Christopher Crowley is an independent consultant and senior instructor at the SANS Institute, who has 20 years of experience managing and securing networks. He is considered a leading expert in building a security operations center, or SOC, and authored the SANS 2024 SOC Survey report in May, which focused on the top challenges facing security operations.

In this episode, Crowley's survey provides an entry point for a bigger-picture discussion about the last 20 years of SecOps, the pros and cons of cloud-based SOCs, the trough of disillusionment with AI and predictions for the future.

The number, magnitude and costs of cyberattacks have steadily escalated, year after year, for the last two decades as software has eaten the world. Fresh vendor products continue to proliferate to address increasingly sophisticated threats, but time-honored problems with human error, systems visibility and vulnerability remediation continue to plague security operations (SecOps) teams. When even the world's largest tech companies continue to be breached by attackers, what hope is there for everyone else that software-based security disasters won't continue to spiral? In this season of IT Ops Query, beginning on September 5, you'll hear from a range of experts about the mounting pressures of security operations, and how the tech industry can begin to relieve them.

Josh Koenig and David Strauss are co-founders at Pantheon, a platform for building and operating websites. Josh is the chief strategy officer, and David is the CTO. Open source software is a big part of the web, and Pantheon is a downstream user as well as a contributor to several open source projects. David is an early contributor to systemd, a component of Linux distributions, a member of the Drupal security team, and was a founding member of the first Fedora Server working group in 2011.

Josh and David share their views as downstream consumers of open source software as well as members of the community, touching on why enterprises don't contribute more to open source, the approach to open source policy and licensing changes by two different major vendors in Red Hat and HashiCorp, efforts to shore up the security of the web by moving to memory-safe languages, and more. Come for the industry insights, and stay for the many colorful analogies in this discussion, from tugboats to tofurkey.

Editor's Note: This episode was recorded before IBM agreed to acquire HashiCorp.