All Articles

Actionable Insights for CISOs

1. Evaluate the Viability of Decoupled SIEM Architectures

While decoupled SIEMs offer flexibility by separating data collection, storage, and threat detection, they may introduce complexity and integration challenges. As

In the race to adopt AI, security executives might feel a bit like Martinus Evans, who came to fame for running eight marathons while weighing more than 300 pounds.

Evans didn’t believe he could run a marathon until he did it, and the same is true fo

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Cloud Threat Horizons Report, #12 (full version) that we just released (the official blog for #1 report, my unofficial

I will be really, really honest with you — I have been totally “writer-blocked” and so I decided to release it anyway today … given the date.

So abit of history first. So, my “SOC visibility triad” was released on August 4, 2015 as a Gartner blog (it

In my days there, Gartner had Maverick research (here is mine, from 2015 about social engineering AIs…. yes, really!) that “deliberately exposed unconventional thinking and may not agree with Gartner’s official positions.”

Here is a “maverick-ish” bl

Gemini imagines RSA 2025 (very tame!)

Ah, RSA. That yearly theater (Carnival? Circus? Orgy? Got any better synonyms, Gemini?) of 44,000 people vaguely (hi salespeople!) related to cybersecurity … where the air is thick with buzzwords and the v

Top 10 posts with the most lifetime views (excluding paper announcement blogs, Medium posts only):

1. Security Correlation Then and Now: A Sad Truth About SIEM
2. Can We Have “Detection as Code”?
3. Detection Engineering is Painful — and It Shouldn’t Be (

“Flickering screens, a sickly, yellow glow. Humming servers, a constant, low thrum of digital malaise. Alerts screamed into the void, a cacophony of meaningless noise, lost in the echoing expanse of our digital tomb. Playbooks, relics of a forgotten

Key Takeaways (Summary by Anton Chuvakin):

• SOC is first a TEAM. Next a PROCESS. And it uses TECHNOLOGY too, but ultimately people and process defines SOC success
• Key challenges in building a modern SOC include (1) gaining visibility with the expa