This session explores how to operationalize AI in the Security Operations Center (SOC) by aligning technology, people, and workflows. Participants will learn how to evaluate AI technologies, identify where they best fit into alert and case workflows, and design interfaces that truly support analysts. The session also covers maintaining quality through tuning, feedback loops, pruning, and case sampling, as well as measuring success with meaningful KPIs that go beyond simply closing more alerts.

In this session you will:

• Evaluate AI technologies, including LLMs and traditional automation, for SOC integration
• Identify where AI can enhance alert and case workflows to maximize analyst impact
• Understand practical approaches to maintaining quality through tuning, feedback loops, and case sampling
• Learn how to measure success with KPIs that reflect real operational value

Whether you're augmenting human analysts or laying the groundwork for full AI-led response, this talk will give you a blueprint for doing it right.