In this episode of Detection at Scale, Jack speaks with Erik Bloch, VP of Security, Illumio, about why most security operations teams aren't ready for AI tools and what fundamental processes must be in place first. Erik challenges the industry's obsession with new technologies, sharing stories from his experience transforming underperforming security teams at major companies like Cisco, Salesforce, and Atlassian.

His conversation with Jack explores how to measure what actually matters in security operations, from team capacity utilization to business outcome dispositions, and why proper ticketing systems and actionable metrics are prerequisites for any advanced tooling to be effective.

Topics discussed:

• The importance of establishing fundamental processes like ticketing systems and metrics before implementing AI tools in security operations.

• How to measure team capacity utilization and resource allocation to identify when security operations teams are operating beyond sustainable levels.

• Why traditional security metrics like mean time to detect are often vanity metrics that don't provide actionable business intelligence.

• The critical need for security leaders to communicate in business language with concrete data rather than anecdotal risk assessments.

• How managed service providers will likely be the first to successfully adopt AI tools due to their standardized processes.

• The challenge of proving AI tool effectiveness when most organizations lack baseline metrics to measure improvement against established benchmarks.

• Why security teams gravitate toward building custom tools and how this impacts their approach to adopting commercial AI solutions.

• The role of MCP in enabling security teams to create their own agents and integrate multiple tools.

• How AI should focus on eliminating routine tasks like phishing email analysis rather than trying to catch advanced persistent threats.

• The framework for implementing AI tools by starting with business outcomes, defining metrics, identifying capabilities, and then inserting automation.