Login
Antonβs Security Blog Quarterly Q4 2025
29 December 2025 at 23:16
Amazingly, Medium has fixed the stats so my blog / podcast quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog, Google Cloud community blog, and our Cloud Security Podcast (subscribe on Spotify).
Top 10 posts with the most lifetime views (excluding paper announcement blogs):
- Antonβs Alert Fatigue: The Study [A.C.βββwow, this is still #1 now! Awesome! Perhaps I need more of such deepΒ studies]
- Security Correlation Then and Now: A Sad Truth AboutΒ SIEM
- Can We Have βDetection asΒ Codeβ?
- Revisiting the Visibility Triad for 2020 (update for 2025 isΒ here!)
- Detection Engineering is Painfulβββand It Shouldnβt Be (PartΒ 1)
- Beware: Clown-grade SOCs StillΒ Abound
- Why is Threat Detection Hard?
- A SOC Tried To Detect Threats in the CloudΒ β¦ You Wonβt Believe What HappenedΒ Next
- Anton and The Great XDR Debate, PartΒ 1
- Log Centralization: The End IsΒ Nigh?
Top 5 posts with paper announcements:
- New Paper: βFuture of the SOC: SOC PeopleβββSkills, Not Tiersβ (paper 2 of theΒ series)
- New Paper: βFuture of the SOC: Evolution or OptimizationβββChoose Your Pathβ (Paper 4 of 4.5) (one more paper coming later in 2026Β β¦ we are researching now!)
- New Paper: βFuture of the SOC: Forces shaping modern security operationsβ
- New Paper: βFuture Of The SOC: Process Consistency and Creativity: a Delicate Balanceβ (Paper 3 ofΒ 4)
- New Paper: βAutonomic Security Operationsβββ10X Transformation of the Security Operations Centerβ (the classic 2021 ASOΒ paper!)
- New Paper: βFuture of SOC: Transform the βHowββ (PaperΒ 5)
- New Paper: βSecuring AI: Similar or Different?β
- New Office of the CISO Paper: Organizing Security for Digital Transformationβ (paper)
- 10 ways to make cyber-physical systems more resilientβ (paper)
NEW: recent 3 fun posts, must-read:
- Simple to Ask: Is Your SOC AI Ready? Not Simple to Answer! (is your SOC AI-ready?)
- Shadow Agents: A New Era of Shadow AI Risk in the Enterprise (see you at RSAΒ 2026!)
- Decoupled SIEM: Where I Think We Are Now? (this is not overΒ yet!)
Top 7 Cloud Security Podcast by Google episodes (excluding the oldestΒ 3!):
- EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil (our best episode! officially!)
- EP47 βMegatrends, Macro-changes, Microservices, Oh My! Changes in 2022 and Beyond in Cloud Securityβ
- EP153 Kevin Mandia on Cloud Breaches: New Threat Actors, Old Mistakes, and Lessons forΒ All
- EP8 Zero Trust: Fast Forward from 2010 toΒ 2021
- EP109 How Google Does Vulnerability Management: The Not So SecretΒ Secrets!
- EP150 Taming the AI Beast: Threat Modeling for Modern AI Systems with GaryΒ McGraw
- EP17 Modern Threat Detection atΒ Google
(also see our NEW 2025 reflections blog about theΒ show)
Now, fun posts byΒ topic.
Security operations / detection & response:
- βSecurity Correlation Then and Now: A Sad Truth AboutΒ SIEMβ
- βMigrate Off That Old SIEM Already!β (VIDEO!)
- βMeasuring the SOC: What Counts and What Doesnβt in 2025?β (Google CloudΒ Blog)
- βCan We Have βDetection asΒ Codeβ?β
- βRevisiting the Visibility Triad for 2020β and βSOC Visibility Triad is Now A QuadβββSOC Visibility QuadΒ 2025β
- βBeware: Clown-grade SOCs StillΒ Aboundβ
- βWhy is Threat Detection Hard?β
- βA SOC Tried To Detect Threats in the CloudΒ β¦ You Wonβt Believe What HappenedΒ Nextβ
- βStop Trying to Take Humans Out of SOCΒ β¦ ExceptΒ β¦ Waitβ¦ Waitβ¦Β Waitβ¦β
- βTop 10 SIEM Log Sources in Real Life?β (NEWERΒ VERSION)
- βDebating SIEM in 2023, PartΒ 1β
- βDebating SIEM in 2023, PartΒ 2β
- βLog Centralization: The End IsΒ Nigh?β
- βLiving with MultipleΒ SIEMsβ
- βDecoupled SIEM: Brilliant orΒ Stupid?β
- βHow to Make Threat Detection Better?β
- βSIEM Content, False Positives and Engineering (Or Not) Securityβ
- βModern SecOps Masterclass: Now Available on Courseraβ
(if you only read one, choose thisΒ one!)
