The Detection at Scale Podcast is dedicated to helping security practitioners and their teams succeed at managing and responding to threats at a modern, cloud scale. Every episode is focused on actionable takeaways to help you get ahead of the curve and prepare for the trends and technologies shaping the future.
Episodes
Tuesday Jul 15, 2025
Tuesday Jul 15, 2025
In this episode of Detection at Scale, Jack speaks with Erik Bloch, VP of Security, Illumio, about why most security operations teams aren't ready for AI tools and what fundamental processes must be in place first. Erik challenges the industry's obsession with new technologies, sharing stories from his experience transforming underperforming security teams at major companies like Cisco, Salesforce, and Atlassian.
His conversation with Jack explores how to measure what actually matters in security operations, from team capacity utilization to business outcome dispositions, and why proper ticketing systems and actionable metrics are prerequisites for any advanced tooling to be effective.
Topics discussed:
- The importance of establishing fundamental processes like ticketing systems and metrics before implementing AI tools in security operations.
- How to measure team capacity utilization and resource allocation to identify when security operations teams are operating beyond sustainable levels.
- Why traditional security metrics like mean time to detect are often vanity metrics that don't provide actionable business intelligence.
- The critical need for security leaders to communicate in business language with concrete data rather than anecdotal risk assessments.
- How managed service providers will likely be the first to successfully adopt AI tools due to their standardized processes.
- The challenge of proving AI tool effectiveness when most organizations lack baseline metrics to measure improvement against established benchmarks.
- Why security teams gravitate toward building custom tools and how this impacts their approach to adopting commercial AI solutions.
- The role of MCP in enabling security teams to create their own agents and integrate multiple tools.
- How AI should focus on eliminating routine tasks like phishing email analysis rather than trying to catch advanced persistent threats.
- The framework for implementing AI tools by starting with business outcomes, defining metrics, identifying capabilities, and then inserting automation.
Listen to more episodes:
No comments yet. Be the first to say something!