Detection at Scale SANS's John Hubbard on Future-Proofing SOC Analysts in the Age of AI
Drawing from his experience building enterprise SOCs and teaching thousands of security professionals, John Hubbard, Cyber Defense Curriculum Lead at SANS Institute and host of the Blueprint podcast, tells Jack about how AI is revolutionizing security operations centers, including balancing AI automation with fundamental analyst skills. They also explore practical AI applications in alert contextualization, team performance analysis, and the future vision of natural language interfaces for complex security tasks.
John emphasizes the importance of teaching both traditional methods and AI-enhanced approaches, ensuring security teams can leverage technology while maintaining critical thinking capabilities. He also discusses considerations around local versus cloud-based AI models and offers actionable advice for security professionals looking to future-proof their careers in an increasingly automated landscape.
Topics discussed:
- How AI transforms alert contextualization by dynamically incorporating business context and asset information for better triage decisions.
- The educational challenge of teaching both foundational security methods and AI-enhanced approaches to maintain analyst skills.
- Practical applications of AI in SOC operations, including automated phishing triage and mass analysis of analyst performance data.
- The evolution toward natural language interfaces that could enable complex security tasks like packet analysis through conversational commands.
- Custom agent development versus relying on vendor-provided AI solutions, including the technical challenges and coding requirements involved.
- Future SOC architecture predictions featuring interconnected agents, MCP protocols, and the abstraction of traditional security analyst tasks.
- Local versus cloud-based AI model considerations, including data privacy concerns, computational requirements, and trust implications.
- The critical question of oversight in automated security operations and who monitors AI agents in increasingly autonomous systems.
- Performance analysis capabilities enabled by AI's ability to process written text and logs at scale for team improvement insights.
- Practical advice for security professionals to embrace discomfort, invite AI into problem-solving, and establish mentoring relationships for career growth.
Listen to more episodes: