AI is making security operations faster but not necessarily smarter. In this episode, Ahmed Achchak (CEO & Co-founder of Qevlar AI) sits down with Raffael Marty, cybersecurity veteran and early pioneer of SIEM and security analytics, to unpack why SOCs still struggle to understand attacks and what’s been missing all along: a true intelligence layer.

You’ll discover:

→ Why 20+ years of SIEM and correlation technologies still leave analysts reconstructing attacks manually

→ What actually broke in the evolution from early context-rich systems to today’s event-driven detection models

→ Why adding “AI on top” of existing tools doesn’t fix the core problem

→ How to capture analyst decisions and unlock a new layer of institutional knowledge

→ What an intelligence layer really is and how it changes the way investigations happen

→ How shifting from alerts to risk and campaigns reshapes security operations

Agenda:

00:00 – Introduction: Why SOCs still can’t connect the dots

02:16 – What broke in SIEM and why correlation failed

04:23 – Why alerts are a flawed foundation

07:42 – From alerts to campaigns: a new way to investigate

10:57 – Turning analyst knowledge into an intelligence layer

15:08 – Why LLMs need structured context (and where they fail)

20:27 – Moving to risk-based, AI-driven SOC operations

24:49 – Fire Round: AI-ready SOCs, the end of tiers, and future skills

Follow Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/

Follow Raffael Marty on LinkedIn: https://www.linkedin.com/in/raffy/

Get more of Raffael’s insights on his blog: https://raffy.ch/blog/

Stay tuned for Qevlar AI updates: https://www.linkedin.com/company/qevlar

Curious to learn how Qevlar AI can help you build an intelligence layer that turns alerts into real understanding? Head to: qevlar.com