Back to New Tab

AI-Enabled SOC Strategies Expand Security Teams, Accelerate Enterprise Threat Response

New Tab News Team
March 4, 2026
AI

Albert Evans, Founder and Principal at Evans Cyber Advisory LLC, outlines why governance, hiring discipline, and AI enabled SOC operations determine whether enterprise AI stays secure.

Credit: Outlever

The technology is there. The frameworks are there. You just need to get the governance there. A lot of people are dismissing governance.

For many companies adopting artificial intelligence, the biggest vulnerability isn't the code. It's flawed human processes and governance that came before AI adoption. Deploying new AI tools into environments burdened by technical debt and weak oversight creates a structural weakness at the top. When leaders choose technology leaders who don't understand it, corporate security can often become a matter of luck.

We spoke with Albert Evans, a cybersecurity executive with over 20 years of experience securing core infrastructure for national organizations and Fortune 500 companies. As the former CISO for ISO New England, a $13 billion wholesale energy marketplace, and Global Deputy CISO for Computer Sciences Corporation, a 90,000-person enterprise, Evans has operated at some of the highest levels of corporate defense. His leadership perspective is forged by work in the U.S. Army's 82nd Airborne Division and the DoD Cyber Crime Center, the latter of which offers a direct view of the state of AI risk. Now, as the Founder and Principal at Evans Cyber Advisory LLC, he works with clients to build what he sees as a foundational understanding of AI: before leaders can govern AI, they must govern themselves effectively.

"The technology is there. The frameworks are there. You just need to get the governance there. A lot of people are dismissing governance," says Evans. Lack of governance is there long before any AI tool is deployed, and it starts with a flawed hiring process. More specifically, when non-technical boards and executives are tasked with hiring for key roles like the CIO or CISO, they often lack the expertise to vet candidates. And without the right candidates, AI projects quickly become disorganized and unproductive.

  • A roll of the dice: What does it mean to hire the right people? It's all about having the knowledge and insight to understand the position and what that position must accomplish, Evans clarifies. "The biggest risk to companies is created by how they hire their senior technology leaders," he says. "When you're hiring for the CIO or CTO, the interviewers often don't know what the job truly entails, so the process becomes a personality test. Whether a company hires a competent leader or not ends up being a matter of luck more than anything else."

  • Garbage in, garbage AI: Over the years, that leadership gap has led to the accumulation of technical debt and poor data hygiene, whether that's related to legacy systems or ill-fitting vendor solutions. Evans notes that technical debt often gets pushed to the back of the priority queue because it competes for resources with new, high-profile projects perceived to deliver more immediate business value. "Companies are now trying to deploy AI when they don't have good, centralized data," he says. "That's the foundational element for what you're going to use AI for, and this technical debt is biting a lot of companies."

Adding to that internal disarray is the reality of an external threat environment in which attack speeds are rapidly increasing. Evans describes a "tempo gap," in which threat actors are leveraging AI to compress attack timelines from weeks or days to minutes, a speed that many legacy security postures struggle to handle. "Low-skill threat actors have upskilled, and advanced threat actors are compressing their time frame across every stage of the attack."

  • Checkers to chess: Between the tempo gap and this response gap, Evans sees a massive hole in IT security stemming directly from slow and incomplete AI implementation. "The reality is that threat actors are now playing chess, but many organizations are still playing checkers. We are simply too slow to change our defensive operations to match their tempo."

The solution lies not in finding new technology, but in adopting a proactive strategy. Keeping pace with modern threats makes Continuous Threat Exposure Management (CTEM) a requirement. Evans also advocates for the AI-enabled SOC, a concept he put into practice during his time as CISO at ISO New England by implementing Splunk's AI-enabled Enterprise Security and SOAR capabilities.

While acquiring the right tools is an important first step, a true defense requires a comprehensive, multi-layered governance blueprint. In practice, that means layering standards such as the NIST framework for governance, the Cloud Security Alliance for architecture, and OWASP for application security—all the while ensuring the security operations team is trained to translate the specific intelligence from MITRE ATLAS into action.

  • Augment, not replace: Organizations don't have to replace SOC with AI. According to Evans, it's about expanding a SOC's capabilities through AI. "You're not getting rid of people in an Agentic SOC; you are extending your workforce," he says. "With most SOCs already understaffed, you're using AI agents to work more quickly and correlate more data. Instead of a human analyst doing one thing at a time, the agents can handle 20 tasks, and the human analyst can then review the results. It’s about making your team faster, not smaller."

  • A false sense of security: These frameworks are the opposite of a mindless guardrails approach. "Relying on a vendor's built-in guardrails oversimplifies security," Evans says. "It's the equivalent of saying you have a firewall, so you don't need endpoint detection and response. True security requires defense-in-depth, and a guardrail is just one layer that can, and will, be bypassed." Secure organizations are building in best practices from all relevant frameworks throughout their infrastructure.

Evans poses a question to board members and executives: Are they confident that their teams can prevent attacks on their AI systems? "Can they quickly detect, respond, and contain that attack? If you haven't tested your kill switches or implemented anomaly detection to answer that question, you are deploying systems with no ability to respond to a major issue."

So, if governance is paramount, then what does that mean for organizations? Evans concludes by emphasizing the necessity of getting governance right from the start, establishing clear policies for human oversight, identity controls, and kill switches. "If you don't, you're going to have future problems, or you're going to have a big rework project retrofitting this stuff later. You should do it upfront."

Related content

Security Leaders Build Adaptive Governance Frameworks to Contain Shadow AI Risk

Mahesh Varavooru, Founder of Secure AI, warns that Shadow AI creates a hidden two way risk loop and calls for runtime guardrails and sanctioned sandboxes to secure enterprise innovation.

Clear Accountability Structures Reduce Risk, Anchor AI Deployment In Real Decision Workflows

Artur Walisko, Founder and Architect of LLM Studio, argues that the AI deployment gap is an architectural failure, not an adoption problem, and that governance must be built into AI systems as a structural layer before models reach real decisions.

Cyber Resilience Replaces Breach Prevention As The Defining Measure For Enterprise Security

Theresa Lanowitz, cybersecurity evangelist and former Gartner analyst, explains why resilience and supply chain accountability are the priorities security leaders must act on in 2026.

You might also like

See all →
Powered by Island.
ISLAND, All rights reserved ©