Rethinking Security Operations in the Age of AI
Monzy Merza
Founder & CEO, Crogl
Before founding Crogl, Monzy Merza did something unusual for a startup CEO: he went back inside the system. He worked for one of the largest banks in the world on their cybersecurity team, wanting to "truly understand the day-to-day problems practitioners face. Not just from the outside looking in." What emerged from that experience wasn't just a product, but a mission: to make every security analyst as effective as an entire team.
The Tool Overload Problem
As security operations become more complex, tools are becoming part of the problem. "We heard it again and again," Merza shared. "There are too many tools, too many schemas, too many programming languages. And there's too much expected of every practitioner."
"We don't ask a cardiologist to also be a dentist and a baker. But in security, we expect a single human to cover it all." This cognitive overload isn't just unfair — it's unsustainable.
The Knowledge Graph Approach
Crogl's answer is novel: don't force normalization — learn the data as it exists, just like an analyst does. "That's why we treat this as a knowledge graph problem, not a normalization problem," Merza explained. Crogl doesn't require schema mapping — it adapts to the environment and works with what's there.
Industry analyst firm Intellyx explored this approach in depth, noting that "AI alone is insufficient for improving the automation so critical for making SecOps more efficient. The missing element is a knowledge engine that leverages both knowledge graph technology and generative AI to provide the context necessary to implement meaningful, useful automations in the SOC."
AI as Force Multiplier, Not Replacement
Crogl is built on the belief that the analyst is the core of the SOC. Security teams don't need another dashboard — they need a force multiplier. While leaders talk about "AI replacing the analyst," Merza challenges that: "Anyone who says that has obviously never worked the job."
Crogl's vision of AI is a compound AI system that was not built to automate the analyst out of existence. It's designed to amplify their intuition and accelerate their impact. "We see our platform as a superhero suit," said Merza. "It's a tool that lets the practitioner operate with more power, more knowledge, and better reasoning without having to become a generalist across 17 platforms."
The Expanding Attack Surface
"If a user is now doing five times the work they were doing five years ago, the security team must protect five times the surface." AI-driven productivity gains across the enterprise create exponentially larger attack surfaces without a proportional increase in security staffing.
The Urgency
"This isn't just a tech industry inflection point," Merza explained. "This is more like when the internet went commercial. It's changing the way people work and live. Security teams have to scale alongside that."
The solution isn't replacing the analyst — it's amplifying them. And that starts with building AI systems that adapt to the real world rather than demanding the real world conform to their expectations.