Ep.127 AI at the Wheel: Transforming SOC Operations with Sumera Riaz
Welcome to the podcast designed to fuel your success in selling technology solutions. I’m your host, Josh Lupresto SVP of Sales Engineering at Telarus and this is Next Level BizTech.
Hey, everybody, welcome back. It wouldn’t be a day in technology if we’re not talking about AI. And today we’re talking about AI at the wheel, specifically about SOC operations, Security Operations Center and how that all works. And so today on with us, we have the amazing Sumera Riaz, who is Senior Director of Security at Bluewave. Sumera welcome on. Thank you. Thank you for having me. So, Sumera let’s, we want to hear your story. How did you get into this field? Have you always been security? Windy path, linear path? Any crazy stories you have, we’ll hear it all.
Definitely crazy. So my studies, my undergrad early on in my life, they were in counseling. I wanted to be a counselor. And after doing an internship for a couple of months, I realized I was sitting in a dim lit room with heart-wrenching stories and I realized this is not my cup of tea. This is not going to, this is, I don’t see a feature in this. So at that time, my 20-some year old, my 20-some year old self decided, I’m going to need to pick a different path here, a career path. I mean, after spending about, you know, 100 grand in college, it was better late than never. So I started thinking of what areas, you know, to the late mean, where would I want to go? So I thought of food industry, and I’m like, nope, can’t cook, that’s not gonna work. What’s next? And I thought, well, you know, I played bass, I was in an abandoned college, I was saying I can’t play bass. I thought, I could start a band, I could take this show on the road. My mom and my dad were like, no, no, that’s, that’s not, that’s not you. That’s not gonna happen. Not in our family. So then I thought, okay, I T, you know, I’ll just deal with computers. I don’t have to worry about anything else. It’s just computers. No heart wrenching stories, no drama, just computers. And I like the son of that. I got my CCNA and then went into network. And it was, you know, two years of just really interesting. And, you know, a lot of knowledge came through that time. I started working closely with my security counterparts. And that’s when I realized that’s what I want to do, because their, their discipline and their, their heart behind what they did, I absolutely loved it. And my personality actually aligned more with that than anything else I’ve seen. So I started, you know, deep diving into more security projects that my boss at the time was giving me. I entered the world of large MSPs, managed service providers, Capgemini being, you know, one of the top three in the Gartner quadrant, worked with them for quite some time. I was stationed in Europe for about a decade. And I was global head of XS, cloud infrastructure and security, and had accounts, you know, honored to have accounts with big pharma, oil and gas clients, DOD and fintech. I led a team of 136 individuals, wonderful people, two stock centers, one in India, my GRC team was based in Amsterdam, we did a lot of good together. And then the stateside and been a CSO for the last five and a half years, for a couple companies based in the United States. So, you know, and then joined Bluewave in 2023 of last year, December 2023. I feel like I’ve just come full circle from going from counseling to right back to providing my clients the best solutions that this market has.
I love that. It’s one of the most impressive backgrounds I’ve ever heard. I think you’ve got some tremendous experience because you’ve seen it from so many different angles. And I would I would argue that the counseling is a really good way to start off because I mean, what are we doing at the end of the day, when these customers have to make some very, very impactful decisions, right? We got to factor in emotions and reality and biases and, you know, damage and all of these things into it. So I love that background. I think it’s I think it’s going to serve well. Thank you. I appreciate that. So, so tell us just a little bit about now kind of your role at Bluewave kind of how you go to market, and kind of some of the focuses there. Certainly. So I absolutely love working for Bluewave first off. You know, when I when I first joined, I would tell my tell my peers, why did it take you guys this long to find me? Where have you been all my life? It is, it has been an absolute pleasure to work for a company like this, create leadership. Great people. Bluewave is a nationwide technology advisor and sourcing expert. And we have over 7000 clients we specialize in working with IT leaders translate their business requirements into goals, solutions that manage vendor selection.
