The future of security operations with John Hubbard
Join us for this week's Defender Fridays as we explore the transformative impact of AI on Security Operations Centers with John Hubbard, SANS Senior Instructor and Cyber Defense Curriculum Lead.
At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.
What We'll Discuss
In this episode, John Hubbard shares insights on how AI and data lake architectures are fundamentally reshaping SOC operations in 2026. We explore the shift from traditional monolithic SIEMs to modern AI-powered security operations, examining how these changes are dramatically increasing operations tempo and enabling defenders to finally move faster than attackers.
Key Topics:
- The evolution from traditional SIEMs to data lake architectures and what it means for detection capabilities
- How AI agents are transforming SOC workflows and increasing operations tempo
- The changing role of tier one analysts and what skills will matter in AI-driven security operations
- Real-world ROI: 7-minute investigations and measurable cost savings from AI implementation
- Validation and quality metrics in an AI-first SOC environment
- The shift from reactive alert triage to proactive threat hunting enabled by automation
About Our Guest
John Hubbard is a SANS Senior Instructor and Cyber Defense Curriculum Lead, authoring two critical courses in the security operations space: SEC450 (SOC Analyst Training) and LDR551 (Building and Leading Security Operations Centers). He also hosts the Blueprint Podcast, where he explores innovative approaches to security operations with industry leaders. With extensive experience in both technical operations and SOC leadership, John brings a comprehensive perspective on how AI is reshaping defensive cybersecurity.
Register for Live Sessions
Join us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you – our audience.
Register here: https://limacharlie.io/defender-fridays
Subscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes!
Sponsored by LimaCharlie
This episode is brought to you by LimaCharlie, a cloud-native SecOps platform where AI agents operate security infrastructure directly. Founded in 2018, LimaCharlie provides complete API coverage across detection, response, automation, and telemetry, with multi-tenant architecture designed for MSSPs and MDR providers managing thousands of unique client environments.
Why LimaCharlie?
- Transparency: Complete visibility into every action and decision. No black boxes, no vendor lock-in.
- Scalability: Security operations that scale like infrastructure, not like procurement cycles. Move at cloud speed.
- Unopinionated Design: Integrate the tools you need, not just those contracts allow. Build security on your terms.
- Agentic SecOps Workspace (ASW): AI agents that operate alongside your team with observable, auditable actions through the same APIs human analysts use.
- Security Primitives: Composable building blocks that endure as tools come and go. Build once, evolve continuously.
Try the Agentic SecOps Workspace free: https://limacharlie.io
Learn more: https://docs.limacharlie.io
Follow LimaCharlie
Sign up for free: https://limacharlie.io
LinkedIn: / limacharlieio
X: https://x.com/limacharlieio
Community Discourse: https://community.limacharlie.com/
Host: Maxime Lamothe-Brassard - CEO & Co-founder at LimaCharlie
LinkedIn: https://www.linkedin.com/in/maximelb/
#cybersecurity #secops #infosec #soc #aiinsecurity #threathunting