Modern security teams no longer investigate a clean environment they fully own. Cloud, SaaS, AI, identity, APIs, and supplier dependencies have changed where risk lives and what responders need to see.
In this episode of Mitiga Mic, Brian Contos sits down with Kathleen Moriarty, founder of SecurityBias, to discuss how the SOC operating model is changing. Kathleen brings decades of perspective from PSINet, MIT Lincoln Laboratory, RSA, EMC, Dell, the IETF, the Center for Internet Security, and her current work helping SaaS providers better serve organizations that are often left out of traditional security models.
The conversation moves from the cyber underserved and cyber not-served, to shared responsibility in cloud and SaaS, to the practical gaps SOC teams face when applications, identities, APIs, and suppliers are all connected. Brian and Kathleen also dig into zero trust, kill chain thinking, AI agents, API security, and why resilience depends on detecting and limiting impact quickly when attackers get in.
For leaders and practitioners, you'll walk away with the understanding that cloud detection and response can't be a narrow cloud problem. It is becoming part of how organizations investigate across the systems their business actually runs on.
Watch the full conversation to hear Kathleen and Brian unpack what the modern SOC needs next.
Related reading
Why traditional incident response doesn’t work in the cloud
Evaluating Cloud Detection & Response platforms and vendors
