Guest:

• Jeanette Manfra, VP, Head of Risk and Compliance, Google Cloud

Topics:

• How does "outsourcing" security to the cloud change the intensity of the security vs. privacy struggle for a CISO?
• Does the centralization of cloud make it a bigger target for regulators, or is there a dimension we're missing?
• Does the Shared Responsibility Model actually survive contact with regulators, and how does AI complicate that boundary?
• Can AI actually automate the translation of fragmented rules into evidence, or are we just dreaming?
• How do we navigate the collision between transparency (logging everything) and privacy (recording nothing)?
• What is your one piece of practical advice for leaders helping their teams adopt AI?

Resources:

• Video version
• EP14 Making Compliance Cloud-native
• EP161 Cloud Compliance: A Lawyer - Turned Technologist! - Perspective on Navigating the Cloud
• EP258 Why Your Security Strategy Needs an Immune System, Not a Fortress with Royal Hansen
• EP126 What is Policy as Code and How Can It Help You Secure Your Cloud Environment?

Guest:

• Raja Mukerji, Co-Founder & Chief Scientist, Extrahop
• Rafal Los, VP of Client Relations and Strategic Initiatives, Extrahop

Topics:

• Is Network Detection and Response (NDR) coming back after being shoved to the side by EDR a bit? Is this for real?
• What's the value proposition of NDR in 2026, because some people still don't understand it? How does NDR apply to the world of WFH, cloud/SaaS, encryption, high bandwidth, etc?
• Is the value of NDR the same, or different, when it comes to public (or private) cloud?
• How does NDR fill visibility gaps that identity and agent-based solutions cannot?
• What does NDR offer that built-in cloud security tooling (as of right now) does not? Would you call NDR a key cloud security control?
• Does NDR help with shadow AI?
• NDR elephant in the room is sometimes cost. How does cost change the value prop when compared to on-premise or physical infrastructure?

Resources:

• Video version
• EP267 AI SOC or AI in a SOC? Cutting Through Hype, Pricing Models, and SIEM Detection Efficacy with Raffy Marty
• EP113 Love it or Hate it, Network Security is Coming to the Cloud
• EP154 Mike Schiffman: from Blueboxing to LLMs via Network Security at Google
• EP115 How to Approach Cloud in a Cloudy Way, not As Somebody Else's Computer?
• EP263 SOC Refurbishing: Why New Tools Won't Fix Broken Processes (Even With AI)
• "The GC+CISO Connection Book" book

Guests:

• Eric Foster, CEO, Tenex.AI
• Bashar Abouseido, President, Tenex.AI

Topics:

• "10X SOC" sounds great. But for an organization stuck in "SIEM 1.0" with poor data quality and manual workflows, is "AI-native MDR" a "leapfrog" opportunity or a recipe for disaster?
• We've seen the rise of "Decoupled SIEM" and security data lakes. Does a "Modern SIEM" even need to exist if an MDR platform has an agentic layer doing the heavy lifting?
• You've argued for AI-native over AI-bolted-on. For an end user, what are the tangible differences of using "AI inside a legacy SIEM" versus using an "AI-native separate product"?
• What is the one task you thought AI would handle by now that still requires a senior human analyst to step in?
• If a CISO is using an AI MDR, "Mean Time to Detect" (MTTD) starts to look like a vanity metric because the machine is instant. What is the new golden metric for an AI-powered SOC? Is it "Time to Context," "Reduction in Human Toil," or something else?
• How do you help a skeptical SOC Manager—who has been burned by false positives for a decade—trust an autonomous agent to perform a "containment" action at 3:00 AM?

Resources:

• EP227 AI-Native MDR: Betting on the Future of Security Operations?
• EP10 SIEM Modernization? Is That a Thing?
• The original "10X" paper "Autonomic Security Operations: 10X Transformation of the Security Operations Center"