Mythos may be the biggest cybersecurity AI announcement we’ve seen so far but is it actually a revolution for attackers, or just another overhyped AI moment? In this episode, Ahmed Achchak (CEO of Qevlar AI) sits down with cybersecurity consultant Dave McKenzie to break down what Mythos really changes for defenders, why most organizations are focusing on the wrong risks, and what SOC teams should prepare for now.

You’ll discover:

• Why Mythos is less about “AI hacking the world overnight” and more about accelerating targeted attacks.
• The hidden operational problem AI creates for SOCs: more signals, more vulnerabilities, and more difficult prioritization decisions.
• Why patching everything is no longer realistic and how mature teams should think about exposure instead.
• How AI can actually help defenders by connecting weak signals humans would normally miss.
• Why regulatory frameworks like PCI DSS may become unexpectedly painful in an AI-driven vulnerability landscape.

Agenda:

00:00 – Introduction: Is Mythos hype or a real shift for defenders?

02:16 – What Mythos actually changes in cybersecurity

06:11 – Why AI won’t “hack the world overnight”

09:22 – The SOC workflows most likely to break first

13:18 – How AI can help defenders connect weak signals

16:48 – Why patching everything no longer works

20:46 – The overlooked compliance and business risks

26:18 – Why prioritization becomes the key SOC capability

27:20 – Wrap-up: What defenders should focus on next

Follow Dave McKenzie on LinkedIn: https://www.linkedin.com/in/davewmckenzie/

Follow Ahmed Achchak on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/

Stay tuned for updates from Qevlar AI: https://www.linkedin.com/company/qevlar

Curious to learn how Qevlar AI can automate alert investigation and help your SOC scale against increasingly complex attacks?

Head to: www.qevlar.com

AI is making security operations faster but not necessarily smarter. In this episode, Ahmed Achchak (CEO & Co-founder of Qevlar AI) sits down with Raffael Marty, cybersecurity veteran and early pioneer of SIEM and security analytics, to unpack why SOCs still struggle to understand attacks and what’s been missing all along: a true intelligence layer.

You’ll discover:

→ Why 20+ years of SIEM and correlation technologies still leave analysts reconstructing attacks manually

→ What actually broke in the evolution from early context-rich systems to today’s event-driven detection models

→ Why adding “AI on top” of existing tools doesn’t fix the core problem

→ How to capture analyst decisions and unlock a new layer of institutional knowledge

→ What an intelligence layer really is and how it changes the way investigations happen

→ How shifting from alerts to risk and campaigns reshapes security operations

Agenda:

00:00 – Introduction: Why SOCs still can’t connect the dots

02:16 – What broke in SIEM and why correlation failed

04:23 – Why alerts are a flawed foundation

07:42 – From alerts to campaigns: a new way to investigate

10:57 – Turning analyst knowledge into an intelligence layer

15:08 – Why LLMs need structured context (and where they fail)

20:27 – Moving to risk-based, AI-driven SOC operations

24:49 – Fire Round: AI-ready SOCs, the end of tiers, and future skills

Follow Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/

Follow Raffael Marty on LinkedIn: https://www.linkedin.com/in/raffy/

Get more of Raffael’s insights on his blog: https://raffy.ch/blog/

Stay tuned for Qevlar AI updates: https://www.linkedin.com/company/qevlar

Curious to learn how Qevlar AI can help you build an intelligence layer that turns alerts into real understanding? Head to: qevlar.com

Security teams often try to improve their SOC by adding more tools. Mature organizations approach the problem differently: they design systems. The real leverage comes from architecture — how telemetry, detections, identities, and workflows fit together into a coherent operational platform.

In this episode, Ahmed Achchak (Co-founder & CEO of Qevlar AI) speaks with Demetrius Comes, VP of Security at Squarespace, about why the biggest operational gaps in security come from poorly designed systems rather than missing alerts. Drawing on his background in engineering and product development, Demetrius explains why SOCs benefit from thinking like architects, not just tool buyers.

You’ll discover:

→ Where the line is between a true SOC system and a stack of disconnected security tools.

→ How engineering thinking helps design more resilient and scalable security operations.

→ Why logging and telemetry decisions made early can create years of operational friction.

→ What a well-designed security data layer actually looks like in practice.

→ How to prevent your SOC architecture from slowly drifting into a patchwork of historical decisions.