We, you know, pride on choosing the right technology solution for the client. And that’s, that’s where we shine. Yeah, love it. Good. I’m glad they found you. I think I think it’s gonna work out okay. So walk us through, you know, five years, 10 years, 15 years, any great lesson you’ve learned either, you know, something you’ve learned the hard way, or maybe something you’ve learned from a mentor throughout.
Sure. One of the greatest things I’ve learned actually is learning to embrace change. Change is inevitable. Our industry changes from one day to the next. The world changes in a blink of an eye. And in cybersecurity, you have to be willing to embrace change. That’s one of the great, that’s one of the greatest lessons I’ve learned, one of the hardest ones I’ve learned. But it’s served me well, professionally and personally. And because life is unpredictable. And one of my great mentors used to say, which goes right along with changes, ego is not your amigo. And I love that. You know, not everybody knows everything, especially a cybersecurity professionals at times, you think we know everything. And there’s always something out there that we can learn that we can grow.
I like, I like the, you know, the changes inevitable thing, because I think there’s a lot of people that struggle with that. And, you know, when you move the cheese of hey, it used to be this way, now it’s this way. You know, I think if you look at kind of the customers, right, and organizations are growing, and you’ve got frustrated customers, you’ve got Ah, but I liked we use this tool, or I liked when we did it this way. And yeah, but that way, maybe wasn’t working. And I think the more you can, the more you can roll with change and adapt, you will be wildly successful in anything you do. So great call out just to raise that self awareness of change is inevitable. Yeah, thank you. Yes, it’s been it’s hard, though. It’s not easy. No, no, no, it’s not. Because sometimes you’re not gonna like that change. But that’s life, man. Sometimes you can, you know, you can, you can only worry about the things that you can control and the other things, right? Life is it is what it is. And it’s just going to happen and figure out a way to turn lemons into lemonade. And you’ll be a lot happier off. That’s right.
All right, so we better get into we better get into AI and SOC operations here, right. So, so, so we see this, this broadening AI productizing maybe saw it started, it was in security, maybe it was in CX, maybe it’s in cloud. But I think if you if you look back at the idea of AI in security, well, you might think, okay, well, you know, we’ve been been doing ml and anomaly detection for a little while. And maybe we’ve graduated from this idea of you know, viruses and pattern matching and signature based things. And now here we are, right in this idea of SOC and operations and alerts and all this good stuff. So from your perspective, what do you think that generative AI does to SOC operations given kind of where we are right now?
I think it’s I think it enhances everything that we’ve built up to this point. So there’s two elements technically to a SOC, you’ve got one that is your monitoring detection response side, and then you’ve got threat Intel is the second element of it. In your monitoring detection and response, you see predictive AI, you see machine learning, because that’s where you detect an anomaly and you go from, you know, identifying it to responding to it. That time 10 years ago was 20 minutes, 25 minutes, because you had people, you know, looking through logs trying to find out, okay, is this a malicious IP? What’s, you know, what is this? And all that, fast forward, seven to 10 years, we’ve got, you know,
we’ve got AI, we’ve got machine learning, which has taken that 20 minutes down to average of eight minutes in the industry today, from identifying a problem, and then responding to it. Not the resolution piece, mind you, but just identification to response, which I think it’s, it’s brilliant, it makes us faster, it makes us, you know, get to the problem right away, instead of tomorrow or day after or months later. So that’s, that’s been a beautiful evolution in our, in our work. And I think that’s, that’s a really great thing to do in our world. For generative AI, there’s, there’s a big space for generative AI today in threatened, because threat intelligence comes from all the three letter agencies, obviously. And, you know, your businesses all over the world, what they’re experiencing, that’s where you’re drawing this intelligence from.
And you’re, you’re, somebody in your industry got ransomed, what can you glean from it? What, you know, incoming threats? And you take all that, and in order for a person, a human being to process all this information, and then apply it back to your customer, to your company, that’s a lot for one person. So Gen AI has really, really helped SOC analysts and, you know, security professional capture that threat intel in lifetime, and apply it right into your SIM, to be able to bring an advanced solutions, advanced practice that is presented into your SOC. So I really like where this is, you know, how we have evolved. It’s almost like, it’s almost like the SIM before the SIM, right? Kinda? Yeah, it is. Just helping us be a little more efficient and where everybody spends their time and to do it faster, it sounds like. Yes, definitely.
