EPISODE · Feb 24, 2026 · 1H 6M
How CISOs Should Rationalize the Security Stack
from Full Metal Packet
Ralph Chammah, Co-Founder & CEO of Blacklight AI, shares a builder’s perspective shaped by years in cybersecurity analytics—what breaks in real SOC environments, and what it takes to make detection actually usable at scale.In this episode, Ralph explains why “AI-first” security isn’t a label—it’s an operating model for reducing alert noise, improving context, and helping teams detect behavior that rule-based systems routinely miss.He explains:Why security stacks get noisy (and what “AI-first” should actually mean)How to cut through acronyms like XDR/MDR and evaluate real valueHow to use context + behavior patterns to catch insider risk and compromiseWhy privacy/trust decisions (local vs external processing) matter in AI securityHow replay/simulation helps validate detections and reduce false positivesEpisode Timeline:(01:46) Meet Ralph + what Blacklight AI does(06:45) Why he left the Big 4 to build a product(12:26) Tool overload, acronyms, and differentiation (XDR/MDR)(18:10) Why AI belongs in detection (and how to avoid bad signals)(21:44) Trust & privacy: where the data goes (and why)(23:16) “Battle scars” from SIEM life: parsers, missing fields, manual grind(29:32) Selective ingestion vs. “pipe everything” into the magic box(31:32) Validation: replaying history + simulation to prove detections(35:35) Biggest high-risk wins: insider threat + slow-burn intrusions(39:13) Jaguar Land Rover breach story + business impact(47:27) Quickest wins: what to connect first by maturity level(49:55) What tools he’d remove first (and why)(59:39) Platform vs point solutions: the real trade-offConnect with Ralph on LinkedInPowered by controld.com
NOW PLAYING
How CISOs Should Rationalize the Security Stack
No transcript for this episode yet
Similar Episodes
May 7, 2026 ·86m
Apr 29, 2026 ·111m
Apr 20, 2026 ·57m
Apr 18, 2026 ·89m
Apr 13, 2026 ·59m
Apr 9, 2026 ·82m