Blueprint: Build the Best in Cyber Defense Redefining Security Operations: Lessons in AI Integration with James Spiteri
Jun 12, 2025
James Spiteri, who leads product initiatives at Elastic for AI and machine learning in security, shares insights on how AI is transforming Security Operations Centers. He discusses the rise of agentic automation, which creates independent workflows while maintaining human oversight. Spiteri highlights the Model Context Protocol and its integration with large language models, addressing both the benefits and potential risks, such as AI 'hallucinations'. The conversation emphasizes the balance needed between automation and human engagement for effective cybersecurity.
AI Snips
Chapters
Transcript
Episode notes
Start By Automating Mundane Tasks
- Start by automating boring, repeatable SOC work so analysts regain time and focus.
- Use LLMs to remove tedious data wrangling before attempting higher-value automation.
AI Simplifies Alert Interpretation
- LLMs can translate raw alert events and JSON blobs into simple, human-readable summaries.
- This reduces cognitive load and speeds comprehension for juniors and executives alike.
Attack Discovery At The Push Of A Button
- Automated discovery can stitch hundreds of alerts into a coherent attack story with one action.
- That removes the need for analysts to manually correlate every noisy alert.