In the latest episode of Detection at Scale, I sat down with Mike Vetri, Director of Security Operations at Veeva Systems. With a 10.5-year background in the Air Force working in cyber and intelligence operations, Mike brings a military perspective to cybersecurity. His experience spans both the analytical world of threat intelligence and the operational demands of running a modern SOC, positioning him to discuss the intersection of leadership, technology, and threat landscape.

Our conversation explores Mike’s research into cyber leadership qualities and his framework for prioritizing security efforts, which he calls the C3 Matrix. Mike’s perspective on the psychological evolution of cyber threats, from clandestine network attacks to AI-powered assaults on human judgment, challenges conventional approaches. His emphasis on emotional intelligence as a critical leadership trait, backed by Harvard Business Review research showing a 20% impact on revenue goals, provides a data-driven framework for building effective security teams. Mike’s practical experience implementing AI-powered tools in his SOC, combined with his analytical approach to threat operations and deception capabilities, offers concrete guidance for practitioners navigating the transition to AI-enhanced security programs.

Topics Covered

• The Essential Qualities of Cyber Leaders: Mike’s research across 100 sources revealed that 60% prioritize effective communication and 59% value emotional intelligence in security leaders, with Harvard Business Review data showing these traits correlate to a 20% difference in meeting annual revenue goals.

• The C3 Matrix for Security Prioritization: A three-tier framework categorizing assets into Centers of Gravity (compromise means cigars time), Crown Jewels (requires SEC 8K filing but recoverable), and Capability Enablers (supports mission but transparent to customers), helping teams focus security controls where they matter most.

• The Seven Ds of Security: Beyond the passive “discover and detect,” Mike outlines deny, disrupt, degrade, destroy, and deceive as active counter-adversary measures, with deception operations providing the most accurate and actionable threat intelligence.

• Threat Intelligence vs. Threat Operations: Why every SOC needs a dedicated threat operations team that goes beyond consuming external reports to operationalizing intelligence, conducting deception operations, and providing strategic guidance to leadership—a fundamentally different skillset from blue team operations.

• The Psychological Evolution of Threats: How attacks have progressed from technical viruses to phishing to ransomware, and now to AI-powered attacks targeting human judgment and decision-making, with adversaries openly challenging defenders to distinguish reality from fabrication.

• AI as Both Force Multiplier and New Attack Vector: Mike’s practical experience shows AI dramatically reduces investigation time by aggregating data across tools, but also introduces new risks through prompt injection, AI poisoning attacks like the Minja attack, and the potential for AI-based malware that learns network behavior before striking.

• The Bloom’s Taxonomy Limitation: Why AI currently stops at step four of Bloom’s educational model—knowledge, comprehension, application, and analysis—but struggles with evaluation and creation, meaning human analysts remain essential for validation and critical thinking.

• Defense in Personnel: Beyond defense in depth for technology, organizations need multiple people trained on each capability to prevent single points of failure, with cross-functional training programs enabling teams to handle unexpected scenarios.

• Preventing Analyst Burnout: How AI tools help reduce the manual effort of pivoting between multiple security tools during investigations, enabling faster incident resolution and more sustainable work practices for security teams.

The transformation Mike describes mirrors Panther's AI-powered capabilities—automating the time-consuming work of correlating data across multiple sources while maintaining human expertise for strategic decisions and validation. By reducing the manual burden of log analysis and tool-hopping, security teams can focus on the threat modeling, leadership, and cultural aspects that Mike emphasized as critical for long-term success. Learn more about Panther AI and how we're building tools that amplify human expertise rather than replace it.