overwhelming analysts.

You’ll discover:
→ Why most SOCs miss early-stage delivery attacks, and why “trust” is still the Achilles’ heel.
→ How fear of false positives actually creates false negatives.
→ Where context (user, privilege, resource history) can make or break early detection.
→ How agentic AI and reinforcement learning can spot weak signals at scale.
→ What practical steps CISOs should take to shift detection left in 2025–2026.

Check out Shane’s book Cybercrime Investigation Body of Knowledge
https://www.cibok.org/en/#section-download
And latest articles:
https://forgepointcap.com/tag/tips/

Agenda:
00:00 – Intro: Why false negatives, not false positives, cause the real damage
01:14 – How overtuning rules leads to blind spots
05:21 – The kill chain phase where most detections fail today
07:13 – Why trust relationships defeat zero trust defenses
09:02 – How AI can reduce false negatives without drowning in noise
12:18 – Why full organizational context is the missing piece
14:18 – The single most practical step to shift detection left
16:52 – Why focusing on breach indicators matters more than attack indicators
17:32 – Fire Round: The most underestimated kill chain stage
19:19 – False negatives happen when…
19:33 – The biggest risk CISOs still underestimate

Learn more about Qevlar for your SOC: https://www.qevlar.com/
Follow Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/
Follow Shane on LinkedIn: https://www.linkedin.com/in/shanedshook/