Tales of the Autonomous SOC
22 Oct 2025
Level 3, Room GW3 | Sands Expo and Convention Centre
Cybersecurity Ops Centre: Methodologies & Operations
The modern Security Operations Center is at an inflection point. Threat actors are using automation, AI, and scale, often with state-level support, while most defenders still triage alerts manually. This session explores the SOC autonomy spectrum, from human-in-the-loop validation to fully autonomous "Dark SOCs" where AI agents execute detection, containment, and response at machine speed.
Drawing on SOC design, threat hunting, and strategic security architecture, this talk provides a framework for leaders ready to move beyond dashboards and toward decisioning. We’ll cover trust-building with automation, governing AI-driven containment, the role of SOAR, UEBA, and LLMs, and why threat hunting may begin with an agent’s hypothesis.
Attendees will walk away with a blueprint for maturing their SOC—from first bot-assisted triage to full autonomy. In a bot-vs-bot world, the real question isn’t whether your adversary uses AI. It’s whether yours is better trained, governed, and faster.
Drawing on SOC design, threat hunting, and strategic security architecture, this talk provides a framework for leaders ready to move beyond dashboards and toward decisioning. We’ll cover trust-building with automation, governing AI-driven containment, the role of SOAR, UEBA, and LLMs, and why threat hunting may begin with an agent’s hypothesis.
Attendees will walk away with a blueprint for maturing their SOC—from first bot-assisted triage to full autonomy. In a bot-vs-bot world, the real question isn’t whether your adversary uses AI. It’s whether yours is better trained, governed, and faster.
Speaker(s)
