Antonβs Security Blog Quarterly Q1 2026
My Antonβs Security Blog (And Podcast!) Quarterly this covers both Anton on Security and my posts from Google Cloud blog, Google Cloud community blog, and our Cloud Security Podcast (subscribe on Spotify, now withΒ VIDEO).

Top 10 posts with the most lifetime views (excluding paper announcement blogs):
- Antonβs Alert Fatigue: The Study [A.C.βββwow, this is still #1 now! Awesome! Perhaps I need more of such deepΒ studies]
- Security Correlation Then and Now: A Sad Truth AboutΒ SIEM
- Can We Have βDetection asΒ Codeβ?
- Detection Engineering is Painfulβββand It Shouldnβt Be (PartΒ 1)
- Revisiting the Visibility Triad for 2020 (update for 2025 isΒ here!)
- Beware: Clown-grade SOCs StillΒ Abound
- Why is Threat Detection Hard?
- Top 10 SIEM Log Sources in RealΒ Life?
- A SOC Tried To Detect Threats in the CloudΒ β¦ You Wonβt Believe What HappenedΒ Next
- SOC Visibility Triad is Now A QuadβββSOC Visibility QuadΒ 2025
Top 5 posts with paper announcements:
- New Paper: βFuture of the SOC: SOC PeopleβββSkills, Not Tiersβ (paper 2 of theΒ series)
- New Paper: βFuture of the SOC: Evolution or OptimizationβββChoose Your Pathβ (Paper 4 of 4.5) (one more paper coming later in 2026Β β¦ we are in reviewsΒ now!)
- New Paper: βFuture of the SOC: Forces shaping modern security operationsβ
- New Paper: βFuture Of The SOC: Process Consistency and Creativity: a Delicate Balanceβ (Paper 3 ofΒ 4)
- New Paper: βAutonomic Security Operationsβββ10X Transformation of the Security Operations Centerβ (the classic 2021 ASOΒ paper!)
3 random fun posts, must-read:
- Simple to Ask: Is Your SOC AI Ready? Not Simple toΒ Answer!
- Shadow Agents: A New Era of Shadow AI Risk in the Enterprise
- Antonβs Vibe Coding Experience: A Reflection on Risk Decisions
Top 7 Cloud Security Podcast by Google episodes (excluding the oldestΒ 3!):
- EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil (our best episode! officially!)
- EP150 Taming the AI Beast: Threat Modeling for Modern AI Systems with GaryΒ McGraw
- EP47 βMegatrends, Macro-changes, Microservices, Oh My! Changes in 2022 and Beyond in Cloud Securityβ
- EP153 Kevin Mandia on Cloud Breaches: New Threat Actors, Old Mistakes, and Lessons forΒ All
- EP109 How Google Does Vulnerability Management: The Not So SecretΒ Secrets!
- EP17 Modern Threat Detection atΒ Google
- EP156 Living Off the Land and Attacking Critical Infrastructure: Mandiant Incident DeepΒ Dive
(also see our NEW 2025 reflections blog about theΒ show)
Now, fun posts byΒ topic.
Security operations / detection & response:
- βSecurity Correlation Then and Now: A Sad Truth AboutΒ SIEMβ
- βMigrate Off That Old SIEM Already!β (VIDEO, a 2026 update is comingΒ soon!)
- βMeasuring the SOC: What Counts and What Doesnβt in 2025?β (Google CloudΒ Blog)
- βCan We Have βDetection asΒ Codeβ?β
- βRevisiting the Visibility Triad for 2020β and βSOC Visibility Triad is Now A QuadβββSOC Visibility QuadΒ 2025β
- βBeware: Clown-grade SOCs StillΒ Aboundβ
- βWhy is Threat Detection Hard?β
- βA SOC Tried To Detect Threats in the CloudΒ β¦ You Wonβt Believe What HappenedΒ Nextβ
- βStop Trying to Take Humans Out of SOCΒ β¦ ExceptΒ β¦ Waitβ¦ Waitβ¦Β Waitβ¦β
- βTop 10 SIEM Log Sources in Real Life?β (NEWERΒ VERSION)
- βDebating SIEM in 2023, PartΒ 1β
- βDebating SIEM in 2023, PartΒ 2β
- βLog Centralization: The End IsΒ Nigh?β
- βLiving with MultipleΒ SIEMsβ
- βDecoupled SIEM: Brilliant orΒ Stupid?β
- βHow to Make Threat Detection Better?β
- βSIEM Content, False Positives and Engineering (Or Not) Securityβ
- βModern SecOps Masterclass: Now Available on Courseraβ
(if you only read one, choose thisΒ one!)
Cloud security:
- βSecure cloud. Insecure use. (And what you can do aboutΒ it)β
- βUsing Cloud SecurelyβββThe Config Doom Questionβ
- βWho Does What In Cloud Threat Detection?β
- βHow to Solve the Mystery of Cloud Defense inΒ Depth?β
- βDoes the World Need Cloud Detection and ResponseΒ (CDR)?β
- βUse Cloud Securely? What Does This EvenΒ Mean?!β
- βHow CISOs need to adapt their mental models for cloud securityβ [GCPΒ blog]
- βWho Does What In Cloud Threat Detection?β
- βCloud Migration SecurityΒ Woesβ
- βMove to Cloud: A Chance to Finally Transform Security?β
(if you only read one, choose thisΒ one!)
