Anton Chuvakin

San Jose

Information Security Expert and Contributor at Freelance

Information security - #SIEM, #DFIR, #EDR formerly at Gartner! Now @GoogleCloud Office of the #CISO; host of @CloudSecPodcast https://t.co/VpKtfz8nXG

Featured in: Favicon

forbes.com Favicon

medium.com Favicon

gartner.com Favicon

darkreading.com Favicon

infosecurity-magazine.com Favicon

securityboulevard.com Favicon

enterprisersproject.com Favicon

cloudsecurityalliance.org Favicon

healthcaredive.com Favicon

cybersecuritydive.com

Articles

Anton’s Security Blog Quarterly Q2 2025

3 days ago | securityboulevard.com | Anton Chuvakin

Amazingly, Medium has fixed the stats so my blog/podcast quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog, and our Cloud Security Podcast (subscribe). Top 10 posts with the most lifetime views (excluding paper announcement blogs):• Anton’s Alert Fatigue: The Study [A.C. — wow, this is #1 now! awesome!]• Security Correlation Then and Now: A Sad Truth About SIEM• Can We Have “Detection as Code”?
Output-driven SIEM - 13 years later

1 week ago | securityboulevard.com | Anton Chuvakin

Output-driven SIEM! Apart from EDR and SOC visibility triad, this is probably my most known “invention” even though I was very clear that I stole this from the Vigilant crew back in 2011. Anyhow, I asked this question on X the other day:So, what year is this? Let me see … 2025! Anyhow, get a time machine, we are flying to 2012…. whooosh…. … we landed … no dinosaurs in sight so we didn’t screw the time settings. Now, WTH is “output-driven SIEM”?
Output-driven SIEM - 13 years later

1 week ago | medium.com | Anton Chuvakin

Output-driven SIEM! Apart from EDR and SOC visibility triad, this is probably my most known “invention” even though I was very clear that I stole this from the Vigilant crew back in 2011. Anyhow, I asked this question on X the other day:So, what year is this? Let me see … 2025! Anyhow, get a time machine, we are flying to 2012…. whooosh…. … we landed … no dinosaurs in sight so we didn’t screw the time settings. Now, WTH is “output-driven SIEM”?
RSA 2025: AI’s Promise vs. Security’s Past - A Reality Check”

1 month ago | securityboulevard.com | Anton Chuvakin

Ah, RSA. That yearly theater (Carnival? Circus? Orgy? Got any better synonyms, Gemini?) of 44,000 people vaguely (hi salespeople!) related to cybersecurity … where the air is thick with buzzwords and the vendor halls echo with promises of a massive revolution — every year. And this year, of course, the primary driver was (still) AI.
Anton’s Security Blog Quarterly Q1 2025

2 months ago | securityboulevard.com | Anton Chuvakin

Amazingly, Medium has fixed the stats so my blog/podcast quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog, and our Cloud Security Podcast (subscribe). Top 10 posts with the most lifetime views (excluding paper announcement blogs, Medium posts only):• Security Correlation Then and Now: A Sad Truth About SIEM• Can We Have “Detection as Code”?
Anton’s Security Blog Quarterly Q1 2025

2 months ago | medium.com | Anton Chuvakin

Amazingly, Medium has fixed the stats so my blog/podcast quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog, and our Cloud Security Podcast (subscribe). Top 10 posts with the most lifetime views (excluding paper announcement blogs, Medium posts only):Security Correlation Then and Now: A Sad Truth About SIEMCan We Have “Detection as Code”?
The Return of the Baby ASO: Why SOCs Still Suck?

Mar 28, 2025 | securityboulevard.com | Anton Chuvakin

“Flickering screens, a sickly, yellow glow. Humming servers, a constant, low thrum of digital malaise. Alerts screamed into the void, a cacophony of meaningless noise, lost in the echoing expanse of our digital tomb. Playbooks, relics of a forgotten war, their pages yellowed and brittle, offered no solace, only a hollow echo of outdated procedures. We were digital ghosts, sorting through the digital detritus of a network that had long since abandoned us.
The Return of the Baby ASO: Why SOCs Still Suck?

Mar 27, 2025 | medium.com | Anton Chuvakin

Anton Chuvakin·FollowPublished inAnton on Security·5 min read·--“Flickering screens, a sickly, yellow glow. Humming servers, a constant, low thrum of digital malaise. Alerts screamed into the void, a cacophony of meaningless noise, lost in the echoing expanse of our digital tomb. Playbooks, relics of a forgotten war, their pages yellowed and brittle, offered no solace, only a hollow echo of outdated procedures.
A Fair Weather SOC: 5 Signs It’s Time to Panic (and Fix It!)

Mar 4, 2025 | securityboulevard.com | Anton Chuvakin

Do you have a fair-weather friend? Or two? OK, do you also have a fair-weather SOC? This train of thought was inspired by reading pilot forums about how some training approaches lead to “fair weather pilots” who perform well in all cases except real emergencies. Anyhow, let me stop with this because this is not my area; it only triggered the ideation process for me. So, what does fair-weather SOC look like?
A Fair Weather SOC: 5 Signs It’s Time to Panic (and Fix It!)

Mar 4, 2025 | medium.com | Anton Chuvakin

Anton Chuvakin·FollowPublished inAnton on Security·5 min read·--A fair-weather SOC by Meta AIDo you have a fair-weather friend? Or two? Fair weather friend (via Google)OK, do you also have a fair-weather SOC? This train of thought was inspired by reading pilot forums about how some training approaches lead to “fair weather pilots” who perform well in all cases except real emergencies. Anyhow, let me stop with this because this is not my area; it only triggered the ideation process for me.