How we're actually using AI in the SOC with Eric Capuano

limacharlie logo
LimaCharlie
Jun 17, 2026
LimaCharlie

Join us for the final episode of Defender Fridays as Eric Capuano, creator of Defender Fridays and co-founder of Digital Defense Institute, closes out the series with a candid conversation on how he's actually building and running agentic workflows in the SOC today.

At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.

What We'll Discuss

In this episode, Eric Capuano draws on years of SOC operations, detection engineering, and hands-on agentic workflow development to share what's actually working, what isn't, and where the industry needs to be more honest with itself.

Key Topics:

  • Why agentic workflows are the next evolution of SOAR, and what it takes to build them reliably
  • How deterministic checkpoints at every stage are essential to making LLM-driven workflows trustworthy
  • How one team increased their detection engineering output by 900x using agentic workflows running day and night
  • Why false positive tuning and detection engineering are the right place to start before tackling complex investigative workflows
  • How to think about model selection in agentic pipelines: cost, task complexity, and stakes
  • Why organizations with poor data hygiene will struggle to get value from AI regardless of how sophisticated the tooling is
  • The risks of prompt injection when feeding untrusted inputs into LLMs, and why trusted inputs should always come first
  • Why the goal is to use LLMs for as little as possible, and push everything else into deterministic steps

About Our Guest

Eric Capuano is the creator of Defender Fridays and co-founder of Digital Defense Institute. He has spent years doing SOC operations, detection engineering, threat hunting, and DFIR, and currently consults on building and deploying agentic SecOps workflows for security teams. He is also the author of the "So You Want to Be a SOC Analyst" training, which has put over 500 students through hands-on SOC workflows using LimaCharlie's free tier.

Watch Us Live

Defender Fridays ran every Friday at 10:30am PT for over 100 sessions. Subscribe to our YouTube channel to catch up on past episodes.
Sponsored by LimaCharlie

This episode is brought to you by LimaCharlie, the Agentic SecOps Workspace (ASW), where AI agents operate security infrastructure using the same controls and authority as human analysts, with every action visible, governed, and auditable.

Why LimaCharlie?

  • Eliminate vendor sprawl and tool complexity
  • Deploy and scale effortlessly on native multi-tenant architecture
  • Reduce costs with intelligent data routing and free 1-year retention
  • Build custom solutions with 100+ security capabilities on-demand
  • Accelerate response with agentic AI that acts directly within predefined workflows

Try the Agentic SecOps Workspace free: https://limacharlie.io
Learn more: https://docs.limacharlie.io

Follow LimaCharlie

Sign up for free: https://limacharlie.io

LinkedIn: / limacharlieio

X: https://x.com/limacharlieio

Community Discourse: https://community.limacharlie.com/

Host: Maxime Lamothe-Brassard - Founder at LimaCharlie

Guest: Eric Capuano - Co-founder of Digital Defense Institute

#defenderfridays #limacharlie #cybersecurity #infosec #secops

Copyright © 2026 OpsMatters™. All rights reserved.