With decades of experience navigating the complexities of strategic management and operations, Marco Gaietti has become a leading voice on integrating disruptive technologies into the enterprise. His work focuses on transforming core business functions, a mission that has led him to the heart of one of today’s most critical challenges: cybersecurity. This interview explores his firsthand experience deploying agentic AI within a global Security Operations Center (SOC). We’ll move past the hype to discuss the tangible ROI of AI, the human element of managing such a profound technological shift, the practicalities of partnering with innovative startups, and the strategic imperative for security leaders to embrace AI in an era of machine-speed threats.
Some organizations report dramatic efficiency gains, like a 70-80% faster triage time, after deploying agentic AI. Can you walk us through the operational changes that produce such results and explain how these metrics translate into a compelling business case for executive leadership?
Absolutely. The results are indeed striking, but they stem from a fundamental disruption of the traditional SOC model. We didn’t just layer AI on top of existing processes; we used it to completely automate the tier-one monitoring function across 100% of our security tools. This is where the magic happens. The AI agent handles the initial alert, acknowledges it, and performs the initial triage. This operational shift is what drives those figures—we saw a 77-80% reduction in the time it takes to triage a ticket and a 68-70% improvement in just acknowledging it. For leadership, the business case is multifaceted. It’s not just about a monetary ROI from reassigning staff; it’s about efficacy. We’re more accurate, we’re faster, and we’re building a more resilient defense against adversaries who are already operating at machine speed.
Transitioning tier one analysts to higher-value roles like threat hunting is a significant change. Could you describe the initial team reaction to this shift? What practical steps and mentorship programs did you implement to overcome their apprehension and successfully manage this transition?
There was a natural hesitation, of course. We’re all human, and when you propose a major change to a system that has operated the same way for twenty years, apprehension is the first response. The immediate fear is job displacement. My most important role as a leader was to grab that issue by the horns from day one. I had to shine a spotlight on not just what we were doing, but why we were doing it and, most importantly, what the opportunity was for each team member. We framed it as an evolution, not an elimination. We implemented a mentorship approach where we, as leaders, had to guide our teams down a new path, teaching them to think about problems differently. It created some healthy tension, but by explaining the ‘why’—that this upskills them into roles like threat hunters and intelligence analysts—we assuaged that initial fear and turned it into excitement for a new challenge.
When using emerging AI capabilities from a startup, a “human copilot” approach is often needed for validation. How do you structure this human-in-the-loop process to provide real-time feedback and reduce false positives without creating new bottlenecks?
This was a critical piece of the puzzle, especially since we partnered with an innovative startup, 7AI, whose technology was evolving with us. We intentionally avoided a slow, waterfall-style validation where we wait for a rule to fire a certain number of times. Instead, we created what we called a “human copilot” system. We deployed half of our tier-one team to sit alongside the AI, validating its conclusions in real time as they were generated. This allowed us to establish a continuous feedback loop. Whenever the AI made an incorrect conclusion, one or two humans would immediately analyze it, determine why it was wrong, and feed that information directly back to our vendor partner. They could then implement changes on the fly to prevent a recurrence. This real-time, iterative process was key to rapidly driving down the false-positive rate and building our confidence in the system without ever slowing down the operation.
Cyber adversaries are using AI to launch attacks at machine speed. Given this reality, what is your step-by-step advice for CISOs who are hesitant to start their own AI projects due to concerns about immaturity or accuracy?
My first piece of advice is blunt: just get started. There’s a general fear of the unknown, particularly around false-positive rates. But human-based SOCs have false-positive rates, too. We’re used to deterministic products where you code a rule and it executes perfectly 100% of the time. AI is different, and that can be scary, but you learn so much by starting the process. My second piece of advice is a follow-up question: if not now, when? The adversary is already using these tools to launch attacks at physically impossible rates. Waiting a year or two could be disastrously too late. So, the steps are: Start now, but move slowly and cautiously. Enable the business by saying ‘Yes’ to innovation, much like CISOs eventually had to do with the cloud. Be a champion for this technological progress, not a roadblock.
What is your forecast for the evolution of the SOC over the next five years as agentic AI becomes more widespread?
I believe we are on the cusp of a complete redefinition of the SOC. The traditional, tiered model will become a relic. Over the next five years, agentic AI will handle the vast majority of what we now consider tier-one and even some tier-two analysis, operating with a speed and scale that is simply not humanly possible. This will elevate the role of the security analyst entirely. SOCs will become leaner but far more potent, staffed by highly skilled threat hunters, AI trainers, and incident responders who act as strategic commanders, directing the AI agents and focusing only on the most complex and novel threats. The focus will shift from sifting through endless alerts to proactively hunting adversaries and fine-tuning the AI’s defensive posture. Ultimately, the SOC of the future will be a true human-machine partnership, a fusion of human ingenuity and artificial intelligence that finally allows defenders to operate at the same velocity as their attackers.