Agenda

00:00 – Introduction: Why SOC performance is really an architecture problem

01:13 – The difference between a SOC system and a pile of tools

02:58 – How engineering thinking shapes security architecture decisions

03:18 – Deciding what to build, buy, or integrate in a modern security stack

05:18 – The rising challenge of non-human identities in modern systems

07:16 – Architectural mistakes that create years of SOC inefficiency

08:53 – Why missing or poorly designed logging breaks detection programs

10:20 – Designing a security data layer that can evolve with the product

11:13 – Operational readiness reviews and why security must be part of feature releases

12:23 – Preventing architecture drift with retrospectives and continuous improvement

13:30 – Fire Round

Follow Demetrius on LinkedIn: https://www.linkedin.com/in/demetriuscomes/

Follow Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/

Stay tuned for Qevlar AI updates: https://www.linkedin.com/company/qevlar/

Curious to learn how Qevlar AI can automate your alert investigation so your team can focus on the alerts that matter? Head to: qevlar.com

Most SOCs say they’re “not ready for AI.” Others rush in, hoping AI will magically fix years of neglected fundamentals.

Both approaches aren’t ideal.

In this episode, Ahmed Achchak (CEO & Co-founder, Qevlar AI) sits down with Rafal Kitab, Director of SecOps & Incident Response at ConnectWise, to talk about when exactly AI should be added in the SOC.

Rafal argues that AI doesn’t fix broken SOCs. It amplifies whatever you already are. If your processes are solid, AI can extend your capacity. If they’re broken, AI just helps you fail faster with greener dashboards.

You’ll learn:

→ Which AI promises for SecOps in 2025 actually held up in production and which ones collapsed on contact with reality

→ Why adding AI too early can hide inefficiency instead of fixing it

→ The non-negotiable SOC fundamentals that must exist before AI delivers real value

→ How to measure “AI success” without vanity metrics

→ Rafal’s bold prediction for how AI will change day-to-day SOC work in 2026 (and who it benefits most)

Agenda

00:00 – Introduction: Are SOCs really “not ready” for AI?

01:27 – The big AI promises of 2025: what worked and what didn’t

02:44 – Why “AI SOC” testing often fails before it starts

04:41 – How AI can accelerate inefficiency instead of reducing it

05:58 – Why green SLAs don’t mean better detection and response

08:07 – The non-negotiable SOC fundamentals before AI adds value

09:34 – Measuring workload, quality, and real capacity in a SOC

10:26 – Why SOCs fix tools before processes — and pay for it later

13:45 – Rafał’s bold predictions for AI in the SOC in 2026

Follow Rafal Kitab on LinkedIn: https://www.linkedin.com/in/rafal-kitab/

Follow Ahmed Achchak on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/

Stay tuned for updates from Qevlar AI: https://www.linkedin.com/company/qevlar

Curious how Qevlar AI helps SOCs connect weak signals and surface real intrusions earlier? Head to: qevlar.com

Is your SOC ready for the new era of GenAI attacks?

In this episode, Ahmed Achchak sits down with Jai Minton, Senior Manager of Hunt & Response at Huntress, to break down how attackers consistently bypass even “mature” SOCs by abusing legitimate tools, blending into normal behavior, and operating in places defenders rarely monitor closely.

This conversation is for SOC leaders who want to understand:

→ Which intrusion patterns slip past EDR and SIEM without triggering alerts

→ Where telemetry is silently missing, shallow, or unusable when it matters

→ Why malware-free attacks are harder to catch than most teams expect

→ How weak signals can reveal early-stage intrusions, if you know how to connect them

→ What detection strategies no longer scale against how attackers operate today

Agenda

00:00 – Why SOC blind spots still exist

00:58 – Intrusion patterns that evade even mature SOCs

03:09 – Why context is the real detection problem

04:01 – Telemetry SOCs think they have (but actually don’t)

05:48 – Why logs are missing in the first place

07:00 – The weak signals attackers can’t avoid

08:19 – Can detection of weak signals actually scale?

10:20 – AI on offense: what SOCs are unprepared for

13:48 – Structural detection failures hunters see everywhere

14:45 – Redesigning detection for how attackers operate today

Follow Jai Minton on LinkedIn: https://www.linkedin.com/in/jaiminton/

Follow Ahmed Achchak on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/

Stay tuned for updates from Qevlar AI: https://www.linkedin.com/company/qevlar

Curious how Qevlar AI helps SOCs connect weak signals and surface real intrusions earlier? Head to: qevlar.com

Most enterprises talk about unifying IT, OT and cloud security, but very few actually pull it off. In this episode, Ahmed has invited Daniel Kästle, former Head of Cyber Defense at Mercedes-Benz, to break down what it really takes to move from three isolated security worlds to a risk-driven cyber defense capability.

You’ll discover:

→ Why IT, OT and cloud security remain stubbornly siloed, and why the real blockers have nothing to do with tools.

→A practical blueprint for building interoperability without chaos, even when threat models and data formats differ wildly.

→ Why no vendor will ever give you the mythical one platform for everything, and what unified visibility actually means in real life.

→ How some organizations successfully build teams that understand all three environments without hiring unicorn analysts.

→ The governance decisions that matter most when you need to isolate systems or contain fast-moving attacks

→ Why retention is Daniel’s surprising north-star metric for SOC health.

