Security Boulevard Features Crogl’s Perspective on Operationalizing AI in the SOC
Crogl CEO Monzy Merza wrote for Security Boulevard on what it actually takes to evaluate and operationalize AI in a security operations center. The article proposes a practical framework for assessing AI SOC solutions.
The piece opens with an anecdote about observing a SOC analyst dismissing hundreds of alerts as noise — an experience that motivated Merza to seek better solutions for security operations teams. His journey took him from a unicorn startup executive to joining a Fortune 100 bank's security team, where he discovered a crucial insight: "The tools are in their way."
Despite having sophisticated resources, the bank's teams struggled because they lacked proper mechanisms to access data, follow nuanced processes, and maintain documentation. This pattern repeated across organizations — security leaders consistently cited staffing challenges and institutional knowledge loss as critical problems.
The Core Challenge
SOC teams face overwhelming alert volumes, with "62% of these go uninvestigated." Merza argues that AI capability is no longer optional but essential: "SOCs without AI aren't just behind the curve — they're fundamentally outmatched in the asymmetric battle against sophisticated threat actors."
Four Evaluation Criteria
The article proposes a framework for assessing AI SOC solutions:
1. Maximizing Team Potential
Organizations should evaluate whether AI solutions incorporate team intelligence, learn institutional knowledge, and help analysts become better decision-makers.
2. Privacy Aligned to Policy
AI SOC tools require access to sensitive organizational data and must remain under organizational control. Key considerations include prompt protection, breach notification mechanisms, and alignment with compliance frameworks like SOC 2 and FedRAMP.
3. Auditability, Consistency, and Transparency
Solutions should demonstrate consistent work across use cases, provide detailed documentation mechanisms, and support audit requirements without creating additional burden.
4. Continuous Learning and Adaptation
Effective AI solutions must evolve with changing data schemas, threats, and organizational processes, incorporating new threat responses and human feedback.
The article emphasizes that AI investment should prioritize human security practitioners as the most critical operational component. Success requires "high-performing teams of exceptional decision-makers" equipped with AI tools that enhance rather than replace human judgment.