Cloud security:
- βSecure cloud. Insecure use. (And what you can do aboutΒ it)β
- βUsing Cloud SecurelyβββThe Config Doom Questionβ
- βWho Does What In Cloud Threat Detection?β
- βHow to Solve the Mystery of Cloud Defense inΒ Depth?β
- βDoes the World Need Cloud Detection and ResponseΒ (CDR)?β
- βUse Cloud Securely? What Does This EvenΒ Mean?!β
- βHow CISOs need to adapt their mental models for cloud securityβ [GCPΒ blog]
- βWho Does What In Cloud Threat Detection?β
- βCloud Migration SecurityΒ Woesβ
- βMove to Cloud: A Chance to Finally Transform Security?β
- βItβs a multicloud jungle out there. Hereβs how your security canΒ surviveβ
(if you only read one, choose thisΒ one!)
How Google Does SecurityΒ (HGD):
- βHow Google Does It: Making threat detection high-quality, scalable, and modernβ (Google CloudΒ blog)
- βHow Google Does It: How we secure our own cloudβ (Google CloudΒ blog)
- βHow Google Does It: Securing production services, servers, and workloadsβ
- βHow Google Does It: Finding, tracking, and fixing vulnerabilitiesβ (Google CloudΒ blog)
- βHow Google Does It: Collecting and analyzing cloud forensicsβ
- βHow Google Does It: Red teaming at scaleβ (Google CloudΒ blog)
- βHow Google Does It: Security programs at global scaleβ (Google CloudΒ blog)
(if you only read one, choose this one! BTW, we also have a lot of fun HGD podcasts)
AI security:
- βOur Security of AI Papers and Blogs Explainedβ (2024)
- βSecuring AI Supply Chain: Like Software, Only Notβ (Google CloudΒ blog)
- βSpotlighting βshadow AIβ: How to protect against risky AI practicesβ (Google CloudΒ blog)
- βShadow AI Strikes Back: Enterprise AI Absent Oversight in the Age of GenΒ AIβ
- βNo Deep AI Security Secrets In ThisΒ Post!β
- βCloud CISO Perspectives: How Google secures AIΒ Agentsβ
- βNew Paper: βSecuring AI: Similar or Different?β
- βThe Prompt: What to think about when youβre thinking about securing AIβ (Google CloudΒ blog)
- βGen AI governance: 10 tips to level up your AI programβ (Google CloudΒ blog)
- βAI Adoption: Learning from the Cloudβs Early Daysβ (Google Community blog)
- βHow Google secures AI Agentsβ (Google CloudΒ blog)
- βDemystifying AI Security: New Paper on Real-World SAIF Applicationsβ
- βTo securely build AI on Google Cloud, follow these best practicesβ (Google CloudΒ blog)
- βOops! 5 serious gen AI security mistakes to avoidβ (Google CloudΒ blog)
- β3 new ways to use AI as your security sidekickβ (Google CloudΒ blog)
- βShadow Agents: A New Era of Shadow AI Risk in the Enterpriseβ (Google Cloud Community blog)
(if you only read one, choose thisΒ one!)
Fun presentations shared (nothing much newΒ here):
- SecureWorld 2025 Keynote DΓ©jΓ Vu All Over Again: Learning from Cloudβs Early Misadventures to Secure AIΒ (2025)
- Detection Engineering MaturityβββHelping SIEMs Find Their Adulting SkillsΒ (2024)
- Future of SOC: More Security, Less Operations (2024)
- SOC Meets Cloud: What Breaks, What Changes, What to Do?Β (2023)
- Meet the Ghost of SecOps FutureΒ (2023)
- The Future of Log Centralization for SIEMs and DFIRβββIs the End Nigh?Β (2023)
- 20 Years of SIEMΒ (2022)
Enjoy!
Previous posts in thisΒ series:
- Antonβs Security Blog Quarterly Q3Β 2025
- Antonβs Security Blog Quarterly Q2Β 2025
- Antonβs Security Blog Quarterly Q1Β 2025
- Antonβs Security Blog Quarterly Q4Β 2024
- Antonβs Security Blog Quarterly Q3Β 2024
- Antonβs Security Blog Quarterly Q2Β 2024
- Antonβs Security Blog Quarterly Q1 2024Β Lite
- Antonβs Security Blog Quarterly Q3Β 2023
- Antonβs Security Blog Quarterly Q2Β 2023
- Antonβs Security Blog Quarterly Q1Β 2023
- Antonβs Security Blog Quarterly Q4Β 2022
- Antonβs Security Blog Quarterly Q3Β 2022
- Antonβs Security Blog Quarterly Q2Β 2022
- Antonβs Security Blog Quarterly Q1Β 2022
- Antonβs Security Blog Quarterly Q4Β 2021
- Antonβs Security Blog Quarterly Q3Β 2021
- Antonβs Security Blog Quarterly Q2Β 2021
- Antonβs Security Blog Quarterly Q1Β 2021
- Antonβs Security Blog Quarterly Q3.5Β 2020
Antonβs Security Blog Quarterly Q4 2025 was originally published in Anton on Security on Medium, where people are continuing the conversation by highlighting and responding to this story.