Love that. Definitely. Okay, so, so let’s talk about, you know, as you’re out there having customer discussions, we like to understand, and I think the partners like to understand what are the problems that the customers are having. So walk me through maybe key problems, customers, prospective customers are saying as you’re in this discussion, and we’re talking security, we’re talking SOC. Mm hmm. Well, I’m sure as our partners and our suppliers would know, CSOs are not the easiest people to talk to. They’re not. They’re very skeptic, paranoid, right and rightly so. And they’re not open to demos and conversations. And I’ve been there and I wasn’t either. I was a stinker. I made a stinker of a client. So, so been there. What I am hearing in my in my conversations now is, you know, it’s, there’s a lot of reaction instead of proactive measures in place. There’s not a lot of thought leadership that goes into a security posture in a company today, just because if you if you want to keep your SOC in house, you’re firefighting every single day. You don’t have time to step back and say, what is a good holistic solution I can put in place? Or what is my North Star here? That I’m shooting for as I as I create my security practice. There’s no time for that, because you’re it’s constant. It’s a constant barrage of problems that come at you. So the reactive is a huge complaint I see from my clients. And other is alert critique tools just sending you just just a bombardment of alerts coming in. And not enough staff to to even, you know, filter through like what’s a false positive, what’s real? What should I act on? And what can we do?
I think that’s a huge gap. You have lean it teams that are already overworked, and they don’t have time to go and do this research and apply it back into their lives practically into their companies. So these are real, you know, real world problems that we’re facing today. And it’s not a huge gap. It’s not a huge gap. It’s a huge gap. And it’s not a huge gap. It’s not a huge gap. But it’s a huge gap. And it’s a huge gap. And it’s a huge gap. And so, you know, I think it’s really exciting to have a lot of people who do this research and apply it back into their lives practically into their companies. So these are real, you know, real world problems that we’re facing today and, and another one, a huge one as recently there’s been articles about this too is the security staff has burnt out.
But it’s a huge problem that the companies are facing today that I think we can help solve some of that.
So you bring up some great points in there. So if you think about if a partner is walking in and having facing an intimidating CISO, and they know that these are some of the things that these CISOs are struggling with, what’s the best? And I always default to probing questions, probing questions, probing questions. But what’s the right way to get that CISO’s attention? If you’ve got this prospect out there knowing that these are some of the things that they’re facing with, do we just hit them head on with the questions of, hey, we see that a lot of CISOs and a lot of companies are facing alert fatigue and tools sprawl and stuff like that. Is that anything that you’re going through? Is that the right way to approach it or would you approach somebody like that differently?
You could do it that way. The way I usually do it is with an understanding that every company has its own DNA. No two companies are the same because no people are the same and people make the companies. So the way I approach the conversation is I do some research on the company. I try to figure out where they are just in the temperament, in their culture. And then when I speak to a CISO, those are some of the questions I would ask. Or I would say, how are you doing?
Just how are you managing, especially in the automotive industry? Perfect example, if I’m talking to somebody in the auto dealership with a CDK global ransomware that’s currently hit the industry, if I’m talking to a CISO from an automotive dealership, I would say, how are you doing? How are you guys sparing? Do you need any help? Can I do anything? We have a lot of contacts in this supplier world, in this industry. What can I do to help you? And I think that goes so much farther than just trying to sell them on something. It’s meeting them where they’re at today. That’s what gets us in the door. Awesome. Awesome.
All right. Let’s talk about an example here. So maybe walk me through an example customer that you came into.
What was the tech stack? What was the business problem? And then how do you project that looking after? Sure.
I had a client in the manufacturing industry. You know, this company’s been around now, it’s been around for a couple of decades.
