Dennis Joshua, Vice President of Cyber Defense and Managed Security Services at Inspira Enterprise, discusses the balance between automation and human expertise, emphasizing AI as a copilot rather than a replacement.
Traditional SOCs struggle to keep pace with evolving cyber threats, rising data costs, and overwhelming alert volumes. In this interaction with Nisha Sharma, Senior Tech Correspondent at Tech Disruptor Media, Dennis Joshua, Vice President of Cyber Defense and Managed Security Services at Inspira Enterprise, explains how AI is redefining the SOC model—optimizing data pipelines, automating up to 90% of L1 triage, and surfacing only meaningful anomalies.
Vice President-Cyber Defense & Managed Security Services,
Inspira Enterprise
He shares real-world results, including a 45% cut in SIEM ingestion costs and major improvements in detection and response times for a large bank. Dennis also discusses balancing automation with human expertise, overcoming legacy mindset barriers, and how emerging technologies like Generative AI and quantum computing will shape the future of SOC.
TDM: How is AI redefining the traditional SOC model, and why is this transformation urgent today?
Dennis Joshua: The four layers in any traditional SOC model are data ingestion, normalization, analytics, and response. While individual technologies have improved efficiency in each layer, they eventually hit limits and struggle to keep pace with the fast-changing threat landscape and evolving business needs. A common example is the trade-off between achieving full visibility and controlling SIEM/XDR costs. Organizations often struggle to determine what should be logged or excluded, especially as nearly 79% of intrusions in 2025 are expected to be malware-free, using native tools to evade detection, according to CrowdStrike’s 2025 Global Threat Report. Furthermore, another challenge in legacy SOCs is the massive number of alerts that are generated daily, where security analysts have no choice but to prioritize alerts from critical to low, and lower-priority alerts remain uninvestigated for a long time. This creates blind spots where sophisticated attackers use “hidden in plain sight” techniques, blending malicious activity into noise that appears non-urgent.
On the other hand, AI reformulates this traditional SOC model by introducing intelligent data routing, where only high-value telemetry is ingested. It also enriches adaptive analytics to address the changing tactics of the attacker. Furthermore, business context is provided by AI to enable SOC teams to detect, investigate, and respond quickly while they pay attention to what truly matters. This transformation brought by AI empowers the SOC to be more cost-effective, scalable, proactive, and aligned with business risks, and is an urgent need today. Without AI, modern SOCs risk being overwhelmed and ineffective against advanced cyber threats.
TDM: What sets Inspira’s AI SOC apart from other AI-driven security solutions?
Dennis Joshua: Inspira’s AI SOC is built to address the practical challenges enterprises face today and to provide outcomes that traditional SOCs or vendor-restricted AI tools often struggle with. It focuses on efficiently processing high-value telemetry by optimizing ingestion and enrichment, while reducing the costs associated with SIEM and data lakes. Analytics is decoupled from ingestion to avoid lock-in, allowing flexibility across SIEM, XDR, and cloud platforms. This structure also gives business and application teams autonomy over their data while enabling enterprise-wide correlation for complete visibility.
The SOC uses automation to handle a large share of level 1 triage, reducing noise and speeding up incident response. AI models are applied to baseline user and entity behaviors, surfacing only anomalies that are likely to be meaningful. These models are continuously tuned and validated with real-world inputs to keep pace with evolving threats. Beyond detection, operations incorporate Continuous Threat Exposure Management (CTEM), moving past static vulnerability management by testing vulnerabilities with real exploits and assessing their reachability. This supports a more risk-based approach to mitigation.
Overall, the AI SOC emphasizes adaptability, vendor-agnostic design, and intelligence-driven methods to improve efficiency, manage costs, and better align security operations with organizational resilience.
TDM: Can you share a real-world example where your AI SOC significantly improved threat detection and response outcomes?
Dennis Joshua: A large banking client reduced SIEM ingestion costs by 45% and automated 90% of L1 triage after adopting Inspira’s AI SOC. Our AI-driven data pipeline optimized telemetry, while cross-correlation across SIEM, EDR, and cloud eliminated blind spots, increasing the detection coverage by 70%. Our advanced behavioral baseline models identified previously undetected threats, increasing confidence in detections by almost 2x, and continuously validated the real-world exploitability of vulnerabilities. As a result, the client cut MTTD by 60% and MTTR by 50%, achieving faster, more business-aligned risk mitigation at lower cost.
TDM: How do you balance automation with human expertise in the SOC to avoid over-reliance on AI?
Dennis Joshua: At Inspira, we see automation not as a replacement for human expertise but as a tool to strengthen the SOC. Our approach is gradual, starting with common and independent tasks before extending to more complex areas like decision-making. Automation is tested against human oversight at each stage to ensure it remains within acceptable risk limits. The goal is to improve processes—never to automate flawed ones, which could otherwise amplify issues.
