Loading…
Company: Data Defenders clear filter
Saturday, September 12
 

10:30am CDT

The Contextualization Gap: Why Your SOC Has the Data But Not the Story
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Security operations teams are not losing ground because they lack tools. They are losing ground because they have accumulated too many tools, each addressing a specific threat, each generating its own telemetry, with no architecture capable of connecting that data into a coherent, actionable picture of what is happening in the environment. The result is a team simultaneously overwhelmed by data and operationally blind to the threats moving through it. This is true for internal SOC teams and for MSSPs, and the burden manifests differently for each.


The core problem is structural: the five functions required to convert raw telemetry into a security decision, specifically aggregation, correlation, analysis, decision making, and execution, are not all human-speed functions. The first three demand machine-level speed and scale. 


1. Aggregation requires collecting and storing every data point from every endpoint and point solution, in raw form, before filtering occurs. 2. Correlation requires establishing real-time relationships across those data points at a scale no analyst team can match manually. 
3. Analysis requires assembling those relationships into a complete, contextualized picture of what is present, what it is doing, and whether it represents a threat. 


These three functions, performed at the volume and velocity modern environments generate, are beyond the operational capacity of any human element working without machine support.


Yet most organizations have humans attempting to manage all five steps, and both sides of the security operations equation pay for it.


Internal SOC teams silo the data conversation, leaving executive leadership, board members, and stakeholders without the context to authorize meaningful action. 


External providers face a version of the same problem: unable to build full context from fragmented data, they struggle to explain which data matters to the client, let alone guarantee the client is protected. They carry that uncertainty every day. 


In both cases, the human element absorbs the burden of functions it was never designed to perform, and the organization remains exposed.


This session presents the operational argument for a different architecture: one in which an AI and ML-driven security contextualization engine executes steps one through three against the full data lake in real time, and delivers the output (a contextualized, prioritized picture of environmental activity) to the human operator. 


The human element is not removed from the process. It is repositioned to the two steps where human judgment is irreplaceable: decision making and execution. The operator arrives at step four informed, not overwhelmed.


The session draws from documented deployments in resource-constrained environments, including a regional security operation that processed 35,331 threats, eliminated 351 classified at high severity, and maintained zero major security incidents, at 77% below the cost of an equivalent internal SOC. The outcomes were not produced by adding analysts. They were produced by correctly positioning the human element within the detection lifecycle.


Attendees will leave with a framework for auditing where their team is currently positioned in the five-step cycle, a model for what machine-executed contextualization makes operationally possible, and a practical starting point for closing that gap.
Speakers
avatar for Cyrus Walker

Cyrus Walker

Founder/CEO, Data Defenders
Thirty years of operational cybersecurity experience spanning municipal government, nonprofit, and healthcare sectors. Work includes forensic investigation, critical infrastructure protection, and the design and operation of shared regional security programs built for organizations... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk
 
Blue Team Con 2026
From $0.00

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Thursday, September 10
Saturday, September 12
Microsoft Technology Center (Aon Center)
Swissôtel Chicago
  • Talk
  • Training
  • Company
  • Abstract
  • Acalvio
  • Amazon
  • Beazley Security
  • Black Hills Information Security
  • Bloom security
  • Broadcom
  • C Spire
  • Campbell Clinic
  • Coalfire
  • CQURE
  • Critical Path Security
  • Data Defenders
  • Dataminr
  • Daylight Security
  • DHS/CISA
  • EXOS
  • First National Bank of Omaha (FNBO)
  • Flare
  • Fortune 150 Food & Bev Manufacturer
  • GetReal Security
  • Horizon Secured
  • Invisible Technologies
  • LevelBlue
  • Liberty Mutual Insurance
  • Nationwide
  • Netwrix
  • Notion
  • Pixee AI
  • Push Security
  • Rapid7
  • Reflex Security
  • Reversec
  • Revology
  • SCYTHE
  • Semperis
  • Spacewalk.ai
  • SpecterOps
  • StoneX
  • TrustedSec
  • Webflow
  • WiCyS Wisconsin
  • Zelis Healthcare
  • Audience
  • Advanced
  • Beginner
  • Early Career
  • Intermediate
  • Subject
  • Application Security / DevSecOps
  • Career Matters
  • Governance / Risk / Compliance
  • Management / Leadership
  • Physical Security
  • Resilience
  • Security Operations / Tools
  • Threat Hunting and Red Teaming
  • Threat Intel and DFIR
  • Vulnerability Management