Opinionated analysis, guides, and expert takes from security operations practitioners.
AI triage is live in production SOCs. Learn which pipeline stages to trust it with, which to keep human-reviewed, and how to catch the new failure modes.
AI triage hasn't moved alert fatigue. The structural causes start upstream. Here's what to fix before another AI SOC pilot.
Detection engineering stalls when it's treated as a person, not a function. Here's what the function actually owns, and how to build it from Level 0.
Most IRPs are written for auditors, not analysts. Here's what a usable incident response plan actually contains, plus a stripped-down template.