Episode 64: Steve Fink, CTO and CISO at Secure Yeti
Fri Nov 07 2025
In this episode of the @Endace, Packet Forensic Files, Michael Morris chats with Steve Fink, CTO and CISO of Secure Yeti and architect of the SOCs for Black Hat, RSA Conference, and Cisco Live, for an in-depth look at building effective Security Operations Centers (SOCs).
With 26 years of cybersecurity experience, Fink shares strategies for leveraging packet data, integrating AI for automation, fostering vendor collaboration, and ensuring scalability and resilience.
This expert-led discussion is a must-watch for cybersecurity professionals who want to learn how to optimize threat detection and avoid data swamps .
ABOUT ENDACE
*****************
Endace (https://www.endace.com) is a world leader in high-performance packet capture solutions for cybersecurity, network and application performance.
EndaceProbes are deployed on some of the world's largest, fastest and most critical networks. EndaceProbe models are available for on-premise, private cloud and public cloud deployments - delivering complete hybrid cloud visibility from a single pane-of-glass.
Endace’s open EndaceProbe Analytics appliances (https://www.endace.com/endaceprobe) can be deployed in on-premise locations and can also host third-party security and performance monitoring solutions while simultaneously recording a 100% accurate history of network activity.
CHAPTERS
01:24 Why is your nickname 'Fink' and not Steve?
02:17 What foundational, architectural principles are essential when designing a next-gen SOC?
05:43 How do you approach scalability & modularity in NOC/SOC design to accommodate future growth?
08:57 How have you evolved to integrate cloud native technology or hybrid environments into your SOC and what were the challenges?
12:04 What role does packet data and centralized logging play in your SOC design and how do you ensure efficient data ingestion and retrieval?
14:45 How do you architect SOC to support real time threat detection and response across geographically distributed global infrastructures?
17:55 What strategies do you use for disaster recovery?
20:35 How do you incorporate AI, ML and automation capabilities into your SOC architecture to enhance threat hunting?
23:02 What are your best practices for integrating third-party tools?
More
In this episode of the @Endace, Packet Forensic Files, Michael Morris chats with Steve Fink, CTO and CISO of Secure Yeti and architect of the SOCs for Black Hat, RSA Conference, and Cisco Live, for an in-depth look at building effective Security Operations Centers (SOCs). With 26 years of cybersecurity experience, Fink shares strategies for leveraging packet data, integrating AI for automation, fostering vendor collaboration, and ensuring scalability and resilience. This expert-led discussion is a must-watch for cybersecurity professionals who want to learn how to optimize threat detection and avoid data swamps . ABOUT ENDACE ***************** Endace (https://www.endace.com) is a world leader in high-performance packet capture solutions for cybersecurity, network and application performance. EndaceProbes are deployed on some of the world's largest, fastest and most critical networks. EndaceProbe models are available for on-premise, private cloud and public cloud deployments - delivering complete hybrid cloud visibility from a single pane-of-glass. Endace’s open EndaceProbe Analytics appliances (https://www.endace.com/endaceprobe) can be deployed in on-premise locations and can also host third-party security and performance monitoring solutions while simultaneously recording a 100% accurate history of network activity. CHAPTERS 01:24 Why is your nickname 'Fink' and not Steve? 02:17 What foundational, architectural principles are essential when designing a next-gen SOC? 05:43 How do you approach scalability & modularity in NOC/SOC design to accommodate future growth? 08:57 How have you evolved to integrate cloud native technology or hybrid environments into your SOC and what were the challenges? 12:04 What role does packet data and centralized logging play in your SOC design and how do you ensure efficient data ingestion and retrieval? 14:45 How do you architect SOC to support real time threat detection and response across geographically distributed global infrastructures? 17:55 What strategies do you use for disaster recovery? 20:35 How do you incorporate AI, ML and automation capabilities into your SOC architecture to enhance threat hunting? 23:02 What are your best practices for integrating third-party tools?