They hired a great security and IT team, about seven people. And these guys, they brought technology on in-house because they like the technology. It was the next shiny object and they wanted to use it. And then a few years later, they left. New people came in. They bought more technology with similar functionality, but they bought technology that they liked. So over 10 years of time, they are stacked with technology that basically does the same thing. But the way they’re utilizing it is not an optimal way to utilize it. When we started having conversations with his clients and we brought in a roadmap, a journey, and showed them what a holistic picture would look like if they were to outsource their stock. And they were at them and they’re like, “No, we’ve got it covered. We’ve got a lot of tools and we’re good.” And unfortunately, they went through a cyber attack a few months after that. And it was a reality moment, a reality check in their lives, in their minds. And they reached out to us right after and said, “How can you help us?” So we came in. We helped bring partners in that would help them get from, go from death to life, basically. Remediate faster, get them back online. And I got a call actually a couple of weeks ago from the CISO and he calls and he’s like, “Thank you.” And I’m like, “You’re welcome. That’s what we do is we’re here for you.” He goes, “No, you don’t understand. I’m driving home right now and it’s light outside.” I have not. He’s like, “I have not. This is like, this has not happened in the last five years.” So by outsourcing their SOC, by outsourcing some of these services, they were able to have a work-life balance again. Plus they’re getting world-class SOC services that with unified technology that wasn’t there before. And they’re spending half the money that they were before. So everyone’s happy in this picture and I’m so glad we were able to help them out. Cool. Good example.
All right. Let’s talk about the productization of AI.
So you’ve got, we did a previous episode where we talked about the flurry and the money being sunk into Silicon Valley and Y Combinator and where some of these companies are already finding product market fit and they’re going for Series A. And so we’re waiting for this flurry of OEMs and new things that come into alignment with our vendors, new vendors, lots of stuff that’s going to happen. So as that happens over time, what’s the most effective way for these vendors and their tech stack to productize and really helping people like you and I position that to end customers?
Sure. From a security, I can speak to it from a security perspective, obviously. And I think as security professionals, it is our responsibility to educate our clients because we want to have informed consumers that bring in AI into their company. So what I’ve been asking my suppliers that I work closely with is, would you be interested in productizing an AI workshop or an AI readiness assessment, AI readiness workshop? This is, you know, like this is what good looks like, Mr. Company, and this is where you are today. And let us help you bridge this gap so you can deploy chat GPTs and Microsoft Copilot in your environment, which would include data classification, data security. And at the end of the day, it’s going to equip the C-suite. It’s going to equip the board members. It’s going to equip the employees to be an informed consumer. And I believe that it would be very complimentary to chat GPTs and Copilot.
Yeah, these, it seems like no matter what we do, Copilot and chat GPT aren’t going anywhere. So we’ve got to pay really close attention to them. We got to play with these tools. But most importantly, right, you know, your brain certainly goes to, okay, let’s back up a couple steps. We can’t do this until we can classify the data. Are you thinking through that? I think people are just seeing all these things, they’re playing with it, and they’re being told, hey, we got to implement this now, just like the story of cloud, you know, 5, 10, 15, however many years ago, people made their journey into cloud. Hey, we got to get here. Why are we not here yet? And then we’re all, you know, we’re left going to figure it out. So it just seems like 2.0 of that all over again. It does. But it’s a little, I think it’s a little bit more dangerous though, because if you’ve got predictive AI and ML, that’s great. But if you’re putting, if you’re playing with Gen AI, and you don’t know what you’re doing, you’re putting a lot of people and your company at risk. So, you know, my advice and my counsel to my clients is know your product before you go, you know, chat GPC is great if it’s used right, you know, Microsoft CodePilot is great. If you use it appropriately and proportionately, you know, I think that’s the key there. It’s great to use insights that are going to drive your business that are going to give you growth, you’re going to, you know, hit your financial marks, getting insights from the world through Gen AI. That’s great. But make sure your, your crown jewels, your data that you don’t want out there is secure and far walled off from your, from data that can utilize for Gen AI.