Agenda

00:00 – Introduction: Why unifying IT, OT, and cloud still feels impossible

02:03 – The real reason these environments stay siloed (not a tooling problem)

03:29 – Why the term SOC no longer reflects what modern teams actually do

04:42 – What unified visibility realistically looks like and where it stops

06:45 – Why a single platform can never cover IT, OT, and cloud

08:22 – The only viable starting point for interoperability

10:53 – How to build cross-domain talent without chasing unicorn hires

14:40 – Making governance work when IT and OT operate under different rules

17:01 – How unified cyber defense changes the response to global threats

19:23 – Why speed of response matters more than building perfect defenses

20:14 – Fire Round

Follow Daniel Kästle on LinkedIn: https://www.linkedin.com/in/dk31337/

Follow Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/

Stay tuned for Qevlar AI updates: https://www.linkedin.com/company/qevlar

Curious how Qevlar AI helps your analysts focus on the alerts that truly matter?

Head to qevlar.com

How do you guarantee the same investigative depth and accuracy when you’re running security operations for thousands of customers and processing billions of alerts per day?

In this episode, Beatrice Francon, Director of MDR Services at Atos, joins Ahmed Achchak (CEO and co-founder of Qevlar AI) to unpack how Atos scales investigative quality across diverse client environments — from critical infrastructure to finance and healthcare — without losing the human context that defines great security operations.

You’ll discover:

→ Where AI truly adds value in MDR operations today, and where human expertise remains irreplaceable.

→ How Atos balances standardization for efficiency with customization for client-specific risks.

→ Why “no black box” AI and a human-in-the-loop approach are essential for auditability and trust.

→ How Atos turns every AI-generated investigation report into a training accelerator for junior analysts.

→ The evolving boundary between SOAR automation and AI-led investigation, and where each shines today.

Agenda:

00:00 – Introduction: The multi-tenant investigation challenge

02:23 – Where AI delivers real value in MDR workflows

03:54 – Why human oversight still dominates in response and context

06:29 – Balancing efficiency with client-specific risk and context

10:25 – Why “no black box” AI is key to accountability and compliance

13:19 – How Atos ensures knowledge transfer across hundreds of clients

15:27 – AI investigation reports as a new training model for analysts

18:33 – Integrating SOAR and AI SOC: avoiding overlap and maximizing value

21:37 – Fire Round

About Atos:

Atos Group is a global leader in digital transformation with c. 70,000 employees and annual revenue of c. € 10 billion, operating in 67 countries under two brands — Atos for services and Eviden for products. European number one in cybersecurity, cloud and high-performance computing, Atos Group is committed to a secure and decarbonized future and provides tailored AI-powered, end-to-end solutions for all industries. Atos is a SE (Societas Europaea) and listed on Euronext Paris.

Learn more about Qevlar for your SOC: www.qevlar.com

Follow Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/

Follow Beatrice on LinkedIn: https://www.linkedin.com/in/beatrice-francon/

Tier 1, Tier 2, Tier 3 — the hierarchy every SOC grew up with. But as AI takes over triage and investigation, does that model still make sense?

In this episode, Ahmed Achchak (CEO and co-founder of Qevlar AI) talks with Rob van Os, Strategic SOC Advisor and creator of the SOC-CMM framework — one of the most widely adopted models for assessing and improving SOC maturity worldwide.

Together, they unpack whether modern AI-driven operations make the tiered model obsolete, how skills-based SOCs are emerging, and what this shift means for talent, economics, and trust in AI-assisted decisions.

You’ll discover:

→ Why AI automation challenges the core logic behind tiered SOCs.

→ How the SOC-CMM framework helps leaders benchmark and evolve toward post-tier models.

→ The real blocker to full autonomy: missing infrastructure and business context.

→ How to grow and mentor analysts when “entry-level” alerts no longer exist.

→ How to prevent “shadow tiering” from silently reappearing in AI-augmented SOCs.

Rob also shares his prediction on when large enterprises will finally abandon tier and the new engineering and AI skills every modern analyst will need to thrive.

Agenda

00:00 – Introduction: What happens to the tiered SOC when AI takes over L1 and L2?

01:11 – New roles emerging: AI orchestrators and complex-case specialists

03:03 – Trust in AI and why automation still hits the “context” wall

04:54 – Developing junior talent in a post-tier world

06:46 – From tiers to skills: the rise of the skills-based SOC

07:11 – Does AI break the business logic of tiering?

09:19 – Engineering skills every modern analyst will need

10:15 – Why a fully autonomous SOC remains out of reach

13:21 – MSSPs vs in-house SOCs: different economics, same lessons

15:07 – Avoiding “shadow tiering” with proper knowledge management

17:27 – Rob’s prediction: Will enterprises abandon tiers in 3–5 years?

18:19 – Fire Round

Learn more about Qevlar for your SOC: https://www.qevlar.com/

Follow Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/

Follow Rob on LinkedIn: https://www.linkedin.com/in/socadvisor/