 CISO is Creating their Own Agentic SOC](https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_nologo/39263807/39263807-1696934264089-82943a9d63e17.jpg)
Buy vs. Build AI Security: Why [Box.com](http://Box.com) CISO is Creating their Own Agentic SOC
From AI Security Podcast by TechRiot.io
April 22, 2026 · 47 min · Season 4 · Episode 9
About this episode
Heather Ceylan, CISO at Box.com, discusses the importance of building custom AI solutions for security and shares insights on AI transformation within her organization.
If your AI solution is just helping humans process the same amount of alerts a little faster, you haven't transformed anything, you've just created a faster hamster wheel.In this episode, Ashish and Caleb speak with Heather Ceylan , CISO at Box.com, about how she is leading a true, developer-first AI transformation within her security organization . Heather reveals the five strategic "AI Bets" Box is making. We dive into the reality of building an AI SOC, discussing how Box achieved a 38% automated triage rate for Tier 1 alerts, and why teaching AI not to hallucinate requires treating prompts like strict policy engines .The conversation also tackles the build vs. buy dilemma. Heather explains why she prefers to have her team build custom AI solutions (at least until vendors can out-innovate her engineers) and shares her biggest disappointment when evaluating AI security startups Questions asked: (00:00) Introduction(02:50) Who is Heather Ceylan? (CISO at Box.com) (04:20) Transformation vs. Acceleration: Eliminating Classes of Work (06:00) Building an AI SOC: Achieving 38% Automated Triage (07:20) Controlling Hallucinations: Prompts as Policy Engines (09:30) The Buy vs…
People in this episode
Hosts: Ashish, Caleb
Guest: Heather Ceylan
Topics covered
- AI security
- CISO
- SOC
- automation
- build vs. buy
- AI transformation
Keywords
- AI SOC
- automated triage
- security architecture
- AI Bets
- CISO insights
Mentioned in this episode
Organizations: Box.com, TechRiot.io
More episodes of AI Security Podcast
- Why Asset Intelligence is Replacing the CMDB & Static Dashboards · June 11, 2026 · 43 min
- The AI AuthZ Problem: Why Human Least Privilege Fails for Autonomous Agents · June 4, 2026 · 48 min
- Securing AI at the Speed of Engineering | DoorDash | Forward Deployed Security | GRC Engineering · May 21, 2026 · 1h 3m
- Verification vs. Validation: How Autonomous AI is Changing Cybersecurity · May 13, 2026 · 1h 10m
- The Zero-Click AI Hack: How to Contain the Blast Radius of Autonomous Agents · April 29, 2026 · 47 min
- Anthropic's Project Mythos: Why the "Zero-Day Machine" is Terrifying the Security Industry · April 18, 2026 · 1h 3m
Explore listener stats, chart rankings, contacts and more on the AI Security Podcast podcast page.