The debate over whether AI will replace security analysts misses the bigger picture -- and Monzy Merza, Co-Founder and CEO of Crogl, makes a compelling case for why there will actually be more security engineers in the years ahead, not fewer. In this Brand Spotlight ahead of RSAC 2026, Merza unpacks how Crogl is building an AI SOC system designed to amplify human practitioners, eliminate the constraints of data normalization, and let organizations run investigations on their own terms -- across any data lake, any language model, and any footprint.
Monzy Merza, Co-Founder and CEO of Crogl, sat down with Sean Martin and Marco Ciappelli ahead of RSAC Conference 2026 with a position that cuts against the prevailing AI narrative: there will be more security engineers next year than there are today, not fewer. His reasoning draws on how automation has always worked. The phone contact list eliminated the need to memorize numbers -- and people communicated with far more people as a result. AI in security will expand the surface area practitioners must handle, not shrink the need for them.
Crogl was founded in 2023 to make every security practitioner as effective as their entire team. What sets Crogl apart is a refusal to require data normalization before the product becomes useful. Instead, Crogl builds a semantic knowledge graph across an organization's existing data lakes, SIEMs, and SOAR platforms -- however many there are -- so analysts can investigate alerts and threat hunt across their real environment, not an idealized version of it.
Monzy Merza applies the same logic to language models as to data: if different data stores serve different purposes, why accept a single LLM for every security scenario? Crogl lets organizations choose their model, swap as needs evolve, and deploy on any footprint -- including fully air-gapped environments. For government agencies, energy utilities, and manufacturers, that is not a feature. It is a deployment prerequisite.
Financial services leaders across 15 conversations in New York told Merza the same thing unprompted: Crogl's investment in an enterprise semantic knowledge graph is what they see as genuinely correct. Their argument: you cannot solve enterprise security operations with AI without knowing where data lives without transforming it. These were practitioners speaking, not vendors.
The week before RSAC Conference, Crogl hosted the first AI SOC Summit near Washington, DC -- no NDAs, no directed demos. Attendees brought their own laptops, got access tokens, and used Crogl on their own problems, completely unattended. The booth at RSAC Conference will work the same way: walk up, run real scenarios, no one driving the demo. The head of AI, UX designer, and chief architect will all be on the floor to listen and be challenged.
Organizations building AI security strategy around eliminating people are making a bet history does not support. The smarter path -- and the one Crogl is built around -- is enabling practitioners with tools that meet them where they are, on the data they have, with the models they trust, in the environments they control.
This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight
GUEST
Monzy Merza, Co-Founder and CEO, Crogl
On LinkedIn: https://www.linkedin.com/in/monzymerza/
RESOURCES
Crogl: https://www.crogl.com
AI SOC Summit: https://www.aisocsummit.com/
RSAC Conference 2026 Coverage on ITSPmagazine: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage
Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight
KEYWORDS
Monzy Merza, Crogl, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, AI SOC, security operations center, autonomous alert investigation, enterprise semantic knowledge graph, AI security tools, SOC automation, security analyst, threat hunting, data normalization, large language models, agentic AI, RSAC 2026, RSAC Conference
The AI SOC Analyst Is Already Here -- Are You Ready to Rethink the Role of Your Security Team? | A Brand Spotlight at RSAC 2026 with Monzy Merza, Co-Founder and CEO of Crogl
00:00:10
Sean Martin: Marco.
00:00:11
Marco Ciappelli: Sean?
00:00:12
Sean Martin: Think of RSAC Conference with zero security analysts -- because we fired them all. Because of all the AI that the vendors brought in and replaced all the rules.
00:00:25
Marco Ciappelli: Yeah. I'm expecting only computers on the floor at the expo. I don't even want to talk to people anymore.
00:00:31
Sean Martin: I'm expecting computers walking around with bags, grabbing all the swag because that's all they're there for.
00:00:37
Marco Ciappelli: Grabbing floppy discs -- old school vintage. That'd be kind of fun, actually. I'll be up for that.
00:00:44
Sean Martin: Yeah. All the talk is how we're going to save time for the analysts, but then take that initial job away from them and give it somewhere else. I have certain views on that, and I know our guest has a certain view on that as well.
00:01:06
Sean Martin: Monzy Merza from Crogl -- how are you, my friend?
00:01:06
Monzy Merza: I am well. Good to see you guys.
