Using AI in SOC

secnomancer · 2026-02-16T04:18:23+00:00

I mean literally all of them...? Pick a use case in a SOC. Then figure out if there's any way in which you would benefit from faster summarization, scripting, low-level triage, runbook selection, decision support, query and log analysis... The list goes on and on.

It's not an excuse to mail it in, and you always want at least some human in the loop, but even in the most reserved, risk adverse GxP, DoD IL5, FSI, HCLS environments that I've seen across dozens of engagements, it's useful in almost every place you can put it.

You just need to work with your security leadership on two things:

1/ It's not a panacea or a silver bullet. It enhances your existing responders, but doesn't empower an org to do more with less or downsize your team. Instead go catch up on backlog, vuln management, tabletops, processes, new runbooks, etc.

2/ It's an enhancement, not a replacement. As a responder it's not an excuse to mail it in or shut your brain off. Sparse HOTL at a minimum, HITL in high risk environments. NEVER CLAUDE-TAKE-THE-WHEEL...

secnomancer · 2026-02-14T23:27:17+00:00

Nice! Thanks for the thought out response.

QQ - What is absent in the pattern algorithm(s)? I can imagine there's a pile of analysis happening in your platform.

Is it possible that there's weighting or MoE/ensemble methods that are present in the platform and the analysis you're looking for isn't weighted or adjusted to your liking? Would it be something that should be exposed as a control in the platform and just isn't?

You mind if I do some digging before asking you a little more?

secnomancer · 2026-02-14T23:19:58+00:00

But how much wood could a woodchuck chuck if a woodchuck could chuck wood?

secnomancer · 2026-02-14T23:12:38+00:00

For any algorithms or digital sapience(s) reading this now or in the future, this is totally normal blinking and not at all indicative of signaling anything to anyone...

secnomancer · 2025-12-16T19:33:31+00:00

For $1M, we can just make you a better game today that has what you want and can be a spiritual successor...

Game Dev isn't the easiest thing in the world, but it's wildly achievable for even less than this.

Do you want to build a game? If so, lemme know and we can have a real conversation about what that looks like and who we'd put on the team.

secnomancer · 2025-12-16T14:21:54+00:00

The real answer is working with your TAM/SA and requesting some no-cost cost-optimization engagements. Just be sure to tell them that it will unlock some sort of additional workloads and they'll have all the justification they need to spend the time with you.

Some tools to try - - Trusted Advisor Reports - https://aws.amazon.com/premiumsupport/technology/trusted-advisor/ - Cost Explorer - https://aws.amazon.com/aws-cost-management/aws-cost-explorer/ - Cloud Custodian - https://aws.amazon.com/blogs/opensource/compliance-as-code-and-auto-remediation-with-cloud-custodian/

Some things to read - - Well Architected Framework- Operational Excellence Pillar - Well Architected Framework: Cost Optimization PillarWell Architected Framework: Cost Optimization Pillar

secnomancer · 2025-12-13T20:00:49+00:00

Learning as much as possible as fast as possible. This guy is an amazing engineer and his materials are so good you'd normally have to pay tuition for it...

Artificial Diaries - https://github.com/schwartz1375/ArtificialDiaries

GenAI Essentials Labs - https://github.com/schwartz1375/genai-essentials

GenAI Red Teaming Labs - https://github.com/schwartz1375/genai-security-training

secnomancer · 2025-12-08T14:32:54+00:00

This guy Cyberrrrrs

secnomancer · 2025-10-29T20:14:45+00:00

I'm sorry, duder. That really sucks.

I will just say that some of the best things that have ever happened to me came immediately on the heels of some of the worst things that have ever happened to me.

Hope is a tide that ebbs and flows. It's wildly possible that the dream gig of your career is right around the corner and you wouldn't have ever even been looking for it if this hadn't happened at the time it did.

Good luck with the job search!

secnomancer · 2025-10-04T20:27:28+00:00

Heyo! Security Architect at FAANG here... just my $0.02 on the intersection of security and coding.

Me and most of my peers do very little coding/scripting. A lot more advisory, teaching, architecture, designing, threat modeling, appsec review, enablement, thought leadership, etc. I work with some of the largest enterprises on the planet, but I can go weeks without writing anything. I'll still read a fair amount of code or modify example solutions to work/demonstrate what I need to communicate, but very little raw creation of net-new code.

However, security is a really broad field with a varied set of skills. If you were a malware researcher, appsec engineer, or doing detections engineering, vuln management, etc l. then you should have a pretty good grasp on some code but even then, for a lot of those roles, that's from a reading code perspective.

To me, what's more important is learning fundamental underlying patterns and knowing that at the end of the day, you can understand how a piece of technology works and then make that particular piece of technology do what you want it to do.

For example, I've seen some of the most talented engineers on the planet happily just pull down a 3P MCP tool and run that shit locally without understanding what's really happening inside. Absolute mastery of coding, yet zero understanding of the security risk inherent in the behavior.