In practice, analysts remain in control of final responses, with AI serving as a copilot—suggesting next steps, drafting investigation notes, and highlighting anomalies. Analysts feed outcomes back into the system so detection methods, baselines, and playbooks evolve with real-world experience. Beyond technical processes, our experts provide regulatory, business, and contextual insights, such as financial risk in banking or patient safety in healthcare—factors that AI alone cannot fully address.
TDM: What are the biggest roadblocks organizations face when modernizing legacy SOCs, and how can they overcome them?
Dennis Joshua: It is the mindset that can become the biggest roadblock organizations encounter while upgrading legacy SOCs. These SOCs were built on large SIEM platforms that were deeply embedded in operations, and organizations feared any change, which they presumed would disrupt business, and hence hesitated to modernize. Here, a trusted partner can help instill confidence by demonstrating that modernization can occur, leading to enhanced resilience with minimal disruption to business operations. Organizations also tend to build everything in-house. While this approach can eliminate the control and compliance concerns, there are high chances of delays and missteps. Organizations can benefit immensely by partnering with the right MSSP with a proven track record of transforming SOCs across technologies and acting as an extension of the client’s team. This true partner must have the capabilities to deliver business-centric threat models, adversarial threat hunting, and intelligence-driven detection before any damage occurs, and not just react after the alarms go off.
Furthermore, a modern SOC must respond appropriately and not just help in detection. It must identify and contain threats, assess the compromise depth, and continuously adapt controls to eliminate recurrence. This is also known as delivering closed-loop remediation, which involves the cycle of detection, response, and improvement, differentiating it from a legacy SOC.
While at first glance many partners may look similar, organizations must look deeper and validate these capabilities. At Inspira, we have successfully solved these challenges across industries, from Fortune 100 enterprises to SMBs, helping clients modernize with confidence and measurable results.
TDM: Beyond security metrics, what tangible ROI or value do clients experience from moving to an AI SOC?
Dennis Joshua: The ROI of moving to an AI SOC extends well beyond faster detection and response times. It creates measurable business value across cost, efficiency, and resilience. Our clients consistently experience lower SIEM/Data costs where the AI-driven data pipelines filter and enrich telemetry at the edge, reducing ingestion and storage costs by 30-40% without sacrificing visibility. Coverage and operations are scaled with AI in the SOCs without the necessity of proportional increases in manpower or infrastructure costs. With automated triage and AI-augmented analytics, reducing noise and false positives, there is decision-making accuracy, and analysts can spend their time in incident scoping, depth analysis, and proactive hunting. With continuous threat exposure management (CTEM) integration, exploitability and reachability of vulnerabilities are validated, ensuring remediation costs are directed toward the exposures that matter most. Executives and boards make informed and risk-aware decisions as AI contextualizes threats in terms of business risk and impact. Organizations are able to reduce burnout with redeployment of talent to higher-value analysis by automating up to 90% of Level 1 triage.
TDM: How do advances like Generative AI or quantum computing shape SOC operations in the next few years?
Dennis Joshua: Today’s AI SOCs mainly focus on removing manual tasks, especially eliminating the need for Level 1 triage. But the arrival of Generative AI and quantum computing will reshape SOCs in deeper ways. As GenAI and quantum-powered models do not rely on static playbooks and pre-built detection templates, they could simulate millions of attacker behaviors at once, auto-creating precise detections with fewer false positives. SOAR automation will evolve from static workflows/templates to dynamic, context-aware playbooks that adapt automatically as attackers’ tactics change. Quantum’s pattern recognition power will make it possible to spot anomalies across massive, complex data sets that overwhelm today’s systems. These models will accelerate adversary campaign mapping, modeling millions of possible attack paths and strategies in parallel to predict likely next moves.
In short, quantum computing will drive SOCs toward massive-scale anomaly detection, adaptive automation, and continuous validation, modeling the real adversary landscape faster and more completely than ever possible with traditional computing.
TDM: What best practices would you recommend to CISOs or CIOs considering a shift towards an AI-powered SOC?
Dennis Joshua: CIOs and CISOs should understand that shifting toward an AI-powered SOC is a leadership and strategic decision in addition to being technological. Some key best practices they should follow are defining clear outcomes, such as cost reduction, faster response, or alignment to business goals, where adopting AI technology remains tied to a measurable value. The data strategy must first be modernized by ensuring an intelligent data pipeline that enriches and filters telemetry. This helps to eliminate unnecessary ingestion costs while preparing for AI-driven analytics and should be done across the organization, including security and business teams. Adopt incremental automation by automating independent low-risk functions and slowly expanding into decision support and adaptive responses.
A platform that excels in volume reduction and accuracy in investigation outcomes should be leveraged. Maintaining balance with a human-in-the-loop model for high-stakes decisions and having AI acting as a copilot is critical. Establish vendor independence and decouple analytics from ingesting to maintain flexibility while empowering business and application teams with their own visibility.
Analysts should be trained to leverage AI as a copilot where they can focus on incident scoping, hunting, and business-context analysis rather than performing repetitive tasks. It is important to preserve end-user experience by ensuring these enhancements do not compromise the users’ performance, usability, and trust as well as the business applications on which they depend.
About The Author
