Anton Chuvakin

San Jose

Information Security Expert and Contributor at Freelance

Information security - #SIEM, #DFIR, #EDR formerly at Gartner! Now @GoogleCloud Office of the #CISO; host of @CloudSecPodcast https://t.co/VpKtfz8nXG

Featured in: Favicon

forbes.com Favicon

medium.com Favicon

gartner.com Favicon

darkreading.com Favicon

infosecurity-magazine.com Favicon

securityboulevard.com Favicon

enterprisersproject.com Favicon

cloudsecurityalliance.org Favicon

healthcaredive.com Favicon

cybersecuritydive.com

Articles

The Return of the Baby ASO: Why SOCs Still Suck?

3 weeks ago | securityboulevard.com | Anton Chuvakin

“Flickering screens, a sickly, yellow glow. Humming servers, a constant, low thrum of digital malaise. Alerts screamed into the void, a cacophony of meaningless noise, lost in the echoing expanse of our digital tomb. Playbooks, relics of a forgotten war, their pages yellowed and brittle, offered no solace, only a hollow echo of outdated procedures. We were digital ghosts, sorting through the digital detritus of a network that had long since abandoned us.
The Return of the Baby ASO: Why SOCs Still Suck?

4 weeks ago | medium.com | Anton Chuvakin

Anton Chuvakin·FollowPublished inAnton on Security·5 min read·--“Flickering screens, a sickly, yellow glow. Humming servers, a constant, low thrum of digital malaise. Alerts screamed into the void, a cacophony of meaningless noise, lost in the echoing expanse of our digital tomb. Playbooks, relics of a forgotten war, their pages yellowed and brittle, offered no solace, only a hollow echo of outdated procedures.
A Fair Weather SOC: 5 Signs It’s Time to Panic (and Fix It!)

1 month ago | securityboulevard.com | Anton Chuvakin

Do you have a fair-weather friend? Or two? OK, do you also have a fair-weather SOC? This train of thought was inspired by reading pilot forums about how some training approaches lead to “fair weather pilots” who perform well in all cases except real emergencies. Anyhow, let me stop with this because this is not my area; it only triggered the ideation process for me. So, what does fair-weather SOC look like?
A Fair Weather SOC: 5 Signs It’s Time to Panic (and Fix It!)

1 month ago | medium.com | Anton Chuvakin

Anton Chuvakin·FollowPublished inAnton on Security·5 min read·--A fair-weather SOC by Meta AIDo you have a fair-weather friend? Or two? Fair weather friend (via Google)OK, do you also have a fair-weather SOC? This train of thought was inspired by reading pilot forums about how some training approaches lead to “fair weather pilots” who perform well in all cases except real emergencies. Anyhow, let me stop with this because this is not my area; it only triggered the ideation process for me.
15+ Years of Loading Threat Intel into SIEM: Why Does This Still Suck?

2 months ago | medium.com | Anton Chuvakin

Anton Chuvakin·FollowPublished inAnton on Security·3 min read·--Unfortunately, I am old enough to remember how SIEM was done before the arrival of threat intelligence feeds. We had to write broad behavioral (well, “behavioral-ish”, if I am totally honest) rules without relying on any precise knowledge of attacker infrastructure and details of their operations (IF event_type=exploit FOLLOWED BY event_type=config_change ON the same machine THEN alert).
15+ Years of Loading Threat Intel into SIEM: Why Does This Still Suck?

2 months ago | securityboulevard.com | Anton Chuvakin

Unfortunately, I am old enough to remember how SIEM was done before the arrival of threat intelligence feeds. We had to write broad behavioral (well, “behavioral-ish”, if I am totally honest) rules without relying on any precise knowledge of attacker infrastructure and details of their operations (IF event_type=exploit FOLLOWED BY event_type=config_change ON the same machine THEN alert).
Cross-post: Office of the CISO 2024 Year in Review: AI Trust and Security

2 months ago | securityboulevard.com | Anton Chuvakin

[written together with Marina Kaganovich, Executive Trust Lead, Office of the CISO @ Google Cloud; originally posted here]In 2024, we shared our insights on how to approach generative AI securely by exploring the fundamentals of this innovative technology, delving into key security terms, and examining the essential policies needed for AI governance. We also discussed Google Cloud’s approach to AI security and shared helpful resources like the Secure AI Framework (SAIF).
Google Cloud Security Threat Horizons Report #11 Is Out!

Jan 22, 2025 | medium.com | Anton Chuvakin

Anton Chuvakin·FollowPublished inAnton on Security·4 min read·--This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Threat Horizons Report, #11 (full version) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5, #6, #7, #8, #9 and #10).
A Brief Guide for Dealing with ‘Humanless SOC’ Idiots

Jan 18, 2025 | securityboulevard.com | Anton Chuvakin

My former “colleagues” have written several serious pieces of research about why a SOC without humans will never happen (“Predict 2025: There Will Never Be an Autonomous SOC”, “The “Autonomous SOC” Is A Pipe Dream”, “Stop Trying To Take Humans Out Of Security Operations”). But I wanted to write a funny companion to this called “How to Talk to Idiots Who Believe in ‘Humanless SOC’.” Here it is, but it is definitely a rant and not technical guidance, mind you.
A Brief Guide for Dealing with ‘Humanless SOC’ Idiots

Jan 17, 2025 | medium.com | Anton Chuvakin

Anton Chuvakin·FollowPublished inAnton on Security·6 min read·--image by Meta.AI lampooning humanless SOCMy former “colleagues” have written several serious pieces of research about why a SOC without humans will never happen (“Predict 2025: There Will Never Be an Autonomous SOC”, “The “Autonomous SOC” Is A Pipe Dream”, “Stop Trying To Take Humans Out Of Security Operations”).