Testing, Learning, Evolving: How Practice and Precision Strengthen the SOC with Marty McDonald
Season 2, Episode #4
In this episode of SOC Unlocked, host Mick Leach talks with Marty McDonald, Principal Domain Advisor at Optiv, about what it takes to modernize today’s SOCs for an AI-driven world.
Marty shares how forward-looking teams are automating repetitive, level-one work with SOAR and agentic frameworks freeing analysts to focus on higher-value investigations. He also explains how UEBA and entity analytics help analysts tell better data stories, transforming telemetry into actionable insight for executives and boards alike.
The conversation underscores a timeless truth—modernization starts with fundamentals. From refining metrics to running effective tabletop exercises, small, consistent improvements drive lasting transformation.
Insights
Modernizing the SOC starts with a holistic view of people, processes, and tools—not just new technology.
Context-rich analytics turn raw telemetry into stories that make threats and risks easier to understand.
Metrics must align with the audience, from analyst efficiency to executive-level risk reduction.
Small, consistent improvements build maturity faster than tackling massive, all-at-once transformations.
Interested in being on the podcast?
Contact us at SOCUnlockedPodcast@abnormalsecurity.com
Guests
“The ability to tell a story with data—whether through metrics or the attack chain—is what separates an effective SOC from a reactive one.”
“We talk a lot about shiny new tools, but the fundamentals still win. If we don’t get those right, the rest doesn’t matter.”
“A good tabletop can change everything. It’s where you find the unknowns before they find you.”
“Metrics matter at every level. A Tier 1 analyst wants to know if they’re winning. The CISO wants to know how much risk was reduced. It’s all storytelling, just in different languages.”
