Are we on the brink of a new era in cybersecurity, one where artificial intelligence (AI) reshapes how we protect our digital frontiers? Join us on this episode of Tech Talks Daily as we delve into this fascinating topic with Andrew Hollister, Chief Information Security Officer and Vice President of Labs R&D at LogRhythm.
In our conversation, Andrew shares his insights on the evolving role of generative AI in cybersecurity. Despite widespread apprehension that automation may displace human analysts, Andrew suggests a different narrative—AI as a collaborator enhancing human capabilities, not replacing them. With its rapid development, generative AI is finding its place in cybersecurity, aiding in tasks like summarizing threat reports, detecting patterns in massive datasets, and translating technical log data into understandable language.
However, the technology has its challenges. Andrew points out the potential risks of AI, such as producing misleading information—what he terms "hallucinating false facts." This underscores the irreplaceable role of human oversight, where seasoned analysts apply critical judgment to AI outputs.
Looking ahead, we explore the future skills necessary for cybersecurity professionals. As AI takes over more routine, data-heavy tasks, there's a growing need for roles focused on strategy, problem-solving, and lifelong learning to adapt alongside evolving technologies.
What will the future security operations centers (SOCs) look like? How will AI transform the cybersecurity landscape? After listening to our discussion, what are your thoughts on AI's role in cybersecurity?
Share your views with us as we explore these questions and more.
[00:00:00] Are you wondering how artificial intelligence is transforming the cyber security landscape?
[00:00:08] Well today on Tech Talks Daily we're going to be diving deep into the world of cyber
[00:00:12] security AI with Andrew Hollister, Chief Information Security Officer at a company called
[00:00:18] LogRhythm. Now Andrew brings with him a wealth of knowledge from his role overseeing
[00:00:24] labs R&D and is also going to shed light on how generative AI is enhancing the effectiveness
[00:00:31] of security operations without displacing the human expertise that drives them.
[00:00:41] So how can AI act as a force multiplier in cyber security? Well today we're going to
[00:00:47] explore the evolving role of AI in security measures and its impact on the workforce
[00:00:52] and hopefully bust a few myths along the way. So buckle up and hold on tight because no
[00:00:57] matter where you're listening in the world it's time for me to beam your ears all the
[00:01:00] way to Oxford here in the UK where Andrew is waiting to join me.
[00:01:06] So a massive warm welcome to the show Andrew, can you tell everyone listening a little about
[00:01:11] who you are and what you do? Yeah certainly thanks for having me on Neil. So Andrew
[00:01:17] Hollister I've been around 20 years in and around cyber security and I really do love
[00:01:24] technology. I've been a programmer, I've been a support engineer and held many other
[00:01:29] technology roles in my career and currently I'm the CISO and VP of labs research here
[00:01:35] at LogRhythm. So my time's really split between our internal security programs so
[00:01:42] the SOC and GLC and APSEC plus a threat and compliance research that we deliver through
[00:01:49] our platform and really SIM security information and event management which is what LogRhythm
[00:01:56] does is it's all about reducing the time that it takes to detect and respond to
[00:02:01] prevent threat actors from reaching their goals. And in a nutshell that's what I
[00:02:07] do for our organization and also provide help to our customers to do the same for
[00:02:12] theirs. Well a big welcome for me to have you on the podcast it's a real pleasure
[00:02:16] because I think there's so much talk at the moment around artificial
[00:02:20] intelligence and throughout your career you've probably seen so many different
[00:02:23] technologies hyped and disappeared but I doubt this one's not going to go
[00:02:28] anywhere anytime soon and Gen AI of course has been labeled as being
[00:02:33] great for cyber security defenses equally it can be used by the bad guys
[00:02:37] arguably lower the barrier of entry to bad guys too so it's a lot we're going to
[00:02:42] talk about today but just to set the scene can you share how Gen AI has
[00:02:46] been integrated into cyber security strategies at LogRhythm there just to
[00:02:50] bring to life the kind of difference that it's making? Yeah and I think as
[00:02:55] you say Neil this space really is developing incredibly quickly and
[00:03:01] I also hope that it's not just going to help to have been a lot of hype but I
[00:03:05] don't really think it well but what we do see is the capabilities within the AI
[00:03:12] space and Gen AI specifically of course are changing almost every single day so
[00:03:18] it really is very much still a journey for us and we're seeing new
[00:03:24] opportunities all the time and I guess kind of at a bit of a strategic
[00:03:30] level we're really looking to see how and where can we leverage AI to be more
[00:03:38] effective rather than just using the technology for technology's sake so
[00:03:43] you know for example we use value stream management as a tool within the wider
[00:03:48] business to try and help us to find bottlenecks and how we can move
[00:03:52] faster and be more effective and I think that pal is quite well with the
[00:03:58] kind of lens of how I look at Gen AI in particular it's good at tasks and I
[00:04:04] think we're going to get a little bit more into that later on here but
[00:04:09] really identifying specific tasks that are repetitive and could be well
[00:04:14] defined those are really the candidates that we see where we can leverage
[00:04:20] Gen AI and I wouldn't say there was kind of even really one single kind
[00:04:25] of can I use case for it within cyber security but rather perhaps a kind
[00:04:31] of a number of areas where Gen AI helped out either with efficiency or
[00:04:37] effectiveness so for example you would think about threat reports as loads
[00:04:42] of them they're often quite extensive and being able to pull the relevant
[00:04:47] information from them in a summary form or for example taking a
[00:04:51] partial script you know perhaps a sock analyst can spend some time working
[00:04:56] out okay we've got these three or four functions and they're being called
[00:04:59] here and here's some input and everything they do but Gen AI is quite
[00:05:04] quick at that activity and particularly if you've got a bit rusty in
[00:05:09] a particular scripting language and I think kind of aside from what it
[00:05:15] can deliver in terms of those specific types of tasks I've certainly
[00:05:20] found it very helpful in getting a basic understanding of a topic to help you
[00:05:25] get started so you know cyber security is so broad you can't really be an
[00:05:30] expert in everything so kind of getting that starting point to review some
[00:05:36] kind of alert that you've got from as technology or not familiar with it
[00:05:40] can give you a basic grasp of it to kind of get you up and running so
[00:05:45] that's some of the ways that I see it being used to the moment and I always
[00:05:50] say on this podcast that AI works best when it complements rather than
[00:05:54] replace people but many people are worried at the moment that AI might
[00:05:58] replace human roles and human roles in cyber security too so one of the
[00:06:03] things that attracted me to you and why I invited you on the podcast
[00:06:06] today is you too you view AI as a supported tool rather than a
[00:06:09] replacement so can you expand on how AI complements the human elements
[00:06:14] of your security operations and maybe alleviate some of the fears that
[00:06:18] we're hearing of it?
