Breach Ready Radio

Send us Fan MailAI is moving into security operations fast, but the gap between a strong demo and something you can trust in production is still bigger than most teams want to admit. That gap is where risk starts. Eddie frames that early by pushing back on the idea that AI is about reducing headcount and arguing that the teams getting the most value are using it to amplify their best people instead. In this episode of Breach Ready Radio, I sit down with Eddie Kim, Principal Advisor in AI Modern Data Strategy at AWS, for a practical conversation about what it really takes to make AI useful inside security teams. We get into the difference between an assistant and an agent, why trust changes the moment a system can take action, and why clear boundaries, logging, limits, and auditability are the real bar for live environments.   We also dig into what breaks as organizations move from one agent to many. Specialization is powerful, but coordination, explainability, governance, and failure handling all get harder in a mesh environment. Eddie walks through why production readiness is not just about model quality. It is about infrastructure, observability, session handling, tool connectivity, and knowing how the system behaves over time at scale.   The conversation gets especially practical when we talk about what leaders should actually measure. Not agent counts. Not token spend. Outcomes. Faster response times. Fewer false positives. More incidents closed with the same team. Less burnout. Better work. That is the difference between real value and an expensive demo. We close on the leadership challenge. Security teams cannot afford to show up late. Eddie makes the case for partnering early with the business, reading past the marketing speak, and asking harder questions before trusting any vendor claim. If you are sorting through AI promises in the SOC right now, this episode will give you a better lens on what matters and what to push on.

Send us Fan MailAI is moving into security operations fast, but the uncomfortable truth is that “autonomous SOC” talk can create more risk than it removes. I sit down with Ken Weston, Senior Solutions Engineer at LimaCharlie, to get brutally practical about agentic AI in cybersecurity, what it can reliably automate today, and where humans still need to be firmly in the loop. We dig into how AI changes Level 1 and Level 2 analyst work, why the cybersecurity skills gap may actually get worse before it gets better, and how sloppy AI-assisted coding can quietly introduce new vulnerabilities.Then we switch gears into a wild hacker story that starts with stolen camera gear and ends with a lesson on EXIF metadata, OSINT, and real-world investigations. Ken explains how camera make, model, and serial numbers embedded in images can be mined and searched, why many platforms now scrub metadata, and what that means for privacy and forensics when companies may still archive data behind the scenes.We close with a clear-eyed look at the 2026 SOC: hybrid AI as “cyborg security,” MCP servers, Cloud Code style automation, guardrails for production, and the looming data pipeline problem of token costs and compute. If you’re modernizing your SIEM, EDR, MDR workflows, or cloud security operations, you’ll leave with sharper questions to ask vendors and a safer way to experiment without handing the keys to a black box. Subscribe, share this with a security leader who needs a reality check, and leave a review with your biggest question about AI in the SOC.Ken Westin is currently Senior Solutions Engineer at LimaCharlie, and an adjunct cybersecurity instructor at Lewis & Clark College. He has beenin the cybersecurity field for over two decades, working with companies to improve their security posture through threat hunting, insider threat programs, and vulnerability research.In the past, he has worked closely with law enforcement helping to unveil organized crime groups. His work has been featured in Wired, Forbes, New York Times, Good Morning America, and others, and he is regularly reached out to as an expert in cybersecurity, cybercrime, data science, and surveillance.

Send us Fan MailWhat happens when your company's cyber defenses face a deepfake attack impersonating leadership? Bill Shearstone, Director of Information Security in the energy sector, shares the eye-opening results from a penetration test where his team used AI-generated deepfake technology to trick an employee into resetting credentials. Despite technical limitations and the employee's "gut feeling that something wasn't right," the attack succeeded - revealing crucial lessons about human psychology in security.Drawing from both his extensive commercial experience and previous work at the NSA during the global war on terrorism, Shearstone offers practical insights on how organizations should approach penetration testing. Rather than repeatedly testing external defenses, he advocates starting tests with internal access to thoroughly evaluate detection capabilities, incident response procedures, and lateral movement controls. This approach uncovered a critical finding: security tools detected suspicious activity but failed to provide the complete picture of what was happening.Shearstone emphasizes why cybersecurity's strength lies in continuous improvement and incident response preparation: "If I look at an attack coming in and I'm able to contain it without impacting business operations tremendously, to me that's just as good as preventing an attack." His pragmatic approach acknowledges that perfect prevention is impossible, making effective detection and response capabilities equally crucial for organizational resilience.

