Evolving the SOC: Automating Manual Work while Maintaining Quality at Scale – Tim MalcomVetter – ESW #394
Tim MalcomVetter (@malcomvetter) is the Co-Founder of ⚡Wirespeed, a 100% Automated and SaaS-based MDR that is faster, more consistent, easier to use, and significantly cheaper than the legacy MDR approaches. We’re changing your relationship with MDR!
Tim has been building, defending, and hacking computer systems since the 1980s as a kid. Tim’s accomplishments include:
– startup exit to a world leading private equity firm
– scaling a security business to 300% growth in a little over a year
– building the Red Team program at the world’s largest company
– advising and consulting startups, enterprises, and mergers & acquisitions
– leading high performing teams
– hacking everything from mainframes to apps to AI
– holding an academic university cybersecurity research fellowship
– presenting at numerous technical conferences
– contributing to open source software and frameworks like MITRE ATT&CK
- Security Weekly listeners save $100 on their RSAC Conference 2025 Full Conference Pass! RSA Conference will take place April 28 to May 1 in San Francisco and on demand. To register using our discount code, please visit securityweekly.com/rsac25 and use the code 5U5SECWEEKLY! We hope to see you there!
A SecOps Medley: we talk automation, AI, data management, and EDR evaluations – Allie Mellen – ESW #394
- First, we'll discuss AI and automation in the SOC - Allie is covering this trend closely, and we want to know if she's seeing any results yet here.
- Next, we'll discover SecOps data management - the blood that delivers oxygen to the SOC muscles.
- Finally, we'll discuss MITRE's recent EDR evaluations - there was some contention around some vendors claiming to ace the test and we're going to get the tea on what's really going on here!
Allie Mellen is the author of Code War: How Nations Hack, Spy, and Shape the Digital Battlefield. She is a leading industry analyst who advises the Global 2000 on cybersecurity policy and practice, with a focus on detecting and responding to nation-state attacks. She is a featured speaker at many leading security conferences, including RSA Conference, Black Hat, SANS events, and others. Her insights are frequently featured in top business and technology outlets such as NPR, The Wall Street Journal, and The Washington Post.
The dark side of security leadership, will agentic be a thing, OWASP AI resources – ESW #394
- 5 acquisitions
- Tines gets funding
- new tools and DFIR reports to check out
- A legal precedent that could hurt AI companies
- AI garbage is in your code repos
- the dark side of security leadership
- HIPAA fines are broken
- Salt Typhoon is having a great time
- Don't use ChatGPT for legal advice!!!!!
Adrian Sanabria
- FUNDING: Tines – Announcing our $125M Series C fundraise
- ACQUISITIONS: List of acquisitions in title
We've got a bunch of mergers and acquisitions this week, so we've compiled them here.
- CyberArk Acquires Zilla Security to Reshape Identity Governance and Administration for the Modern Enterprise
- Drata to Acquire SafeBase, Accelerating Trust Management within Enterprise Governance, Risk, and Compliance - SafeBase always felt like a feature intended to slot into a OneTrust, Vanta, or Drata eventually, so no shock here.
- AttackIQ Acquires DeepSurface - Unsurprising, as we're seeing all the BAS vendors pivot towards attack surface management, posture management, CTEM, and "adversarial exposure validation" (automated pentesting, basically)
- The SolarWinds $4.4 billion acquisition gives CISOs what they least want: Uncertainty
- https://www.cnbc.com/2025/02/10/appdynamics-founder-jyoti-bansal-merges-startups-harness-traceable-.html
- NEW COMPANIES: Hello, World. 7AI Emerges from Stealth. Here We Go.
- TOOLS: GitHub – HuskyHacks/cazadora: Simple hunting script for suspicious M365 OAuth Apps
- DFIR: Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware
- AI TRENDS: Thomson Reuters wins AI copyright ‘fair use’ ruling against one-time competitor
IT'S HAPPENING
If this ruling stands, the courts might be wide open for anyone whose data was scraped and trained on by tech companies that have built foundation models. It's too early to guess how serious this could be, but the list of folks who had data scraped is nearly everyone with a public presence on the Internet.
If you're dependent on generative AI tech, it might be good to have a business continuity plan in place if your chosen product/vendor gets sued into oblivion. This kind of David/Goliath scenario is absolutely possible - we saw Apple recently forced to disable the blood oxygen sensors in its line of smartwatches after a much smaller competitor sued to enforce its patent rights.
- AI TRENDS: Mike Mason on LinkedIn: AI Copilot Code Quality: 2024 Data Shows 4x More Code Cloning
- AI TRENDS: OWASP Dramatically Expands GenAI Security Guidance with Guides for Handling Deepfakes, Building an AI Security Center of Excellence, and a GenAI Security Solutions Landscape
OWASP just dropped a ton of super useful AI resources!
In particular, I think their AI security solutions landscape is super useful.
There is also an AI security solutions cheat sheet, a guide to preparing for deepfake events, and an LLM and Generative AI Security Center of Excellence Guide.
- ESSAYS: The Dark Side of Security Leadership
- FINES: UHG Increases Change Healthcare Data Breach Victim Count to 190 Million
"The maximum financial penalty for a HIPAA violation set by the HITECH Act is $1.5 million, and adjusted for inflation is just over $2.1 million."
Do WHAT? If this was the EU, UHG would be getting hit with a $1B+ fine. I had no idea that HIPAA fines had so little bite. Why bother even fine - it's less than 10% of the ransom they paid the attackers!