00:01:08
Sean Martin: Good to see you. We're all making our way to San Francisco. The journey to RSAC Conference -- should be another good year.
00:01:23
Monzy Merza: Yeah, I'm really looking forward to it. It has been an exciting year in cyberspace. Lots has happened and I'm looking forward to seeing what happens at RSAC Conference.
00:01:34
Sean Martin: It's a good place to see what's going on and have the important conversations that matter. So Monzy, hopefully folks have heard some of our chats with you talking about all the cool stuff you're doing at Crogl. But for folks who haven't heard of you or Crogl yet, maybe a few words about where you started, how you came up with the idea for Crogl, and what's going on.
00:02:02
Monzy Merza: Yeah. We started Crogl in 2023 with a very ambitious aspiration -- we wanted to make, and still want to make, every security practitioner as effective as their entire team. It's a remarkable proposition. But we don't say that with naivety. I've been in this space for many years -- at the weapons labs, at Splunk, at Databricks -- so we appreciate how difficult that is, but we also appreciate how important that is. That's why we created Crogl.
00:02:40
Monzy Merza: Crogl is an AI SOC system that allows our customers to investigate alerts, threat hunt, and document all of their work automatically -- and to do that in a secure and governable platform that doesn't require data normalization, that uses the language model the customer wants to use, on the footprint where the customer wants to deploy it.
00:03:10
Monzy Merza: We are very fortunate to have earned as customers companies like energy utility companies, and an agency out of a government department. They're using Crogl for thousands and thousands of alerts, across six or seven or eight data lakes. One of our customers has three SIEMs and two SOAR platforms. It's been an amazing journey to continue to serve this community.
00:03:40
Sean Martin: Yeah, I love it. What I heard there is you enable the customer to do what they want, on the footprint that they want -- which to me says you're helping them with the tools and the data and the services, all on their platform. You're not replacing what they're doing. I want to dig into that a little bit.
00:04:12
Monzy Merza: We just started -- do you want to start the controversy already?
00:04:15
Sean Martin: I think we start off with a bang, my friend.
00:04:18
Marco Ciappelli: He has an agenda, you know?
00:04:20
Sean Martin: I've had a lot of conversations, and it seems to be ramping up -- this idea that we can eliminate a lot of the tasks. I think there are some things we can help with, but to suggest we're going to take over the role with technology -- I think that's up for debate. Some companies are trying to do it. I don't know what they're losing when they do. What are your thoughts?
00:04:55
Monzy Merza: In my mind, there is no debate here. I believe very strongly, looking at what's happening in the cybersecurity space right now -- from the threat perspective, from the technology perspective, from the business perspective -- there will be more security engineers next year than there are today.
00:05:20
Monzy Merza: We are at the inflection point of a completely net-new terrain that none of us has seen. Think about this: if we go back 15 years and I told you you're going to get 300 alerts a day from your cloud platform, you'd look at me and laugh. And now we live in that world. Similarly with AI, we're going to see the same thing.
00:05:50
Monzy Merza: Here's another example -- completely non-cyber related. When I was a young kid, parents would often test the intelligence of their children based on how many phone numbers they could remember. We'd remember uncles, grandparents, friends from school. We don't remember phone numbers anymore. But do we send more text messages and communicate with more people today than when we remembered phone numbers? Yes -- by an order of magnitude.
00:06:20
Monzy Merza: The automation and the machine accelerated our volume and velocity of communication. The same thing is going to happen here. The inclusion of AI in business -- and the inclusion of AI from a threat actor's point of view -- is going to create more opportunities and more requirements for security practitioners. That's one major reason why I say we're going to have more security engineers. They might not be doing the same jobs they do today, but there will be more of them because they're going to be doing other things.
00:07:09
Marco Ciappelli: You know what's interesting -- even getting away from cybersecurity specifically and thinking about technology in general -- one of the things we often see is that the predictions don't necessarily become true because people take technology and use it in a different way than what we expected. And I think the biggest problem a company could have is simply being unable to adopt a product as it evolves with society and technology. So where I want to go with this is: how is Crogl adapting to these changes?
00:08:03
Monzy Merza: I think that's the difference between an entrepreneur who just wants to create a company versus a group of people -- the whole team at Crogl, both developers and practitioners -- who've always served the community and are really focused on the mission, not just on the widget they're building.
