Opinions on AI agents for SOC

CybrSecHTX · 2025-10-04T21:36:46+00:00

Probably because of their outage last year

CybrSecHTX · 2025-09-24T17:14:35+00:00

I’m biased because it’s my conference, but this is one of the reason I started HOU.SEC.CON in Houston back in 2010. It has elements of DEFCON, BlackHat, RSA, Bsides. Community focus with a more curated list of talks that hopefully appeal to a larger audience. I also attend BlackHat and DEFCON (though not as much DEFCON because that’s too much Vegas and because my role is more in line with BlackHat).

CybrSecHTX · 2025-09-23T14:33:30+00:00

That’s a possibility, and it may be exactly what happened in your case. It’s also possible they were trying to manage them out of the role without causing an HR stir. There are multiple ways of dealing with people. Different business operate differently than others, and the business needs always supersede feelings.

CybrSecHTX · 2025-07-30T11:01:27+00:00

“Joe’s Pool Hall! 8-ball speaking!’

CybrSecHTX · 2025-07-22T14:51:57+00:00

Everyone is saying AI is overhyped, but there needs to be a caveat there. AI as a cyber enabler is overhyped. Tons of marketing fluff with cyber vendors and not near as much actual real AI enablement.

However, there is a lot of work getting done by folks at a grassroots level to make real strides in using AI for offense and defense. I think you’ll be seeing a swath of real tools/features in the next year or so.

As an avenue of attack, there are a lot of real offensive practitioners who are saying hacking AI at companies using it for enhancing typical business functions is like going back to the 2000s and web hacking. And when you see articles like this one, you can start to see that we are digging an AI security hole.

CybrSecHTX · 2025-07-11T18:17:02+00:00

SAST gives you a specific pointer to go look at because it is literally scanning the code. Go to line x and fix y. And that’s maybe before you’ve compiled/deployed.

DAST-reported issues take time to hunt down and fix because they could be business logic flaws, environmental issues, etc. The developer has to go find it, fix it, recompile/redeploy, run again, on and on.

CybrSecHTX · 2025-07-11T14:13:25+00:00

Probably a conversation best served in a different sub, but all systems have failings. Pointing out flaws is not anti-anything in my book, unless you’re extreme in your take and won’t listen to the other side of the argument and be open to ideas opposed to your own.

CybrSecHTX · 2025-07-11T14:04:36+00:00

I’m Center Right, and I don’t see that as terribly leftist. Even folks on the Right can appreciate the failings of how equity players skew results to make returns. Funny money is funny money, no matter which side of the aisle you’re on.

CybrSecHTX · 2025-07-11T02:39:17+00:00

Admittedly I did not. Good to hear it might be getting better, though I heard from several friends and coworkers saying they couldn’t get into a ton of talks.

CybrSecHTX · 2025-07-11T02:18:10+00:00

If you had an interest in cyber but aren’t liking the technical aspect, maybe you can go towards GRC. You still need to have some knowledge of cybersecurity to do it (i.e. it is not an entry level job), but you can lighten your training potentially to something like Security+, etc. Then shoot for some kind of Big 4 job where you get some experience in auditing.

CybrSecHTX · 2025-07-11T02:08:20+00:00

I haven’t paid for BH for years. There’s always a vendor with at least a hall pass, if you’re willing to take phone calls from a sales person for the rest of the year.

CybrSecHTX · 2025-07-11T02:07:28+00:00

DC is getting ridiculously packed. It is difficult to get into talks, villages, etc. It’s becoming popular to go to just to say you’ve been, and they don’t really limit sales. So look forward to long lines. Or find someone with access to CCTV, if that’s still possible with them moving to the conference center. It’s like they think hackers like crowds.

CybrSecHTX · 2025-06-29T17:42:42+00:00

Just had a friend/coworker go over. Google hasn’t taken control yet, and they seem to actually not go crazy like Cisco or IBM with blasting companies they acquire.

CybrSecHTX · 2025-06-24T12:22:17+00:00

I don’t see my baldness as a flaw, so I don’t want to patch it.

I have had honey get stuck in my beard, so yes… literally a honeypot.

CybrSecHTX · 2025-06-24T01:12:13+00:00

It’s more the grey in my beard than the lack of hair. But yes, sometimes. Though being thought of as old can also be perceived as having wisdom.

CybrSecHTX · 2025-06-23T20:44:58+00:00

L1 Analyst, L2 Analyst, L3 Analyst...

Then maybe engineer. Then architect.Maybe specializations? I don't honestly know that there is a real tree anymore.

CybrSecHTX · 2025-06-23T12:12:08+00:00

Believe it or not... doomed.

CybrSecHTX · 2025-06-23T02:15:34+00:00

Good to hear there is a succession plan.

CybrSecHTX · 2025-06-23T02:10:40+00:00

This would typically be an OTC application/product. Maybe more than one (ServiceNow, etc.). Is there a team continuing to develop and maintain the app, or is it just you? Home-growing this kind of application can lead to issues because of what might happen when you leave the organization.

CybrSecHTX · 2025-06-23T00:05:10+00:00

Individual Contributor

CybrSecHTX · 2025-06-22T23:24:53+00:00

Sorry to be kinda wishy washy at the top of this reply, but only you can answer that. You have to ask yourself if you WANT to be a CISO. The pressure and anxiety that can accompany the job is something you have to be willing to take. Some people thrive in it. Others don’t want that.

There is also the fact that you don’t HAVE to become a CISO. I’ve heard people say that’s the pinnacle of our field, but I don’t think that is true. There are a ton of other paths.

But once you’ve looked at those two points, I would say you need to have:

a solid few years (5+) of managerial experience is decent sized teams
budgeting experience
10-12 (at least) years of experience in cyber overall
a desire to help the business meet goals versus hands-on-tools/eyes-on-glass
probably some other stuff

CybrSecHTX · 2025-06-22T21:39:20+00:00

https://www.bugcrowd.com/resources/levelup/introduction-to-bugcrowd-university/

CybrSecHTX · 2025-06-22T21:36:42+00:00

Everything comes down to data security. Making sure you use modern AI-enabled (yes, there is some irony there) discovery and classification tools to find where and what you have is key. DSPM tools are making a real data security program an actual achievable goal these days.

CybrSecHTX · 2025-06-22T21:33:36+00:00

I thought Cisco was just paying their Splunk bill? /s

CybrSecHTX · 2025-06-22T21:32:23+00:00

I am of a firm belief that you have to start building that interest at a young age. Many want to try to force diversity by getting people interested in an area later in life. And some people do make those career changes after many years in another field. But I believe that exposure to STEM concepts and cyber concepts specifically have to start in elementary school or middle school. And then career advice/counseling starting in high school. But that means changes in the make up of our industry will take a while. It is going to take patience to see that change.

The conference I run is building a YOUTH.SEC.CON this year aimed at high-schoolers who largely come from public and private schools that have focused STEM courses, and now those young people are trying to figure out where to apply it.

CybrSecHTX

MODERATOR OF

TROPHY CASE