The Detection at Scale Podcast is dedicated to helping security practitioners and their teams succeed at managing and responding to threats at a modern, cloud scale. Every episode is focused on actionable takeaways to help you get ahead of the curve and prepare for the trends and technologies shaping the future.
Episodes
2 days ago
2 days ago
Drawing from his experience building enterprise SOCs and teaching thousands of security professionals, John Hubbard, Cyber Defense Curriculum Lead at SANS Institute and host of the Blueprint podcast, tells Jack about how AI is revolutionizing security operations centers, including balancing AI automation with fundamental analyst skills. They also explore practical AI applications in alert contextualization, team performance analysis, and the future vision of natural language interfaces for complex security tasks.
John emphasizes the importance of teaching both traditional methods and AI-enhanced approaches, ensuring security teams can leverage technology while maintaining critical thinking capabilities. He also discusses considerations around local versus cloud-based AI models and offers actionable advice for security professionals looking to future-proof their careers in an increasingly automated landscape.
Topics discussed:
- How AI transforms alert contextualization by dynamically incorporating business context and asset information for better triage decisions.
- The educational challenge of teaching both foundational security methods and AI-enhanced approaches to maintain analyst skills.
- Practical applications of AI in SOC operations, including automated phishing triage and mass analysis of analyst performance data.
- The evolution toward natural language interfaces that could enable complex security tasks like packet analysis through conversational commands.
- Custom agent development versus relying on vendor-provided AI solutions, including the technical challenges and coding requirements involved.
- Future SOC architecture predictions featuring interconnected agents, MCP protocols, and the abstraction of traditional security analyst tasks.
- Local versus cloud-based AI model considerations, including data privacy concerns, computational requirements, and trust implications.
- The critical question of oversight in automated security operations and who monitors AI agents in increasingly autonomous systems.
- Performance analysis capabilities enabled by AI's ability to process written text and logs at scale for team improvement insights.
- Practical advice for security professionals to embrace discomfort, invite AI into problem-solving, and establish mentoring relationships for career growth.
Listen to more episodes:
No comments yet. Be the first to say something!