00:08:20
Monzy Merza: As the mission evolves, the builders and the people who serve that mission need to change and evolve. This morning it was 42 degrees outside, so I had a jacket. It's not that weather anymore, so I changed. That doesn't make me a hypocrite -- it makes me intelligent, because I'm acting in the environment that best suits the objectives.
00:08:45
Monzy Merza: For us, we made some hard choices that were mission-oriented and not entrepreneurial. One of the big ones was that we're going to build a system that is completely self-contained so that it can be deployed in the most critical environments in the world -- government environments, yes, but also electric utility companies, financial services organizations, manufacturing plants. These are the places that come to a halt when there is a ransomware attack or a fast-moving agentic system attacking you because you have old technology.
00:09:15
Monzy Merza: For the longest time, we didn't even put AI on our website because it's a means to an end. Some of the folks building the Crogl product have been working with AI for 15 years. It wasn't large language models, but we've been doing machine learning work. There are patents that people can go look up for the Crogl team on the work we've been doing for many, many years in different organizations.
00:10:10
Monzy Merza: The key word here, Marco -- to your point -- is that it's focused on the mission. And therefore you evolve. Here's another example from a product point of view. When you do security analysis, you look at data across multiple data lakes. Everybody does that. Nobody's data is sitting in one place. So why not build a product that doesn't care about data normalization? Just accept that that's the reality. Stop telling people: before this amazing thing works for you, you should normalize your data. That's a remarkable proposition. So we chose to take on that problem as a product.
00:11:10
Monzy Merza: Here's another example. You have data in multiple places -- S3 buckets, Splunk, Databricks, whatever you use. Well, then why are you not adopting that same thought process when it comes to large language models? Different models are good for different things. Why do you want to live in a world where you buy a security product that is married and bolted and welded to a single language model? You should be able to use whatever you want. You should be able to change whenever you want. It's a hard problem to solve, but a problem worthy of solving if you're mission oriented. We are mission oriented and we solve that problem for the community so they can choose their own adventure.
00:11:55
Monzy Merza: The other piece of this is really prioritizing the human analyst, the human practitioner, the human leader -- saying it's their business, they know it best, they will get the outcomes. Our job as product builders is to enable and empower them to do what they want to do faster, better, cheaper, smarter. It's not our job to go tell them that the sky is pink. That's their call. We just want to be there when they want to do the work.
00:12:53
Sean Martin: I want to get to the booth part -- where I know you'll have some systems up and running, and you'll give folks a chance to run through their own scenarios. A demo that's not pre-canned, where they can actually put their hands on it. We'll talk about that. But before folks get to that, let's look at the program first. I want to understand from you what some of the conversations sound like -- where organizations may be focusing on the right thing. They have their own view of what their mission is, likely tied to constraints with their own budgets, the tech they've deployed, the data where it lives, as you're describing, legacy apps or systems that are air-gapped. They think they have the mission in mind, but the priorities or the plan are out of whack because they're constraining themselves. So where do organizations think they're on the right track, have a conversation with you, and realize they have a different path that's much easier and faster because they didn't think about certain things in this way?
00:14:38
Monzy Merza: Yeah, I think it changes the kinds of questions. It takes a little bit of a preamble. I'll give you an example from this morning. I had a call with a very sophisticated, world-class cybersecurity team at one of the government agencies. The conversation started with the usual testing that anybody should do of a vendor. But once they realized how we were building and how we were thinking about the problem, the conversation completely shifted. It went from 'how do you manage model hallucinations' to very quickly: 'in moment X I want to use this model, and in moment Y I want to use that model because I have a mission need.' It went from a discussion of me trying to convince them of how they should operate, to them telling me how they actually operate.
00:15:30
Monzy Merza: And it shifts the conversation when you're focused on the customer's outcomes and when you're genuinely curious because you're going in there to serve. Now, I was in New York a couple of weeks ago and I talked to 15 leaders from different organizations, primarily financial services, around security and around agentic AI and their security operations. The number one thing they said that they believe Crogl is doing correctly -- and these are not my words, these are their words -- is that we are spending and investing a lot of energy in building an enterprise semantic technology graph so that we know where the data is without transforming it and mapping it to use cases.
00:16:15
Monzy Merza: And every single one of them who answered that question said: because we believe that everyone is looking for an easy button with AI. We've been working on these problems for many, many years. You cannot solve this problem without having an enterprise semantic knowledge graph. You can't do it. So anyone who's not talking about this either doesn't understand it, or has just built something and is just saying stuff to get some points.