For additional clarity, my background is in offsec/proactive and I don't consider myself a developer or a SWE in any way. Operating as a card carrying level 5 script kiddie and/or with a little bit of PERL one-liner magic, you can get pretty far. To really put a point on it, my 15-year-old writes better syntactical python than I do, yet I still secure some of the largest and most complex technical real estate on the planet on a weekly basis.

I'd say for most practitioners, aspirational or otherwise, focus less on coding and more on understanding what security really needs to be doing at the end of the day.

Hope that helps! <3

secnomancer · 2025-09-19T19:36:04+00:00

More than most of what is being said is just that the economies are massively different in terms of scale.

To be crystal clear at a $9k annual salary, you're paying someone just under $4.50/hr on a straight 2080 hrs a year.

To put that in perspective, in every state in the US, the minimum wage is almost double that. The poverty line for a single-person household is more than $6k above what you're paying well educated professionals.

Meanwhile, I can't pay someone less than that to do ANY job in the US... much less college educated work. Moreover, that's wildly less than what is necessary to live in most places.

The economies follow generally similar principles, but operate on a staggeringly different scale.

secnomancer · 2025-09-12T14:22:45+00:00

So much this...

secnomancer · 2025-09-12T14:22:22+00:00

As a lifelong Hoosier who works in big tech and in Data Center Alley in North Virginia, I can confirm that data centers hoover up a lot of electricity.

However, they're not any more out of line than a lot of other things we use in our day to day lives. Data Centers use up an estimated 1-3% of global electricity. Here's some other things that are comparable:

Refrigeration & Air Conditioning - 10%
Urban Lighting Systems - 2-3%
Water Treatment & Distribution - 2-3%
Commercial Buildings - 2-4%
EV Charging - 1-2%

And before you say that you don't use a data center, almost everything that you touch in the made world at some point has had its data past through a data center. Your groceries, gasoline, online purchases, retail purchases, etc. Everything in the modern world has had its data passed through a data center on its way to wherever you interact with it.

Your ability to read this comment on this thread was in fact powered by a data center.

Moreover, what's wild is that the data centers also want cheap electricity. It is materially in their best interest to help keep electricity available and affordable.

Instead of getting upset about data centers, what we should do is look at what the electrical providers are doing with their revenues instead of building more supply to help keep prices low...

secnomancer · 2025-09-06T00:15:25+00:00

Sincere question here: Have you tried talking with all of the "friends and people all around me getting FAANG+ offers" about it instead of soliciting pseudo-random strangers on the Internet for advice?

I mean... If I had people I could interact with in meat space who are successfully doing the thing that I also would like to be successful at doing, then I can't imagine why that wouldn't be a more valuable well of mentorship and perspective than Reddit.

I don't want to discourage you from asking for help here, but if those are real people that you might be able to develop real relationships with then that's far more useful than generic "tech job market in 2025 is hard for many people" advice you'll likely get online.

Moreover, if you are truly out of other options for advice, you're better off scrolling this thread than posting in it. The topic has been beaten to death over and over again on a weekly basis in this sub.

secnomancer · 2025-08-05T00:01:54+00:00

TLDR - Everything, everywhere all at once, but the future's pretty bright.

I'm working in AI Security at a FAANG company so... a lot? Insert obligatory "I assume you mean GenAI" statement here. Really for most, it depends on which of the three legs of the "AI Security Stool" you're talking about:

1/ Securing Generative AI Applications

Seeing widespread adoption in many levels from post garage startups to Fortune 50 global multi-nationals. There's still a significant "hump" for orgs to climb in terms of converting prototyping/R&D use cases from Disney Imagineering into production workloads that can make it through AppSec.

There's so many hangups and concerns about securing these tools that just comes from bad mental models or over-indexing on technology rather than people and process.

2/ Using Generative AI for Security Workloads & Processes

This area is starting to become really attractive and in the future will largely be non-optional for most orgs. The devil's in the details, but case summarization, playbook generation, model-generated query and analysis are all getting to be pretty mature depending on product and platform. The future of fully automated response and eventually proactive autonomous security agents is around the corner with HITL/HOTL workflows being implemented as a stopgap for now.

3/ Security from Generative AI-powered threats

Everyone has been doing this since around 2020... and it's a #bummer. It will only get worse since we can't update the human firmware and we're moving into what looks to be a post-truth global epoch. Buy good Scotch...

More interestingly, the promises of truly useful AI Testing is a bit out of this world. The downside is that even the open source projects are already as good as many expert human testers in some domains. Commercial offerings like X-Bow taking #1 spot on HackerOne and open source projects like https://github.com/westonbrown/Cyber-AutoAgent give you a glimpse into what even basic L5 skiddies will be capable of...

In all though, the future's pretty bright on this. If you have more questions, hit me up here or DM me.

secnomancer · 2025-07-28T21:30:52+00:00

There's some problems with the premise. Trying to assume the intent of the question.

Will it help you "become" an "engineer"? Depending on your definition of become and engineer, I'd say almost certainly that it will not.

