Research Study · 2026
What's working, what's broken, and where security leaders are placing their bets for 2026.
We're interviewing 30 Fortune 2000 security leaders on where security operations is actually heading in 2026 — alert load and capacity, the hiring and retention squeeze, and where AI genuinely earns its place versus where humans stay in the loop. A 30-minute, peer-level conversation. Your insights, synthesized into one published report.
30-minute conversation · $500 honorarium · Anonymous option available · No sales pitch
I. Context
Alert volume keeps climbing. Hiring budgets haven't kept pace. Analyst burnout is at record levels — Gartner reports SOC analyst turnover hovers near 25% annually, and (ISC)2 puts the global cybersecurity workforce gap at 3.4 million. Most CISOs we talk to describe the same compounding equation: more to detect, fewer to detect it, and the people who can are leaving.
AI and automation have started to reshape what humans should focus on — but most org charts haven't caught up. The L1/L2/L3 analyst stack that most SOCs were built on no longer matches how the work actually flows. Senior analysts are doing L1 triage, juniors are doing tasks the seniors don't trust, and AI is doing the parts everyone agrees are repetitive.
This study captures what's actually being scoped and funded for 2026 — not what's aspirational, not what vendors are pitching. 30 interviews with senior security leaders running these decisions in real time, synthesized into a single published report.
II. What You Get
Recognition for your 30 minutes — taken however fits your company's policies: a gift card, an honorarium invoiced through your AP process, or a donation to a charity of your choice.
Meridian Intelligence is the private intelligence network where senior leaders see what their peers are actually doing — anonymized, structured, ahead of public release. Members receive synthesized findings from active Meridian studies before reports go public, peer benchmarks on specific decisions (budget allocation, team structure, vendor evaluation), and access to the network of senior contributors. Study contributors join as founding members with permanent founding-member status as the network expands.
A closed-door virtual roundtable at the end of the study where contributors share findings live and trade notes on what's actually working in the field. Invite-only, contributors only.
30-minute conversation · $500 honorarium · Anonymous option available · No sales pitch
III. The Conversation
Each interview is 30 minutes, structured around three areas:
The pace, the pressure, where time goes, where you'd most want to give your team capacity back. Hiring and retention reality — what's worked, what hasn't moved the needle.
Where the L1/L2/L3 stack is breaking down. What humans should focus on versus what gets automated or AI-assisted. Where you see the line being drawn.
The changes you're contemplating in the next 2-3 quarters. What's actually scoped and funded versus more aspirational. What's pushing the timing — a vacancy you can't fill, an MSSP renewal, budget cycle, audit pressure.
WHO SHOULD PARTICIPATE
This study is built for security leaders in or adjacent to security operations — whether you run the SOC, oversee it, or shape the strategy and budget around it. If you've got a vantage point on how detection and response is evolving, your perspective is valuable.
Heads of SecOps, SOC Managers and Directors, Detection & Response leaders
Leaders setting direction for the security function
Detection Engineering, Incident Response, Threat Hunting
Architecture, Governance & Risk, and Security Engineering leaders with a view into operations
Not sure you're the right fit? If security operations is anywhere in your world, you're who we want to hear from — and if someone on your team is closer to it, we'd value an introduction.
IV. About the Research
Meridian Advisory exists because the most useful intelligence in enterprise tech never makes it into public conversation. The conferences, the analyst reports, the vendor whitepapers — they capture the polished version. What's actually being scoped, funded, deprioritized, and quietly killed inside Fortune 2000 organizations rarely leaves the room.
Meridian runs structured peer-research conversations with senior leaders and turns those conversations into published reports your peers will actually read. Every Meridian study is built around the questions executives are already asking each other privately — sized to be useful in a quarterly planning meeting, not a marketing email.
If you've ever wished someone would just tell you what 29 other CISOs are actually doing about a specific problem — that's what we do.

Dropzone AI is the research partner sponsoring this study. They build autonomous AI SOC analysts — pre-trained agents that investigate Tier 1 security alerts end-to-end without playbooks, code, or human prompts. Backed by $37M in Series B funding from Theory Ventures, Madrona, and In-Q-Tel, with 100+ enterprise deployments including UiPath, Zapier, and CBTS. Featured in the Gartner Innovation Insight for AI SOC Agents.
They've sponsored this research because the SOC workforce question — what humans should be doing as AI capacity expands, how teams should be structured for the next era, what's actually being budgeted — is the question their customers are asking. They want a clear, peer-sourced view of what's changing, not a vendor narrative. They receive the same published report participants do, with no separate sales path tied to this study.
This study follows the Forrester TEI / IDC InfoBrief model: research is sponsored by a technology vendor but conducted independently. The interview is run by Meridian; Dropzone receives the same published report participants do.
V. Common Questions
Yes. By default, your name and company appear alongside your quotes in the published report. You can opt for anonymous participation — quoted as 'CISO, Fortune 500 financial services' rather than by name. We confirm your preferences before the interview.
No. This is a structured research conversation. We're collecting peer insights for a published report. There's no vendor demo, no follow-up sales call from Dropzone tied to this study. Dropzone receives the same published findings participants do.
30 minutes. Occasionally a few minutes longer if there's more to dig into. No commitment beyond that one conversation.
Within 60 days of the final interview. Participants receive the full report first, ahead of public release, alongside an invite to The SOC Council where findings are walked through live.
Dropzone is the research partner sponsoring this study. The model is similar to Forrester TEI or IDC InfoBrief — research is funded by a technology vendor but conducted independently. The interview itself is run by Meridian. Dropzone gets the same published report as participants do, with no separate sales path from this study.
Always welcome. Reply to the email Gary sent you with their name and email, or contact garyburns@themeridianadvisory.com directly, and we'll reach out.
VI. Privacy
Nothing you share in an interview is published, quoted, or attributed without your explicit written approval before publication. You'll review any direct quote tied to your name or company before it appears anywhere. If you've opted for anonymous participation, your name and company are removed from all materials shared internally with Dropzone AI and from the published report — you appear only by role and industry descriptor (e.g., 'CISO, Fortune 500 financial services'). We do not sell, share, or repurpose your interview content for any use beyond the published research report and the anonymized peer insights distributed through Meridian Intelligence to study contributors.
30 minutes. No commitment. A structured conversation about what's actually working in security operations in 2026.
Anonymous option available · garyburns@themeridianadvisory.com