00:17:10
Monzy Merza: I think the conversation has to shift a little bit -- from buzzword bingo to the actual operating task of what people want. When we can get to that level of conversation, it becomes very practical and very useful for everyone. It's very enriching for us as well. We're product builders, but we're not here just to go say stuff. We want to learn. We want to build the things that will serve the operators out there.
00:17:35
Monzy Merza: I want to comment quickly on putting things in people's hands. I don't know how many agentic AI SOC companies have done this -- at least I haven't heard of anyone having done it. Last week we held the first AI SOC Summit near DC in Tysons Corner. We didn't have anybody sign an NDA, we didn't have anybody monitored in terms of what they're doing. People brought their own laptops in. We gave them access to Crogl. We gave them tokens and they used the product to solve their problems -- completely unattended, completely unmediated, completely undirected. That is our level of commitment and service and mission orientation: put it in the hands of the people and let them decide.
00:18:40
Monzy Merza: And we're going to do the same thing at RSA. People can come in and we don't have to drive the demos. These are security practitioners. They know their work. They don't need me to tell them what to click. These people solve very sophisticated problems.
00:19:05
Marco Ciappelli: Let's finish the time that we have now with what people can do at the booth -- which you've already touched on. And I'm a bit of a contrarian when it comes to branding and marketing and how the cybersecurity world is presenting solutions. The easy button, to put on the bingo card again, as you mentioned. The reality is that CISOs are having a different conversation when they're not on the expo floor. Maybe they don't even go on the expo floor. They talk among themselves. If they want a real conversation, it's not driven by sales or a pre-scripted presentation of what you do -- it's really about where this industry is going with this new technology. I'm understanding that coming to your booth is the way to have those conversations.
00:20:07
Monzy Merza: I'm willing to wager that we are one of a very, very small number of companies that are going to have their head of AI, their UX designer, and their chief backend engineer and chief architect on that show floor -- because we are there to have the conversation. We're there to learn, and share, and be challenged, and be of service. And that's our goal.
00:20:30
Monzy Merza: I invite any number of people who are going to be there -- regardless of what you do, even if you work for a competitor -- just come. If you want to brainstorm ideas. I did a talk on this topic last year at Black Hat to show other people how to build an AI SOC agent. Because it's so critical that we have these open conversations right now. This is why we hosted the AI SOC Summit and invited all sorts of other people who have products that compete with Crogl. It doesn't matter. That's not what it's about. We have to have this open conversation about what's working and what's not working and how to do it. The only way to do it is to talk it over, drive it, and see it for yourself.
00:21:19
Sean Martin: I think you summed it up. You're not there to tell somebody what to do. You're there to listen to what they do and learn from that. Far too often booths are: here's the new feature, here's the new product, here's the new report -- and here's how it might fit into your organization. It sounds like -- and I saw it when we were at Black Hat and RSA -- you can get in and have a real conversation. So I'm going to encourage everybody to find you and the rest of the Crogl team -- the head of AI, the head of UX, the head of dev -- and have those conversations.
00:22:00
Sean Martin: See what's necessary to bring that SOC to the next level and to take advantage of the smart people you have. And that kind of circles back to the contrarian point, right? If your whole program is about getting rid of people and replacing them with tech, you might find yourself in a situation in a year or so that you're not happy with, and you'll be looking for those folks again. Rather, enable them with the right tools and map those tools to the business. You'd be in much better shape. Good stuff, Monzy. It's always good chatting with you. Somehow we made it through this entire recorded conversation without mentioning food.
00:22:41
Monzy Merza: Yes, and that's --
00:22:42
Sean Martin: I'm just going to say Brunello. I owe you that. We'll make that happen at some point, my friend.
00:22:50
Monzy Merza: Very cool. Well, it's always a pleasure talking to you, Sean and Marco.
00:22:53
Marco Ciappelli: We'll see you real soon for another conversation right there on the floor at Moscone Center. Good to see you virtually, and looking forward to seeing you in person soon.
00:23:05
Monzy Merza: Yeah, and I'm looking forward to seeing everybody watching this at RSAC Conference.
00:23:09
Sean Martin: Stay tuned. We're going to get into more of the contrarian discussion. I know you have a lot of scenarios and conversation points that we didn't get to today. So we're going to do that when we're on location there. Stay tuned for all of our coverage from RSAC Conference on ITSPmagazine.com. Thanks everybody. Talk to you soon.