The DAIS 2026 Speaker Spotlight is a series where we hand the mic to the speakers heading to Data + AI Summit and let them answer five short questions โ in their own voice, no press-release polish.
Below, Surya Sai Turaga on how he and Anand Rao built Lakewatch โ the Open Security Lakehouse reference platform โ and the broader pattern of open data plus apps plus agents replacing proprietary SaaS silos. Lightly edited for length โ otherwise, the words are his.
โ
Lakebase, Databricks Apps, Agent Bricks, and Lakewatch aren't four bets โ they're one: open data + governance + custom apps + agents replacing proprietary SaaS silos. Security is just the first vertical to fall.
โ Surya Sai Turaga
The topic
What is your talk about, and who is it for?
How we replaced a legacy SIEM with the Open Security Lakehouse on Databricks Lakewatch โ 13TB/day, 80% cheaper, sub-15-minute detections, and Claude-powered threat hunting โ a blueprint for security teams done paying per-GB to be locked into proprietary formats.
Why this, why now
What's changed in the last 6โ12 months that makes this topic urgent right now?
OCSF reached production maturity and detection-as-code went mainstream, finally making lakehouse-native SecOps reproducible across teams.
The personal stake
Why are you the people giving this talk?
Anand Rao and Surya Sai Turaga are the Databricks architects who built the Lakewatch reference platform behind this talk โ 13TB/day across 22 sources, OCSF-normalized SDP pipelines with 94% MITRE ATT&CK coverage, and a React + FastAPI threat-hunting app on Databricks Apps + Lakebase running Claude-driven analyst workflows. Anand brings prior security depth from Chainalysis and VMware; Surya leads field architecture across Unity Catalog, Lakebase, and Databricks Apps.
What you'll leave with
What will someone be able to do on Monday morning that they couldn't do before?
By Monday morning, you can: replicate the OCSF-on-Delta ingestion pattern that hits sub-15-minute detection at 80% lower TCO; fork the React + FastAPI + Lakebase starter to ship your own analyst app on Databricks Apps; wire Claude into a real threat-hunting workflow using the prompt patterns shown; and walk into your CISO's office with a defensible Lakewatch migration cost model โ no vendor SOW required.
The bigger picture
How does this fit into where Databricks โ and data and AI more broadly โ is heading?
Lakewatch is the lakehouse pattern reaching escape velocity beyond analytics. Lakebase, Databricks Apps, Agent Bricks, and Lakewatch aren't four bets โ they're one: open data + governance + custom apps + agents replacing proprietary SaaS silos. Security is just the first vertical to fall. The next five years will see the same pattern dismantle observability, ITSM, MDM, and CRM โ categories whose moats are ingest pricing and closed data formats.
Part of the DAIS 2026 Speaker Spotlight series โ more voices dropping in the weeks ahead. Got a DAIS speaker you'd love to hear from next? Mention them in the comments โ we're always listening.
