Sveriges mest populära poddar
AI Security Podcast
Teknologi

Buy vs. Build AI Security: Why [Box.com](http://Box.com) CISO is Creating their Own Agentic SOC

47 min22 april 2026

If your AI solution is just helping humans process the same amount of alerts a little faster, you haven't transformed anything, you've just created a faster hamster wheel.In this episode, Ashish and Caleb speak with Heather Ceylan, CISO at Box.com, about how she is leading a true, developer-first AI transformation within her security organization . Heather reveals the five strategic "AI Bets" Box is making. We dive into the reality of building an AI SOC, discussing how Box achieved a 38% automated triage rate for Tier 1 alerts, and why teaching AI not to hallucinate requires treating prompts like strict policy engines .The conversation also tackles the build vs. buy dilemma. Heather explains why she prefers to have her team build custom AI solutions (at least until vendors can out-innovate her engineers) and shares her biggest disappointment when evaluating AI security startups


Questions asked:

(00:00) Introduction(02:50) Who is Heather Ceylan? (CISO at Box.com) (04:20) Transformation vs. Acceleration: Eliminating Classes of Work (06:00) Building an AI SOC: Achieving 38% Automated Triage (07:20) Controlling Hallucinations: Prompts as Policy Engines (09:30) The Buy vs. Build Debate for CISOs (14:00) Why Security Architecture Must Be Machine Consumable (16:50) The Problem with 3rd Party Risk Management (18:20) Box's "5 AI Bets" Framework (21:30) Will AI Replace SOC Analysts? Why Teams Are Embracing the Change (23:50) Continuous Pen Testing & Evaluating AI Startups (26:30) The Biggest Pitching Mistake Startups Make with CISOs (30:20) Shadow AI: When the Business Starts Building Its Own Apps (37:30) Personalized Software: The LEGO Brick Model of Security Agents (41:50) Fun Questions: Crocodile Jerky and Tim Tam Slams (44:20) Hobbies & Family: Raising Two Boys and Surviving the Chaos (45:30) Favorite Restaurant: Meyhouse (Turkish Cuisine in Palo Alto)


Resources discussed during the episode:

    1. https://blog.box.com/big-cybersecurity-bets-part1
    2. https://blog.box.com/big-cybersecurity-bets-part-2
    3. https://blog.box.com/big-security-bet-3-ai-redefines-vulnerability-management
    4. https://blog.box.com/5-big-cybersecurity-bets-4-scaling-security-architecture-ai-first-world
    5. https://blog.box.com/5-big-cybersecurity-bets-continuous-adversarial-validation

Fler avsnitt av AI Security Podcast

Visa alla avsnitt av AI Security Podcast
The Zero-Click AI Hack: How to Contain the Blast Radius of Autonomous Agents
47 min
Anthropic's Project Mythos: Why the "Zero-Day Machine" is Terrifying the Security Industry
1 tim 3 min
Are AI Security Startups Faking It? How to Separate Signal from Noise
47 min
How Lovable Manages 100+ Daily Changes, Vibe Coding & Shadow AI
57 min
Questions Every CISO Must Ask AI Security Vendors
51 min
Will Foundation Models Kill Security Startups?
1 tim
How to Build Your Own AI Chief of Staff with Claude Code
47 min
AI Security 2026 Predictions: The "Zombie Tool" Crisis & The Rise of AI Platforms
1 tim 1 min
Why AI Agents Fail in Production: Governance, Trust & The "Undo" Button
51 min
AI Security 2025 Wrap: 9 Predictions Hit & The AI Bubble Burst of 2026
1 tim 3 min

AI Security Podcast med TechRiot.io finns tillgänglig på flera plattformar. Informationen på denna sida kommer från offentliga podd-flöden.