The experience of the analyst in an AI-powered present ◆ Quelques Digressions Sous GPL

Interesting primer on detection engineering being pushed into different directions: operational, engineering and science.

But I would also like to see the operational aspect more seriously considered by our junior folks. It takes years to acquire the mental models of a senior analyst, one who is able to effectively identify threats and discard false positives. If we want security-focused AI models to get better and more accurate, we need the people who train them to have deep experiences in cybersecurity.

There’s a tendency of young engineers to go and build a platform before the understand the first use case. Understanding comes from going deep into messy reality.

Beyond the “detection engineers is software engineering” idea is the “security engineering is an AI science discipline” concept. Transforming our discipline is not going to happen overnight, but it is undeniably the direction we’re heading.

These two forces pool in VERY different directions. I think one of the most fundamental issues we have with AI in cybersecurity is stepping away from determinism. Running experiments with non-definitive answers.