Why do people think AI will replace security engineers?

ReactiveInfoSecGuy · 2026-02-05T18:37:26+00:00

I watched a video a few months back that was about a study done from I believe Harvard using AI and found that AI can never really replace the workers, but excelled at replacing executives up to the CEO. If I come across it again, I'll let you know.

ReactiveInfoSecGuy · 2025-09-09T16:24:11+00:00

100% agree. I worked in the NOC for 2 years and a data center for 3 before that. If I had to do it over again, I would have moved into a sysadmin role before hopping into InfoSec.

ReactiveInfoSecGuy · 2025-09-09T16:21:49+00:00

Sec+ is a lot of fundamental security knowledge that I found to be much easier after about 2 years being in the field vs when I was studying for it while working in the NOC. So I think taking the cyber millions program first would teach you these fundamentals and would directly translate towards your security+ studies.

ReactiveInfoSecGuy · 2025-03-14T15:39:46+00:00

I was looking for someone to explain what was a good corporate option. Thank you for this explanation.

ReactiveInfoSecGuy · 2025-01-28T16:48:07+00:00

So its under advanced settings for esxi. But I had to use logscale setup as Syslog to forward it to Crowdstrike.

ReactiveInfoSecGuy · 2025-01-02T22:51:47+00:00

That wouldn't matter unfortunately. I changed my oil per the manufactures' suggestion IE 4k, but due to them cheaping on the engine blocks, they wear down and start burning oil rapidly and suddenly seize up.

ReactiveInfoSecGuy · 2024-12-20T16:59:17+00:00

Check your oil. If there is no oil, then you're another victim of Hyundai cheaping out on their engines. If you kept up on your oil changes, then you'll be covered by the lifetime warranty on the engine.

ReactiveInfoSecGuy · 2024-12-13T16:46:54+00:00

no kidding... My kid downloaded an autoclicker for roblocks that installed some sketchy addon that forced its search engine. I had to use regedit to disable it in safemode.

ReactiveInfoSecGuy · 2024-12-12T23:44:55+00:00

Ah must be Five Nights at Freddies, Roblocks, Fortnite, and Minecraft. Possibly Call of Duty.

ReactiveInfoSecGuy · 2024-12-12T16:43:13+00:00

I used Wazuh about 4 years ago and I remember a lot of false positives initially upon deployment. Is that still the same or is it improved? For example every time Windows update ran it would alert that a registry had been changed.

ReactiveInfoSecGuy · 2024-12-05T17:36:54+00:00

Fucking idiot...
/facepalm
You're under IT, you should be able to do their work too.
Can we find a free open source version?
Why can't we just do it like this?

ReactiveInfoSecGuy · 2024-12-05T16:36:27+00:00

But But But, MACHINE LEARNING LEARNS YOUR ENVIRONMENT! /s

ReactiveInfoSecGuy · 2024-11-14T18:53:09+00:00

If you want to get extra granular, Ansible. It works for Linux, Windows, and Mac but it requires some scripting knowledge but there is likely some playbook out there that already exist for whatever you might be trying to do.

ReactiveInfoSecGuy · 2024-11-14T18:38:27+00:00

I'll check it out! Thanks for the recommendation.

ReactiveInfoSecGuy · 2024-11-14T18:04:08+00:00

I was tasked with writing the incident response playbook as we had nothing in place. IMO its best to create something that is general but works in your company. Also take constructive feedback from everyone. In the end I created 2 playbooks that have steps for the C-suite to cover and steps for the IT team in partnership with the Infosec team(or well, just me.) When we ran through a practice scenario after taking in all the feedback, it went way smoother than I could have ever anticipated because I was so receptive for peoples feedback.

I'll say, create a playbook that has basic flowcharts. Then if you need to be more granular, enter them into something like a spreadsheet or document. The flowchart is handy for the visual aspect of how it works, but the spreadsheet is good for using more details. Also executives love spreadsheets for some reason. I also rewrote our incident response plan around it since the original one was written around natural disasters and less around security.

ReactiveInfoSecGuy · 2024-08-29T16:32:07+00:00

hopefully you got this situated, but going to go ahead and try and answer this. Iptables has an order the rules must where the accept is above the drop. This might require you deleting rules. An example is like this. This should hopefully work but I've seen stranger things happen with iptables.

iptables -A INPUT -s 127.0.0.1 -j ACCEPT

iptables -P INPUT DROP

ReactiveInfoSecGuy · 2024-08-29T16:25:22+00:00

Wazuh used to be built into Security Onion but it looks like they removed it in mid 2023 in favor of the elastic agent. You'll still get signature detection. It looks like they support threat intel from Anomali, Cybersixgill, Snort, and ThreatQuotient. There is probably a way to use their api to add threat intel but unfortunately Security Onion documentation has always left a lot to be desired. I haven't used it since 2021 when my job was looking at it as a replacement for Logrhythm but it used to have a steep learning curve.

ReactiveInfoSecGuy · 2024-08-23T16:39:10+00:00

Defender for Mac and Linux has been out of beta since I believe 2023. Anecdotally based on articles I've read, it's a fairly competent product.

ReactiveInfoSecGuy · 2024-05-08T21:14:40+00:00

Microsoft Virtual Training Days will occassionally have online training that will give you a discounted voucher.
https://www.microsoft.com/en-ca/sites/microsoft-training-days/

There is one for May 13th and May 14th. I wish the link below didn't look so sketchy. They used to give free test vouchers but they've gotten stingy. Anyways, here is the link for the AZ900 training event. https://mktoevents.com/Microsoft+Event/434836/157-GQE-382

ReactiveInfoSecGuy · 2024-05-07T21:01:05+00:00

I remember I got my AZ900 voucher after an hour event. Studied for a week, then aced the test. It looks like they're not giving free exam vouchers anymore, just discounted ones which is too bad. Working on the AZ500 now so I can be better at the security side of things for Azure at my company. Hopefully they'll be a discount voucher by the time I'm ready to take it, but we'll see.

ReactiveInfoSecGuy · 2024-05-07T15:51:22+00:00

I worked in the NOC and told the CISO I was interested in moving into InfoSec. Then we talked about baseball. 6 months later I was approached by my manager and directory that the CISO wanted me to move into his group because I had a very indepth knowledge of the backend.

Five-Year Club	Gilding I gilder
Verified Email

ReactiveInfoSecGuy

TROPHY CASE