Great point. Great point. And I don’t think people are thinking through that. So good call out.
Okay, so final couple questions here. So your advice for partners, right? Let’s say I’m a partner, I’m listening, I’m excited, I want to dive deeper, but I want to maybe beef up some foundational knowledge. What’s your advice for me?
My advice, honestly, it’s not technical because, you know, you’re technical, right? The our partners are very technical people. We’re, we’re in a, you know, we’re in a very fast moving emerging technology, we grasp it, we capture it, then we apply it, and then we move forward world. But my advice is more, you know, personal and practical is find a watering hole. Find, you know, always be learning. Learn from, learn from your team, learn from your peers, reach across the aisle, learn from your competition. One of the greatest things we did at Capgemini is we created a center of excellence, where we reached across to our competition and we invited them into the center of excellence. This was quite a few years ago and we create, we came up with the term next gen in the center of excellence and Gartner a year later coined it. And now it’s used worldwide. But that technology that that ML that predictive AI that went into next gen was birthed out of this group that wasn’t just Capgemini, it was as it was a compilation of us and our partners and, and others that that you know that created this, this beautiful way of working that, that got us to where we are today. And it’s, it’s, it’s great synergy when you can do that. And so my advice is always be learning. And, you know, cybersecurity, it’s not to people who are in security, it’s not a job, it’s our passion. It’s what we do for companies for people. That is, that’s why we’re here today is to protect these companies to, you know, find ways to find better ways to do what we do today to so these companies can have a stronger security posture. And so, end of the day, cybersecurity was created to combat cyber warfare. That’s why we’re here today. And it’s a fight, and you can’t win it alone. You don’t want to be a scarecrow in the middle of a field with thousands of crows coming at you. Nobody wants to be that guy. Yeah. So, you know, lean on each other learn from each other. That’s, that would be my advice.
So, as we wrap this up and try to do something really easy, which is just predict the future. So we’re always talking, we’re always talking in talent shortage. We’ve run previous episodes on how one would build a SOC and how costly that would be as an end customer.
So if we think about, you know, the thought on this track is about how AI is going to transform SOC. What’s your final consensus on where we see AI, and where do we see, you know, what innovations are we kind of looking forward to with regard to SOC and security and ops and things like that over the next couple of years? Sure. I think the company companies are starting to realize that, like you said that in house SOC plus overworked resources who are constantly firefighting does not equal an anti fragile system of systems does not equal an optimal SOC. So I’m seeing an increase in outsourcing of managed services managed security services. It’s as an industry, we’ve played in the defensive zone for so long and become good at it. And we’re going to be at least until the next breach happens. And then we adapt and learn and then we get better. I’d love to see innovation around proactive strategy. That’s, you know, that would be my personal last two, the suppliers out there love to see us play in that area. I’d love to see us use, you know, you and I have talked about this before I’d love to see us use quantum mechanics to create encryption keys that can’t be broken.
I’m reaching for the moon, but that’s how we get places, right? We vision, we create a vision and we go for it. So I’d love to see, love to see us play in this area.
Good. Love it. What a time to be innovating, you know, AI and all the money that’s being pumped into this space. It’s going to be fascinating to see when we sit down and do this chat again in another year or two or whatever what it brings us to. Good stuff. All right, Samara, that that wraps us up. Thanks so much for coming on today. Covered a lot of good stuff here. Yeah, thank you. Thank you for having me.
All right, everybody. That wraps us up. As always, my kind and gentle reminder, wherever you’re listening, Spotify, Apple Music, go like, go subscribe. And two, if there’s other things that you want to see on this, drop comments in there. We get those, we look at those, we want to build content that that helps you out kind of as you go forward with this. So again, thanks for listening. And that wraps us up today. I’m your host, Josh Lupresto SVP of Sales Engineering. Samera Riaz, Senior Director of Security. We’re talking AI at the wheel, transforming SOC. Until next time.