EP261 No More Aspiration: Scaling a Modern SOC with Real AI Agents
Mon Feb 02 2026
Guest:
Dennis Chow, Director of Detection Engineering at UKG
Topics:
We ended our season talking about the AI apocalypse. In your opinion, are we living in the world that the guests describe in their apocalypse paper? Do you think AI-powered attacks are really here, and if so, what is your plan to respond? Is it faster patching? Better D&R? Something else altogether? Your team has a hybrid agent workflow: could you tell us what that means? Also, define "AI agent" please. What are your production use cases for AI and AI agents in your SOC? What are your overall SOC metrics and how does the agentic AI part play into that? It's one thing to ask a team "hey what did y'all do last week" and get a good report - how are you measuring the agentic parts of your SOC? How are you thinking about what comes next once AI is automatically writing good (!) rules for your team out of research blog posts and TI papers? Resources:
Video version Agentic AI in the SOC: Build vs Buy Lessons EP255 Separating Hype from Hazard: The Truth About Autonomous AI Hacking EP256 Rewiring Democracy & Hacking Trust: Bruce Schneier on the AI Offense-Defense Balance EP252 The Agentic SOC Reality: Governing AI Agents, Data Fidelity, and Measuring Success EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI EP242 The AI SOC: Is This The Automation We've Been Waiting For? Google Cloud Skill Boost
More
Guest: Dennis Chow, Director of Detection Engineering at UKG Topics: We ended our season talking about the AI apocalypse. In your opinion, are we living in the world that the guests describe in their apocalypse paper? Do you think AI-powered attacks are really here, and if so, what is your plan to respond? Is it faster patching? Better D&R? Something else altogether? Your team has a hybrid agent workflow: could you tell us what that means? Also, define "AI agent" please. What are your production use cases for AI and AI agents in your SOC? What are your overall SOC metrics and how does the agentic AI part play into that? It's one thing to ask a team "hey what did y'all do last week" and get a good report - how are you measuring the agentic parts of your SOC? How are you thinking about what comes next once AI is automatically writing good (!) rules for your team out of research blog posts and TI papers? Resources: Video version Agentic AI in the SOC: Build vs Buy Lessons EP255 Separating Hype from Hazard: The Truth About Autonomous AI Hacking EP256 Rewiring Democracy & Hacking Trust: Bruce Schneier on the AI Offense-Defense Balance EP252 The Agentic SOC Reality: Governing AI Agents, Data Fidelity, and Measuring Success EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI EP242 The AI SOC: Is This The Automation We've Been Waiting For? Google Cloud Skill Boost