Guest:

• Anna Gressel, Partner at Paul, Weiss, one of the AI practice leads

Episode co-host:

• Marina Kaganovich, Office of the CISO, Google Cloud

Questions:

• Agentic AI and AI agents, with its promise of autonomous decision-making and learning capabilities, presents a unique set of risks across various domains. What are some of the key areas of concern for you?
• What frameworks are most relevant to the deployment of agentic AI, and where are the potential gaps?
• What are you seeing in terms of how regulatory frameworks may need to be adapted to address the unique challenges posed by agentic AI?
• How about legal aspects - does traditional tort law or product liability apply?
• How does the autonomous nature of agentic AI challenge established legal concepts of liability and responsibility?
• The other related topic is knowing what agents “think” on the inside. So what are the key legal considerations for managing transparency and explainability in agentic AI decision-making?

Resources:

• Paul, Weiss Waking Up With AI (Apple, Spotify)
• Cloud CISO Perspectives: How Google secures AI Agents
• Securing the Future of Agentic AI: Governance, Cybersecurity, and Privacy Considerations

Guest:

• Svetla Yankova, Founder and CEO, Citreno

Topics:

• Why do so many organizations still collect logs yet don’t detect threats? In other words, why is our industry spending more money than ever on SIEM tooling and still not “winning” against Tier 1 ... or even Tier 5 adversaries?
• What are the hardest parts about getting the right context into a SOC analyst’s face when they’re triaging and investigating an alert? Is it integration? SOAR playbook development? Data enrichment? All of the above?
• What are the organizational problems that keep organizations from getting the full benefit of the security operations tools they’re buying?
• Top SIEM mistakes? Is it trying to migrate too fast? Is it accepting a too slow migration? In other words, where are expectations tyrannical for customers? Have they changed much since 2015?
• Do you expect people to write their own detections? Detecting engineering seems popular with elite clients and nobody else, what can we do?
• Do you think AI will change how we SOC (Tim: “SOC” is not a verb?) in the next 1- 3 -5 years?
• Do you think that AI SOC tech is repeating the mistakes SOAR vendors made 10 years ago? Are we making the same mistakes all over again? Are we making new mistakes?

Resources:

• EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025
• EP231 Beyond the Buzzword: Practical Detection as Code in the Enterprise
• EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines
• EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering
• “RSA 2025: AI’s Promise vs. Security’s Past — A Reality Check” blog
• Citreno, The Backstory
• “Parenting Teens With Love And Logic” book (as a management book)
• “Security Correlation Then and Now: A Sad Truth About SIEM” blog (the classic from 2019)

Guest:

• Cristina Vintila, Product Security Engineering Manager, Google Cloud

Topic:

• Could you share insights into how Product Security Engineering approaches at Google have evolved, particularly in response to emerging threats (like Log4j in 2021)?
• You mentioned applying SRE best practices in detection and response, and overall in securing the Google Cloud products. How does Google balance high reliability and operational excellence with the needs of detection and response (D&R)?
• How does Google decide which data sources and tools are most critical for effective D&R?
• How do we deal with high volumes of data?

Resources:

• EP215 Threat Modeling at Google: From Basics to AI-powered Magic
• EP117 Can a Small Team Adopt an Engineering-Centric Approach to Cybersecurity?
• Podcast episodes on how Google does security
• EP17 Modern Threat Detection at Google
• EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil
• Google SRE book
• Google SRS book