Interested in being a guest? Email us at admin@evankirstel.com

If your SOC is buried under alert noise, another flashy AI demo won’t save you. We go deeper into what actually works: starting with data strategy and detection quality so automation has real signal to work with, not chaos to summarize. Our guest CEO and Founder Karthik Kannan from Anvilogic explains what “agentic SecOps” looks like in practice, from data onboarding and normalization to detection engineering, hunting, triage, investigation, and the integrations that move outcomes into your ticketing or case management systems.

We talk through why many AI security operations tools jump straight to alert triage and why that can turn into a band aid. The more durable path is end-to-end context: knowing exactly which data sources fed a detection, what logic fired, and how the alert was produced. That lineage supports higher accuracy, cleaner investigations, and consistent mapping to frameworks like MITRE ATT&CK. We also dig into “show your work” explainability, why black box answers stall adoption, and how a decision trace helps teams build trust step by step.

On the architecture side, we explore federated security operations across the tools enterprises already run, including Splunk, Microsoft Sentinel, Snowflake, and Databricks. Instead of forcing every byte into a monolithic SIEM, federated queries and data lake strategies let teams correlate where the data lives while controlling cost and complexity. We close with a grounded take on whether AI replaces security analysts and why the real win is reducing burnout and up-leveling people into higher judgment work.

If this helped you rethink SOC automation, subscribe, share the episode with your team, and leave a review with the biggest bottleneck you want AI to tackle next.

Support the show

More at https://linktr.ee/EvanKirstel