Client Perspectives
What SOC Teams Say
About Working with Us
These are notes from people who have engaged us — on what the work looked like, what was useful, and what they would do differently.
Back to HomeClient Reviews
Perspectives from SOC Operations Leaders
Hairul Nizam
SOC Manager · Klang Valley
The Reading Review was not what I expected — in a good way. I went in thinking it would be a sales presentation dressed as a review. Instead, they actually read our ticket histories and came back with observations that were clearly specific to our environment. The brief they produced is something I could put in front of my CISO without editing.
Reading Review · April 2025
Siti Norhaida Taib
CISO · Financial Services, KL
What sold me on the Drafting Pilot was the usage policy they produced before integration. It was written clearly enough that I could hand it to our legal team and our DPO without a lengthy explanation session. The read-only architecture was non-negotiable for us given BNM-RMiT, and Lumina understood that without needing it explained.
Drafting Pilot · March 2025
Raj Kumar
Senior Analyst · Telco SOC, Selangor
The fortnightly walkthroughs during the supervised period were genuinely useful. I came in a bit sceptical — I've seen AI tools in demos that looked useful and fell apart in real use. The six-week period gave us time to identify two edge cases where the drafts needed manual review guidance, and the Lumina team incorporated that feedback without pushback. It's a better fit for our environment now than it was at the start.
Drafting Pilot · February 2025
Faizal Azmi
Head of Cyber Risk · Banking, Penang
We've been in the Quarterly Stewardship arrangement for two quarters. The CISO brief format took a little adjustment after the first quarter — I wanted slightly different framing for the board audience. They updated it without complaint and the second brief was much easier to slot into our risk committee pack. The annual summary is coming up, and I'm confident it will be usable as written.
Quarterly Stewardship · Ongoing
Lim Mei Xuan
IT Risk Manager · Infrastructure, KL
I appreciated that after the Reading Review, their recommendation was to wait rather than proceed immediately. We had some internal change management work to do first. That kind of honesty is not what I expected from an advisory provider. We came back four months later and started the Drafting Pilot, and the timing was much better.
Reading Review + Drafting Pilot · Jan–Apr 2025
Ahmad Haziq
SOC Team Lead · Cyberjaya
The analyst training sessions were well-pitched — not too basic, not technical in a way that felt removed from daily work. My two analysts came out with a clear picture of what the AI assist does, what to watch for in its outputs, and how to raise a concern during the supervised period. That context made the difference in how quickly they got comfortable using the drafts.
Drafting Pilot · March 2025
Case Studies
Three Engagement Journeys in Detail
Case Study · Financial Institution · Kuala Lumpur
Challenge
A mid-sized bank's SOC team was spending approximately 35–40% of shift time assembling ticket thread histories before writing stakeholder updates. During high-volume periods, this left less time for judgment-level triage decisions. The CISO wanted to understand whether AI summarisation could help, but needed documented regulatory alignment before any pilot could be approved internally.
What We Did
We began with a Reading Review — a two-session engagement that produced a written brief for the CISO, including specific observations about the ticket types where AI summarisation was likely to help and two ticket categories where we recommended keeping human-only drafting. The brief included a draft data-flow diagram and a BNM-RMiT alignment note. The Drafting Pilot followed three months later.
Outcomes
After the six-week supervised period, the team reported a reduction of roughly 25 minutes per analyst per shift on ticket history assembly for the four ticket types in scope. The usage policy passed internal compliance review without amendment. The CISO approved transition to Quarterly Stewardship.
"The brief was exactly what I needed to take to our audit committee." — CISO
Case Study · Telecommunications · Selangor
Challenge
A telecommunications company's SOC had already trialled a commercial AI tool that read tickets and surfaced suggestions. The trial ended after one analyst noted the tool had cross-referenced an active incident with a resolved one from a different system — and nearly surfaced the incorrect context to a stakeholder. The SOC manager needed an advisory team to diagnose what had gone wrong and scope a safer approach.
What We Did
We conducted a Reading Review focused specifically on the cross-reference failure mode. The written brief identified that the previous tool had read-write access — a key contributing factor — and that the prompt design had not excluded resolved incidents from the context window. We then designed a Drafting Pilot with explicit scope limitations addressing both issues, including a test set of known edge cases during the supervised period.
Outcomes
The supervised period ran without a repeat of the cross-reference issue across 1,800+ tickets processed. Two new edge cases were identified and incorporated into the usage policy. The team now uses the Drafting Pilot output in stakeholder update drafts, with analyst sign-off retained on all communications.
Case Study · Critical Infrastructure · Kuala Lumpur
Challenge
An organisation with NACSA-governed critical infrastructure obligations needed to produce a quarterly CISO report on their AI assist usage — but lacked an internal process for sampling outputs and documenting boundary compliance. The CISO's team had the AI in use but nothing to show auditors about how it was being governed.
What We Did
We designed and delivered a Quarterly Stewardship engagement. Each quarter, we sample 30–50 AI outputs from the previous period, audit against the agreed usage policy, note any boundary drift, and write a structured CISO brief. The brief format was reviewed by the client's DPO in the first quarter to confirm PDPA adequacy.
Outcomes
After three quarters, the Stewardship briefs have been used in two internal audits and referenced in one NACSA compliance submission. Minor prompt drift was identified in Q2 and corrected. The client's CISO has requested the annual board summary format for use in an upcoming risk committee meeting.
Track Record
In Numbers
4+
Years advising SOC teams in Malaysia
40+
Engagements completed across three sectors
4.8
Average client satisfaction rating (out of 5)
100%
Deliverables with written compliance documentation
Reach Us
Phone
+60 17 815 4296Address
Suite 16-2, Menara Sapura Energy, KL
Hours
Mon–Fri 9:00–18:00 MYT
Join Them
Have a Conversation with Our Team
The Reading Review is the most common starting point. It costs RM 1,310, takes a few sessions, and produces a written opinion that is yours to use as you see fit.
Get in Touch