100% agree up to the point to remove the Tiered approach. We cannot assume that each individual CAN carry the event to conclusion because it requires knowledge of many functional areas. There are two main ways to accomplish this; learn the systems in a non-billable safe environment or (the better approach is to) learn the functional areas from an IT role. Then the pivot to security makes more sense because there is domain expertise. These are the individuals that will advance quickly while forever T1's will remain. Lack of seeing outside of a playbook. Figuring it out is a requirement to remove the tiered approach (if that's the goal) but not every analyst shares that same ambition or requisite skill. Hence the tiered approach.
It's really tricky to have a concise conversation that still preserves nuance - and this interview does that for this broad and deep subject area. Truly excellent!
soc will get automated when we moving into 'consolidation' mode. Right now, we are in 'expansion mode' where we get more and more device to gain telemetry info from when moving toward 6G. But it is not sustainable and will reach a point that management consolidation is the only way to go. If you think the development of technology is CONSTANT VELOCITY, yes, it will take a very long time. But i feel that we are onto an near exponentially acceleration which mean the next 12 months things are going to change alot more than the past 12 months. Right now, it is super costly to train an 'attacker behaiour model' as an alternative to natural language based large language model. But once the AGI is reached the cost will drop quickly. At this rate, SoC may not completely vaish in 5 years but very likely will merge with other major functionality due to consolidation .
100% agree up to the point to remove the Tiered approach. We cannot assume that each individual CAN carry the event to conclusion because it requires knowledge of many functional areas.
There are two main ways to accomplish this; learn the systems in a non-billable safe environment or (the better approach is to) learn the functional areas from an IT role. Then the pivot to security makes more sense because there is domain expertise.
These are the individuals that will advance quickly while forever T1's will remain. Lack of seeing outside of a playbook.
Figuring it out is a requirement to remove the tiered approach (if that's the goal) but not every analyst shares that same ambition or requisite skill. Hence the tiered approach.
It's really tricky to have a concise conversation that still preserves nuance - and this interview does that for this broad and deep subject area. Truly excellent!
18:26 couldn't agree more.
soc will get automated when we moving into 'consolidation' mode. Right now, we are in 'expansion mode' where we get more and more device to gain telemetry info from when moving toward 6G. But it is not sustainable and will reach a point that management consolidation is the only way to go.
If you think the development of technology is CONSTANT VELOCITY, yes, it will take a very long time. But i feel that we are onto an near exponentially acceleration which mean the next 12 months things are going to change alot more than the past 12 months.
Right now, it is super costly to train an 'attacker behaiour model' as an alternative to natural language based large language model. But once the AGI is reached the cost will drop quickly. At this rate, SoC may not completely vaish in 5 years but very likely will merge with other major functionality due to consolidation .