Defend Your Time: Applying Agentic AI to SecOps (Part 3 of 3)
Welcome back to “Defend Your Time,” the podcast dedicated to helping you get stronger security, more value, and fewer headaches out of your Microsoft security investments. Listen and subscribe through Spotify, Apple Podcasts, or wherever you get your podcasts.
In this episode we’re joined by Gareth Lindahl-Wise, Ontinue’s Chief Information Security Officer. As we continue our exploration of Applying Agentic AI to Security Operations, Gareth shares the perspective of CISO and discusses the critical need to combine security expertise with data science to avoid the common pitfall of “automating mediocrity.”
The Need for Speed and Accuracy
For Gareth, the two most crucial aspects of effective security operations are speed and accuracy. He emphasized that while humans are indispensable for their expertise and decision-making capabilities, they cannot match the speed required to handle the growing volume of alerts. Therefore, the integration of AI is essential to achieve the speed and accuracy required to effectively identify and mitigate threats.
Combining Expertise with Data Science
One of the key takeaways from Gareth’s discussion was the importance of combining domain expertise with data science. He warned against the danger of “automating mediocrity,” which occurs when AI systems are implemented without a deep understanding of both the technology and the security domain. As Gareth explained:
“There’s a real danger that you automate mediocrity if you don’t have those two ingredients. Yes, you can take an AI tool and clamp it on top of what you’re doing, but if you don’t have that dual insight of what good AI practices are and the understanding of what’s good in the security domain, you end up automating mediocrity.”
This fusion of expertise ensures that AI systems are not only efficient but also effective in delivering high-quality outcomes. By replicating the best practices of skilled analysts and continuously improving through learning, AI can significantly enhance the capabilities of security operations.
Building Confidence in AI Solutions
Gareth also stressed the importance of building confidence in AI solutions. As a buyer, he looks for solutions that demonstrate a solid foundation in both AI and security practices. This involves not only delivering fast and accurate results but also ensuring that the processes are transparent and verifiable. He highlighted the need for AI systems to be built with a clear understanding of the risks and challenges involved in automating security operations.
The future of security operations lies in the effective fusion of human expertise and AI capabilities. This approach will define the leaders in the field and set the standard for excellence in cybersecurity.
