Episode Details
Back to EpisodesBuilding Trust Into Agentic SOC Tools with Oren Saban
Description
Agentic SOC platforms are no longer a future pitch — they're shipping, and teams are using them to triage and investigate cases end to end. But speed and automation only matter if you can trust the output. John sits down with Oren Saban to unpack what it actually takes to build a trustworthy agentic SOC tool.
They cover why these platforms are built as swarms of specialized agents rather than one generalist model, the role organizational context and data quality play in getting good results, how teams measure confidence and catch AI mistakes before they become missed detections, which analyst skills are becoming obsolete and which matter more than ever, and the emerging risk of prompt injection attacks against AI-powered SOC tools.
If you're evaluating these platforms — or trying to figure out what trust actually means when AI is doing most of the investigating — this conversation lays out the real tradeoffs.
Oren on LinkedIn: https://www.linkedin.com/in/oren-saban/
Contact, Courses, and More:
For feedback, reviews, guest pitches, or to get in contact with me for any other reason, head to blueprintpodcast.live!
Check out John's SOC Training Courses for SOC Analysts and Leaders:
- SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations
- LDR551: Building and Leader Security Operations Centers
Follow and Connect with John: LinkedIn