Veeva Systems' Mike Vetri on Building Trust Operations Teams and AI-Powered Investigations

Mike Vetri, Sr. Director of Security Operations at Veeva Systems, reflects on transforming SOC investigations through AI-powered data aggregation and building threat operations teams with the analytical mindset required for proactive defense. Mike introduces the C3 Matrix framework for prioritizing security efforts across centers of gravity, crown jewels, and capability enablers, and explains the seven Ds of cyber defense from discovery through deception operations.

Drawing from 10+ years of Air Force cyber intelligence experience, Mike details why threat operations requires fundamentally different system-two thinking than detection engineering, and how this discipline shift moves organizations from reactive firefighting to proactive threat anticipation. He covers practical examples of AI cutting investigation time by aggregating data from multiple tools, the importance of defense in personnel for operational resilience, and strategies for preventing analyst burnout while maintaining effective security operations.

Topics discussed:

• How AI transforms insider threat investigations by aggregating workstation logs, browsing history, and DLP alerts into single queries

• The C3 Matrix framework prioritizes security controls across centers of gravity, crown jewels, and capability enablers based on organizational impact and recoverability

• Why threat operations requires system-two analytical thinking fundamentally different from the engineering mindset

• The seven Ds of cyber defense: discover, detect, deny, disrupt, degrade, destroy, and deception operations for comprehensive threat mitigation

• How deception operations provide the most accurate intelligence by studying adversary behavior in controlled environments

• The distinction between threat intelligence and threat operations, and why mature SOCs need teams focused on proactive defense strategies

• Defense in personnel ensures multiple team members can handle each security capability, preventing single points of failure

• Time-sensitive investigation scenarios where AI delivers maximum ROI by eliminating the need to manually query dozens of security tools

• The evolution of cyber threats from technical attacks to psychological warfare using AI to challenge human judgment and decision-making

• Why security culture must extend beyond traditional boundaries as AI-powered threats increasingly target HR processes, financial operations, and business functions