The “Win-Win-Win” at Black Hat Europe: Virgin Atlantic CISO Talks Torq

Torq’s mission at Black Hat Europe 2025 was simple: end the year with a bang.

Arriving in London fresh off a record-breaking Q3 in EMEA — hitting 185% of our quarterly target and expanding regional customer growth by 284% — the momentum was undeniable. But while the show floor was louder and the stakes higher than ever, one thing was obvious: security leaders weren’t looking for more claims. They were looking for proof.

Torq delivered exactly that. Having already validated the shift with global enterprise customers like Kyocera, Siemens, and Zara, we brought that proof to the main stage in a standing-room-only session featuring Virgin Atlantic CISO John White. While the swag flew off the shelves, the true draw was the agentic AI powering Torq HyperSOC™.

Here’s everything you missed — and everything people are still talking about.

Virgin Atlantic: Flying into the SOC of the Future

Virgin Atlantic’s CISO, John White, didn’t come to Torq looking for a slightly better tool. He came to rethink the SOC from the ground up.

“The world has changed,” White told the audience. “It’s an immovable wave coming our way.” Over the course of 18 months, Virgin Atlantic saw a rise in conceptual attacks and supply chain incidents that legacy tooling couldn’t keep up with. Trying to meet this surge with the same tools, same workflows, and same headcount was a recipe for failure.

Why Virgin Atlantic Chose Torq

Traditional SOAR tools were already ruled out. They demanded heavy coding, specialist skills, and long deployment cycles. Virgin Atlantic needed:

• A low-code/no-code platform any analyst could pick up
• Fast time to value in days, not quarters
• Vendor-agnostic integrations across SIEM, identity, endpoint, and cloud

Torq fit that profile. To prove it, the CISO handed a junior analyst a test: learn Torq and automate five use cases. In less than two weeks, that analyst went from skeptic to in-house automation specialist, turning roughly 40 hours of weekly manual work into fully automated workflows.

Automating During an Active Incident

The real test came during a live incident. With no extra budget, the CISO made the case to bring Torq in midyear — and deployed it while the team was actively managing an attack.

Because Torq worked out of the box, they could immediately automate the first set of Tier-1 tasks they had validated in proof of concept. Those workflows removed repetitive load during the incident, freeing analysts to focus on investigation, not busywork.

That move paid off twice: the team stayed ahead of the incident, and leadership saw clear evidence that Hyperautomation helped the “layer underneath” the SOC, rather than adding more overhead. “You can only do that if the solution works out of the box. Torq did,” said White.

The People Impact

The transformation reshaped the security team’s career paths:

• Analysts no longer burned time on repetitive checks
• Junior staff gained new skills and ownership through automation
• The SOC shifted from reactive triage to proactive investigation.

Other teams — privacy, GRC, and beyond — started asking how they could use Torq to automate their own processes. What began as a SOC initiative started to influence how the wider organization thought about operational efficiency.

“No one gets into security to be a Tier 1 analyst forever. Automation gives them a future.”

– John White, CISO, Virgin Atlantic

A Win for the SOC, the Business, and the Board

For Virgin Atlantic, Torq delivered three outcomes at once:

1. The SOC reduced manual toil and alert fatigue without adding headcount.
2. Analysts gained more meaningful, senior work instead of repetitive triage.
3. Leadership saw better use of existing resources and faster incident handling.

“Automation for me is one of those things that kind of ticks so many boxes. It’s a win for the organization, a win for the security team, a win for the staff. It’s a win-win-win.”

– John White, CISO, Virgin Atlantic

The Hottest Demo in Cybersecurity

If John White’s session explained the why, the Torq booth showed the how. The HyperSOC demo stopped attendees in their tracks at the conference. Security leaders crowded around to watch a full, agentic AI–driven investigation run end-to-end without human input.

Analysts, CISOs, and even competitors came to the booth to watch alerts enrich themselves, cases build in real time, and HyperAgents plan, reason, and execute response steps across identity, endpoint, cloud, and SaaS tools. 

Why it hit so hard:

• Real agentic reasoning, not pre-canned outputs or offline summaries
• Full-stack orchestration across SIEM, EDR, IAM, CSPM, and SaaS
• Native case management with AI-generated timelines, summaries, and next-step recommendations
• Safe, governed execution with clear policy constraints

In a sea of “AI-washed” SOC tools, Torq showed an autonomous system that actually works at enterprise scale —  moving from category buzzword to the real thing, shipping today.

Agentic AI in the SOC — for Real

Agentic AI was the buzzword of the conference, and it seemed like every vendor had a new “AI Agent.” But there’s a big difference between marketing hype and actual AI in production handling real-world use cases in Fortune 500 environments. 

HyperSOC showed what real agentic automation looks like:

• Autonomous investigations
• AI-built cases enriched with evidence
• Dynamic remediation that adapts to context and policy
• Multi-agent collaboration at machine speed

If you want to see the most talked-about demo of Black Hat Europe 2025, you know where to find us. Get a demo or the ‘Don’t Die, Get Torq’ manifesto to get started.