How Google Does SecurityΒ (HGD):
- βHow Google Does It: Making threat detection high-quality, scalable, and modernβ (Google CloudΒ blog)
- βHow Google Does It: How we secure our own cloudβ (Google CloudΒ blog)
- βHow Google Does It: Securing production services, servers, and workloadsβ
- βHow Google Does It: Finding, tracking, and fixing vulnerabilitiesβ (Google CloudΒ blog)
- βHow Google Does It: Collecting and analyzing cloud forensicsβ
- βHow Google Does It: Red teaming at scaleβ (Google CloudΒ blog)
- βHow Google Does It: Security programs at global scaleβ (Google CloudΒ blog)
- βHow Google Does It: Securing production services, servers, and workloadsβ
- βHow Google Does It: Collecting and analyzing cloud forensicsβ
- βHow Google Does It: Applying SRE to cybersecurityβ
- βHow Google Does It: Building an effective AI redΒ teamβ
(if you only read one, choose this one! BTW, we also have a lot of fun HGD podcasts)
AI security:
- βImplementing Secure AI Framework Controls in GoogleΒ Cloudβ
- βOffice of the CISO 2025 Year in Review: 3 Key AI Security & Governance Themesβ
- βShadow Agents: A New Era of Shadow AI Risk in the Enterpriseβ
- βOur Security of AI Papers and Blogs Explainedβ (2024)
- βSecuring AI Supply Chain: Like Software, Only Notβ (Google CloudΒ blog)
- βSpotlighting βshadow AIβ: How to protect against risky AI practicesβ (Google CloudΒ blog)
- βShadow AI Strikes Back: Enterprise AI Absent Oversight in the Age of GenΒ AIβ
- βCloud CISO Perspectives: How Google secures AIΒ Agentsβ
- βNew Paper: βSecuring AI: Similar or Different?β
- βThe Prompt: What to think about when youβre thinking about securing AIβ (Google CloudΒ blog)
- βGen AI governance: 10 tips to level up your AI programβ (Google CloudΒ blog)
- βAI Adoption: Learning from the Cloudβs Early Daysβ (Google Community blog)
- βHow Google secures AI Agentsβ (Google CloudΒ blog)
- βDemystifying AI Security: New Paper on Real-World SAIF Applicationsβ
- βTo securely build AI on Google Cloud, follow these best practicesβ (Google CloudΒ blog)
- βOops! 5 serious gen AI security mistakes to avoidβ (Google CloudΒ blog)
- β3 new ways to use AI as your security sidekickβ (Google CloudΒ blog)
- βShadow Agents: A New Era of Shadow AI Risk in the Enterpriseβ (Google Cloud Community blog)
(if you only read one, choose thisΒ one!)
Fun presentations shared (nothing much new hereΒ ):
- SecureWorld 2025 Keynote DΓ©jΓ Vu All Over Again: Learning from Cloudβs Early Misadventures to Secure AIΒ (2025)
- Detection Engineering MaturityβββHelping SIEMs Find Their Adulting SkillsΒ (2024)
- Future of SOC: More Security, Less Operations (2024)
- SOC Meets Cloud: What Breaks, What Changes, What to Do?Β (2023)
- Meet the Ghost of SecOps FutureΒ (2023)
- The Future of Log Centralization for SIEMs and DFIRβββIs the End Nigh?Β (2023)
- 20 Years of SIEMΒ (2022)
Enjoy!
Previous posts in thisΒ series:
- Antonβs Security Blog Quarterly Q4Β 2025
- Antonβs Security Blog Quarterly Q3Β 2025
- Antonβs Security Blog Quarterly Q2Β 2025
- Antonβs Security Blog Quarterly Q1Β 2025
- Antonβs Security Blog Quarterly Q4Β 2024
- Antonβs Security Blog Quarterly Q3Β 2024
- Antonβs Security Blog Quarterly Q2Β 2024
- Antonβs Security Blog Quarterly Q1 2024Β Lite
- Antonβs Security Blog Quarterly Q3Β 2023
- Antonβs Security Blog Quarterly Q2Β 2023
- Antonβs Security Blog Quarterly Q1Β 2023
- Antonβs Security Blog Quarterly Q4Β 2022
- Antonβs Security Blog Quarterly Q3Β 2022
- Antonβs Security Blog Quarterly Q2Β 2022
- Antonβs Security Blog Quarterly Q1Β 2022
- Antonβs Security Blog Quarterly Q4Β 2021
- Antonβs Security Blog Quarterly Q3Β 2021
- Antonβs Security Blog Quarterly Q2Β 2021
- Antonβs Security Blog Quarterly Q1Β 2021
- Antonβs Security Blog Quarterly Q3.5Β 2020
Antonβs Security Blog Quarterly Q1 2026 was originally published in Anton on Security on Medium, where people are continuing the conversation by highlighting and responding to this story.









