Navigating the Next Security Inflection Point: Monzy Merza on the Future of Security and SOC Automation Tools with theCUBE's Jon Oltsik

In a candid and forward-thinking conversation on The Cybersecurity Bridge podcast, Jon Oltsik of theCUBE sat down with Monzy Merza, CEO and co-founder of Crogl, to dissect the state of modern security operations and what lies ahead. The discussion covered everything from the failures of legacy SOAR tools to the future of autonomous SOCs powered by compound AI systems.

Too Many Tools, Not Enough Time

"Crogl works on tickets. And what that means for us is we have dissolved the problem into two core components of data and process," Merza explained. This framing echoes a familiar pain point across SOCs: security teams know what to do but are hamstrung by the complexity of fragmented tooling and inconsistent data schemas.

"They had to memorize all these different schemas. They had to know a different programming language for each one of the tools that they were using, and there were just way too many tools," said Merza. As a result, the industry ends up chasing elusive unicorn analysts—those who know CrowdStrike, Splunk, log analytics, and cloud-native tooling inside and out.

Merza pushed back against the notion that this is purely a hiring problem. "There's plenty of people. The problem is we're looking for these unicorns...there's too many things here, and I think that's really the core of the challenge."

Moving Past Legacy SOAR to Real-Time Response

When Oltsik asked about SOAR tools, Merza was clear: "SOARs are essentially brittle. They require playbook writing, they are very static, and they require pre-programming and really, really hard-coded integrations."

He described the current security environment as too dynamic for that outdated approach to automation. "Now it is time to get out of that style of automation into a new style... in a more dynamic world." That new world, as Crogl sees it, is driven by AI systems that understand your data and your operational processes natively—not through normalization or brittle playbooks.

Why the Bandwidth Problem Is About Users, Not Just Analysts

One of the more compelling moments in the conversation came when Merza reframed the modern SOC burden as less about analyst capacity and more about user acceleration. With the rise of generative AI and productivity-enhancing tools, business users are now capable of doing significantly more work with the same headcount.

"The business user, their capacity to do work has increased and is going to continue to increase," Merza said. "So as a security practitioner, then what goes through my head is, well, I still really have 1,000 users, but I now have 5,000 users."

From a security perspective, this shift translates into expanded digital footprints, more complex telemetry, and increased attack surface—without a proportional increase in SOC staffing. Security teams must now scale their effectiveness, not just their numbers. AI isn’t a luxury in this environment; it’s a necessity—but only if it builds trust through transparency and precision.

SOC Automation Tools That Work With Analysts, Not Instead of Them

Crogl's position is unapologetically pro-analyst. "We are not going to replace the analyst. Anybody who believes that has never done the job and does not understand the complexity," Merza stated.

Instead of replacing humans, Crogl aims to build "the Iron Man suit" for analysts. That means enabling SOC automation tools that understand the unique schemas and workflows within each environment—not ones that ask analysts to adapt to the tool.

Merza described the importance of systems that provide answers "that are precise about my environment, that are precise about my work, my workflow, my process." That focus on contextual relevance is what sets Crogl apart from generic AI applications.

Breaking Free from Data Normalization Requirements

Perhaps the most provocative moment of the conversation came when Merza addressed a long-held industry belief: "It is not just untenable, it is a naive proposition to ask the customer to normalize their data."

Crogl rejects this model entirely. Instead, its compound AI system is designed to operate across varied data schemas without requiring normalization. As Merza said, "Data normalization is strictly optional."

This is not just a technical advantage—it’s a philosophical one. It reflects Crogl’s core belief that security tools should adapt to the analyst, not the other way around.

Building Trust in Agentic AI Systems

"Before Crogl takes an action, Crogl's work can be inspected beforehand," said Merza. "There is no black box."

In a future dominated by agentic AI systems, Crogl is making a case for auditability as a core feature. The system logs every action it takes, enabling teams to verify, argue, and improve upon its work. "Transparency is incredibly important."

Ultimately, Merza argues that trust will come from clarity and consistency. "We have to have systems which can transparently declare that they have done certain things before."

Bridging to the Future: Learn, Don’t Replace

In his final takeaway for practitioners, Merza was both humble and urgent: "Learn more about how these systems actually work and specifically go deep... there is no shortcut."

The future of security operations won’t be about choosing AI over humans. It will be about embedding compound AI systems that extend human capacity with precision, process awareness, and proof.

See How Crogl Turns Alerts into Action—Automatically

Security teams today are overwhelmed with alerts and under-resourced to respond. Crogl changes that by working directly on tickets across your SIEM, SOAR, and ITSM platforms—triaging, investigating, and documenting every step in real time. Our compound AI system doesn’t just promise efficiency; it delivers repeatable, auditable outcomes that let your team focus on what matters most.

Ready to reclaim your team’s time and effectiveness? Schedule a demo today.