(Crying Out Cloud) - Security Metrics, Detection & Response & Paintball with Erik Bloch

Wiz
Aug 18, 2025

[00:00] The podcast "Crying Out Lou Cloud" begins, introducing hosts Eden and Ammy Tai, and their guest Eric Block.

[01:10] The hosts introduce "Cloud Confessions" to get to know Eric.

[01:31] Eric discusses his unique start in security, reverse engineering hardware in the military in the early 1990s.

[03:09] He talks about the transition from physical to SAS security and how the internet and cloud evolved.

[04:21] Eric explains his passion for Ducati motorcycles and why he started riding a street bike for commuting.

[05:04] He clarifies that the items on his shelf are paintball markers from his professional paintball days.

[05:31] Eric answers the "Cloud Confessions" question: if he were a vulnerability, what type would he be?

[06:23] The discussion shifts to security metrics and how to translate risk into business language, especially in terms of dollars.

[08:48] Eric shares an anecdote about explaining his team's capacity to his CISO by showing they were leveraged between 130-200% of capacity.

[10:50] The concept of the "security poverty line" is introduced, discussing how organizations above and below it operate.

[16:15] The hosts bring up Eric's past declaration that the SOC (Security Operations Center) was deceased and ask if it still holds true.

[17:58] Eric explains his view that the SOC is no longer a noun (a physical place) but a verb (an action or capability).

[22:48] Eric mentions that he started writing a "sock manifesto" with Anton Chuvakin, outlining different levels of maturity for SOCs.

[24:22] He discusses his experiences with detection and response at various companies, noting how different every company's approach is.

[26:09] Eric talks about his entrepreneurial mindset and what drives him to build, including past successful startups.