Send us Fan MailBy exploring the complexities of cybersecurity in a law firm, we gain insight into the unique challenges faced by small teams managing sensitive data. Tim Thornsberry, Director of Information Security at Steptoe & Johnson, shares his experience navigating these waters with limited resources. • Introduction of Tim Thornsberry and his role at Steptoe & Johnson  • The unique cybersecurity challenges faced by law firms  • Managing threat detection with a small security team  • Embracing automation and AI in cybersecurity  • The value of generalist skills versus specialization in cybersecurity  • Advice for professionals in small security teams  Thank you for joining us! Feel free to connect with us on social media and share your thoughts.

Send us Fan MailDiscover the world of cybersecurity through the eyes of Tim Peck, the Senior Security Researcher at Securonix, as he shares his journey from a sysadmin role to a leading figure in threat research and incident response. Learn how Securonix integrates advanced threat intelligence into its products to outsmart cyber adversaries and enhance detection capabilities, offering unparalleled value to both the industry and their customers. Tim reveals how timely advisories can disrupt the plans of threat actors, highlighting the proactive nature of modern cybersecurity.Join us as we unravel the complexities of modern cyber warfare, focusing on the tactics of high-profile APT groups and the innovative challenges posed by malware like STEEP#MAVERICK. Understand the necessity of a layered security approach and how pairing technologies can close potential gaps in detection, particularly through SIEM systems. This episode sheds light on the evolving strategies of cyber adversaries and explores how organizations can bolster their defenses against sophisticated threats.Explore the dual impact of AI on cybersecurity, where it serves as both an ally and a threat. While AI enhances our capabilities, it also empowers malicious actors to deploy threats at unprecedented speed and scale. Despite these challenges, threat intelligence remains a cornerstone of cybersecurity, transforming into actionable insights that fortify defenses. By understanding threat actors' methodologies, organizations can not only react to known threats but also anticipate and mitigate future risks, proving that informed strategies are key to securing the digital frontier.

Send us Fan MailJoin us for an engaging conversation with Evgeniy Kharam, a distinguished cybersecurity expert, as he takes us through his fascinating journey from the Israeli Navy to becoming a leading figure in the field. Evgeniy shares invaluable insights into the critical role that effective communication plays alongside technical expertise in cybersecurity. We also discuss the novel Ski and Snowboard Cybersecurity Conference, an innovative blend of networking and leisure that offers a fresh perspective on professional connections.We navigate the rapidly evolving world of cybersecurity technology, the challenges that hybrid organizations face, strategic decisions about cloud providers, disaster recovery plans, and service consolidation. We also discussed challenging the notion of "best practices" in cybersecurity, advocating for a systems-thinking approach tailored to each organization's needs. Evgeniy emphasizes the importance of clear communication and understanding your audience to translate technical concepts effectively. Join us for this insightful episode that promises to enrich your understanding of the dynamic cybersecurity arena.

Send us Fan MailTune in to the first episode of SIEMple Talks with host Augusto Barros as he sits down with Scott McCrady, CEO of SolCyber. Together, they dive deep into the evolving role of Managed Security Service Providers (MSSPs) in modern organizations. From their origins in device management to becoming strategic partners in cybersecurity, this episode explores how MSSPs provide advanced threat detection, 24/7 response capabilities, and valuable security guidance during "peacetime." Learn how MSSPs are changing the game for businesses of all sizes.