In the Packet Forensic Files, Episode 64, Michael talks to Steve “Fink”, CTO and CISO at Secure Yeti
By Michael Morris, Director of Global Business Development, Endace
Building Next-Gen SOCs with AI, Automation, and Resilience
In this episode of The Packet Forensic Files, I’m joined by Steve “Fink” Fink, CTO and CISO at Secure Yeti, and the mastermind behind the Security Operations Centers (SOCs) and Networks Operations Centers (NOCs) that power some of the biggest cybersecurity events in the world, including Black Hat, RSA Conference, and Cisco Live.
With more than 26 years in cybersecurity, beginning with pen-testing the FBI, Fink has built and operated some of the most complex SOCs in the world. He shared his insights into what it takes to design resilient, scalable, and future-ready security environments.
It All Starts with the Packets
Fink believes that true visibility begins at the packet level:
“If you don’t have the context of your network, it’s almost impossible to conduct a valid investigation or build an effective response plan.”
By combining full packet capture with contextual data and up-to-date asset inventories, analysts gain the visibility necessary to detect and respond in real-time.
Automation, AI, and Resilience
At Secure Yeti, Fink has automated nearly every SOC function up to Tier 4 using agentic AI, handling over 97% of the workload. This automation enables scalability, consistency, and around-the-clock response, freeing human analysts to focus on higher-level investigations.
Resilience is also a core design principle. Fink ensures redundancy at every level, emphasizing that even if one component fails, “the whole thing shouldn’t descend into chaos.”
Collaboration and Interoperability
At events like Black Hat and RSA, Fink brings together traditionally competing vendors, from firewalls and SIEMs to XDR and packet capture platforms, to collaborate within a single SOC. That cooperation, he says, fuels product innovation and real-world interoperability.
At Endace, we share Fink’s philosophy that packets provide the ultimate source of truth for understanding what’s happening on the network and driving smarter, faster investigations.
Don’t miss this episode as Fink shares how operational excellence and AI-driven security are being redefined.
Other episodes in the Secure Networks video/audio podcast series are available here. Or listen to the podcast here or on your favorite podcast platform.