AI in the SOC: Interview with Hayden Covington and Ethan Robish from the BHIS SOC | Episode 40
AI in the SOC: Interview with Hayden Covington and Ethan Robish from the BHIS SOC | Episode 40
In this episode of BHIS Presents: AI Security Ops, we sit down with Hayden Covington and Ethan Robish from the BHIS Security Operations Center (SOC) to explore how AI is actually being used in modern defensive operations.
From foundational machine learning techniques like statistical baselining and clustering to large language models assisting with alert triage and reporting, we dig into what works, what doesn’t, and what SOC teams should realistically expect from AI today.
We break down:
- How AI helps reduce alert fatigue and improve triage
- Practical automation inside a real-world SOC
- The difference between traditional ML approaches and LLM-powered workflows
- Foundational techniques like K-means, anomaly detection, and behavioral baselining
- Using LLMs for enrichment, investigation, and report drafting
- Where AI struggles: hallucinations, inconsistency, and edge cases
- Risks around over-trusting AI in security operations
- How to responsibly integrate AI into analyst workflows
This episode is grounded in real operational experience—not vendor demos. If you’re running a SOC, building AI tooling, or just trying to separate hype from reality, this conversation will help you think clearly about augmentation vs. automation in defensive security.
Click here to watch this episode on YouTube.
Brought to you by:
In this episode of BHIS Presents: AI Security Ops, we sit down with Hayden Covington and Ethan Robish from the BHIS Security Operations Center (SOC) to explore how AI is actually being used in modern defensive operations.
From foundational machine learning techniques like statistical baselining and clustering to large language models assisting with alert triage and reporting, we dig into what works, what doesn’t, and what SOC teams should realistically expect from AI today.
We break down:
- How AI helps reduce alert fatigue and improve triage
- Practical automation inside a real-world SOC
- The difference between traditional ML approaches and LLM-powered workflows
- Foundational techniques like K-means, anomaly detection, and behavioral baselining
- Using LLMs for enrichment, investigation, and report drafting
- Where AI struggles: hallucinations, inconsistency, and edge cases
- Risks around over-trusting AI in security operations
- How to responsibly integrate AI into analyst workflows
This episode is grounded in real operational experience—not vendor demos. If you’re running a SOC, building AI tooling, or just trying to separate hype from reality, this conversation will help you think clearly about augmentation vs. automation in defensive security.
- (00:00) - Intro & Guest Introductions
- (04:44) - Alert Triage & SOC Pain Points
- (06:04) - Automation Inside the SOC
- (09:59) - “Boring AI”: Clustering, Baselining & Statistics
- (17:06) - AI-Assisted Reporting & Client Communication
- (18:34) - Limitations, Edge Cases & Model Risk
- (22:56) - Hallucinations & Inconsistent Outputs
- (25:04) - AI Demos vs. Real-World Security Work
- (28:35) - Final Thoughts & Closing
Click here to watch this episode on YouTube.
Brought to you by:
Black Hills Information Security
Antisyphon Training
Active Countermeasures
Wild West Hackin Fest
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
https://poweredbybhis.com
https://poweredbybhis.com
Creators and Guests
Host
Brian Fehrman
Brian Fehrman is a long-time BHIS Security Researcher and Consultant with extensive academic credentials and industry certifications who specializes in AI, hardware hacking, and red teaming, and outside of work is an avid Brazilian Jiu-Jitsu practitioner, big-game hunter, and home-improvement enthusiast.
Host
Bronwen Aker
Bronwen Aker is a BHIS Technical Editor who joined full-time in 2022 after years of contract work, bringing decades of web development and technical training experience to her roles in editing pentest reports, enhancing QA/QC processes, and improving public websites, and who enjoys sci-fi/fantasy, Animal Crossing, and dogs outside of work.
Host
Derek Banks
Derek is a BHIS Security Consultant, Penetration Tester, and Red Teamer with advanced degrees, industry certifications, and broad experience across forensics, incident response, monitoring, and offensive security, who enjoys learning from colleagues, helping clients improve their security, and spending his free time with family, fitness, and playing bass guitar.
Guest
Ethan Robish
Ethan Robish has worked with Black Hills Information Security (BHIS) since 2008 — first as an intern and then as a full-time Security Consultant starting in 2012. In his current role as a Threat Hunter, Ethan is involved with customer engagement, research, working with Active Countermeasures’ AC-Hunter, as well as improving BHIS HTOC and SOC offerings. Previously, he implemented defensive security solutions for the Exchange Online security team as a Microsoft intern. While in college, he competed in the International Collegiate Programming Competition (ICPC) World Finals. In his time off, he enjoys cooking, playing the piano, and reading fantasy novels.
Guest
Hayden Covington
Hayden Covington joined Black Hills Information Security (BHIS) in the Summer of 2022 as a SOC Analyst. He chose BHIS after hearing many great things over the years and seeing the quality of work, as well as finding people who have the same passion for the field as he does. His favorite part of the job so far has been the community. Previously, Hayden worked in a SOC for a Naval contractor, where he also served as their SOAR project manager and SME, as well as insider threat lead. When he’s not working, Hayden can be found doing anything athletic (like triathlons!), as well as enjoying video gaming and Formula 1.