Logs & Lattes: Episode 6 - How Small SOC Teams Stop Drowning in Alerts

Lean security teams don't need a smaller version of an enterprise SOC. They need a different approach entirely.

Graylog Director of Product Management, Rich Murphy, joins Logs and Lattes to explain why 2-to-4-person security teams are the most underserved segment in cybersecurity and what needs to change.

In this episode:
Why alert fatigue causes judgment erosion, not just burnout
Why credential compromise defeats rules-based detection
Why SOAR never delivered for small teams and what should replace it
How to support junior analysts without constant senior escalations
What CISOs on lean teams need to answer the board question "are we covered?"

This episode is for security analysts, SOC managers, IT directors, and CISOs at mid-market companies who are tired of tools built for 40-person SOCs.

Follow Graylog on LinkedIn and YouTube for more practitioner-focused conversations on security operations, threat detection, and incident response.

Learn more at graylog.org

0:00 Intro: The Reality of Lean Security Teams

0:54 What “Lean” Actually Means (Not a Small SOC)

2:19 The Daily Chaos & Reactive Workload

5:19 Alert Fatigue & Missing Real Threats

8:05 Attacks That Look “Normal”

10:25 Skill Gaps, Training & Tool Complexity

12:20 Making Junior Analysts More Effective

13:42 Why SOAR & Automation Fall Short

14:48 AI’s Role (What It Helps—and What It Doesn’t)

16:11 The CISO Perspective & Reporting Gaps

17:59 Transparency, Risk & Budget Conversations

19:22 Are Things Actually Getting Better?

20:39 Wrap-Up & Key Takeaways