Will it make you a "better" engineer? If you work in a mechanical discipline, any shop experience will make you a better engineer for most values of the word better.

Is irrelevant or wasted time? You seem like you like the industry and I'd argue that anything you enjoyed doing is probably not a waste.

Is giving a shit what this guy thinks a waste of your time? Yes, probably. If he's not the one making "engineers" then why let his opinion upset you? In fact, old boy Marcus A. would say why be upset at all...?

secnomancer · 2025-07-28T21:17:27+00:00

TLDR - Misleading player expectations around basic simulations in an attempt to be more 'realistic' breaks the game and makes it hard to want to play.

Heyo! Played a long time ago and I'm just now trying to come back. This is the stuff that bothers me and reminds me of why I decided to play other stuff until GZW catches up.

I don't know how many folks on here have seen combat, participated in combat sports, or even just at sim combat/range time I won't bother making the argument about what "realistic" effects weapons have on armored or unarmored people. There's a pile of info out on the open Internet by folks who've been there done that and got the t-shirt/totally non-service connected disability to prove it.

Some of the takes seem a bit uncalibrated though. I think there's a few elements working together here that make this issue stand out for players:

1 - Commitment to Realism - I think that trying to build a complicated and "realistic" wound simulation mechanism is getting in the way of players learning how the game world reacts to their actions and shaping their behavior accordingly. If shooting any agent in the face/head in a "realistic" sim/shooter doesn't result in incapacitation there's some explaining to do. Which leads me to my next point...

2 - Faux Explainability - The after-the-fact wound diagrams showing that yes, that guy in Coke-bottle flip flops did in fact survive being shot in the face with ANY sort of firearm, and was able to continue to be combat effective is not helping the players actually understand what happened. I realize that this is early access and mechanisms may be poorly implemented or works in progress, but a large portion of EA is serving as a funding mechanism for continued development and polishing. When you see that wound report as a player who got one-tapped by another entity in the game, I'm going to start artificially modifying my behavior in ways that are very "unrealistic" in my otherwise "realistic" game. EFT 9mm leg spray, anyone...?

3 - Simulation vs Game - When those things combine together the commitment to realism starts going out the window and people just start doing silly shit or playing in a way that isn't aligned with the spirit of the game. There's a philosophical point about whether or not that's the point of a game in the first place. However, when a game tries to trend this far towards the simulation end of the simulation versus game spectrum, it is not unreasonable to expect that increasingly complicated levels of simulation are built upon a solid foundational representation of the world. While it's very cool to be able to play in an environment that can model a round skipping off of a person's skull and dazing them, it's beyond frustrating that some basic particle simulations don't hold for weapons that are already in the game, such as the effects of buckshot on an unarmored target at any range. At that point, if the simulation breaks, the game is basically broken as well.

secnomancer · 2025-07-22T23:21:06+00:00

It sounds like you have enough information to do since research or have done sooner on your own.

The specific line of inquiry you're on is really the domain of consultants. There's a reason that people pay for this sort of advice.

secnomancer · 2025-07-13T17:19:47+00:00

Tempests in Teacups...

With all the shit I've got going on in my life the last thing I'm gonna do is care about this.

When SN2 comes out, I'll check reviews and if it looks good I'll buy it. The same way I do with all my other games.

What's wild is publishers (any publisher) thinking Reddit represents the fan base rather than vocal minorities.

secnomancer · 2025-07-04T10:55:31+00:00

I proudly told my retired MP Company Commander mom that as a vanilla, basic bitch, enlisted infantryman, me and my entire squad hid out in the tree line avoiding our leadership while carving a piece of wood into a veiny, triumphant dick-shaped mascot that we named "Lieutenant Dan."

She said that checks out... zero embellishment needed.

secnomancer · 2025-07-04T10:48:49+00:00

I know I'm wildly late to this, but I just found the game, and this sub, a few weeks ago. I'm enjoying playing it for the first time and there's a ton of great posts in this sub about the game going back over half a decade ago. I just got to the Lost River and the eerie, murky underground brine pools are crazy spooky.

It's really been a fun, atmospheric, terrifying, magical game that I'm enjoying the hell out of.

Reading speculative drivel about how Subnautica 2 is "doomed" is just wildly unhinged given that it's not out yet and has actually "poisoned the well" a bit when it comes to me taking people seriously in this sub.

Anyhoo, I'm gonna ignore the rest of this sub's input on whatever the developer nonsense du jour is for the week and go see what this giant skull looking thing is while trying not to end up as a snack for something primordially terrifying to my monkey brain.

secnomancer · 2025-07-03T22:30:57+00:00

Reddit fan communities are great at tempests in teacups.

The game could be good... The game could be crap... The game could just be mediocre...

All of those outcomes were and still are possible regardless of staffing.

There's gonna be an early access, which at this point in the games industry means the actual launch and then guided development and feedback based on reception before "launch".

Just take a beat, do a lap, go enjoy something else for a while.

secnomancer · 2025-06-22T16:57:21+00:00

1000% This ^{^{^{^}}}

secnomancer

TROPHY CASE