[00:06:19] Yeah absolutely and kind of as I think about this we know from research
[00:06:25] that the average sock size is around one to three people right?
[00:06:29] Yeah.
[00:06:30] And for some listeners they might think that's quite a lot
[00:06:33] you're perhaps the IG manager who's kind of got cyber security
[00:06:37] handed to you as well but either way I've got too many resources I don't
[00:06:45] know how to keep my sock analyst busy said no sock manager ever.
[00:06:51] You know it's a constant challenge to keep up with all the demands so I
[00:06:57] really do think this is all about getting the tools to do what they're
[00:07:02] good at and humans to do what they're good at and it was interesting
[00:07:07] a couple of weeks ago I came across a quote from Sam Altman the CEO of
[00:07:12] OpenAI and he said it's important to understand and think about GPT-4
[00:07:19] as a tool not a creature and it's a tool that people have a great
[00:07:24] deal of control over and how they use it and he stated it's good
[00:07:29] at doing tasks not jobs and it is almost like the hype is so high
[00:07:36] you could think we'd actually achieve general artificial intelligence
[00:07:41] but in fact what GenAI is really doing is generating content based on
[00:07:47] what it's seen before and in a way in the truest sense of the word
[00:07:50] it's not really intelligent in the sense that it has original
[00:07:56] thought right it's modeling in text generation it's modeling a
[00:08:00] sentence kind of based on the probability of what the word next
[00:08:04] word is going to be it doesn't intrinsically know something and
[00:08:08] it's almost like the fact we're talking about this tells us
[00:08:11] something about the kind of level of kind of anthropomorphism that
[00:08:15] has already taken place and the perhaps Sam Altman is talking
[00:08:20] about so I do absolutely see this as being complimentary or
[00:08:26] supportive to the human being in the role you know I have a
[00:08:32] stock analyst who's expert in a certain area and there's a cost
[00:08:36] to them performing each task that's involved in being an
[00:08:39] analyst of course but where I can get AI to help for example
[00:08:44] you know it takes an analyst a long time to trawl through a large
[00:08:48] quantity of data and find the patterns in it we're not very
[00:08:52] good at that but machines are very good at that and finding out
[00:08:57] okay based on all this data this activity is a deviation the AI
[00:09:03] can work that out but it doesn't know why it can just tell
[00:09:07] you this thing's happened and that's really where you get
[00:09:10] the human being involved and perhaps an example people are
[00:09:16] more familiar with you know we've all got anti fishing
[00:09:19] solutions in one form or another and many of those are AI based
[00:09:23] and have been for some time but phishing emails still get
[00:09:27] through to the end user and then you hope you know the end user
[00:09:31] is savvy enough to report it as a fish and so on so you
[00:09:36] know I think it's really more about kind of supercharging
[00:09:39] the resources you have rather than seeing it as a
[00:09:43] competitor.
[00:09:44] 100% with you and so many great points there given AI's
[00:09:49] capabilities and limitations that we're just talking about
[00:09:52] there what type of tasks within cyber security do you think
[00:09:56] AI is most effective for and why because you must have I
[00:10:00] know you've been working with this have you come across
[00:10:03] anything in particular any trends around what works well
[00:10:05] and what doesn't work so well?
[00:10:07] Yeah and I think to the point it is focusing on the tasks
[00:10:13] that it's good at is really important and I think there's
[00:10:16] a few different areas you know in the space that I'm in
[00:10:19] we're obviously focused a lot on log data and given there
[00:10:24] isn't any kind of standards for log data across the industry
[00:10:29] you know analysts have to look at lots of different log types
[00:10:33] and there's different event codes from different manufacturers
[00:10:36] and perhaps thousands of different ones and getting AI
[00:10:40] to summarize for you what does this log or what does this event
[00:10:44] actually mean or perhaps I've got a number of them what's the most
[00:10:48] significant thing here and analyzing and coming up with
[00:10:53] like a natural language descriptor things like that is one area
[00:10:57] where AI is quite effective and I think another kind of
[00:11:02] related to that is you know this around trying to find
[00:11:05] patterns in data it's hard for us to do that
[00:11:10] you know kind of hold enough of the pattern in memory to be able to pick out
[00:11:15] deviations in it but of course machines are very good at it and
[00:11:19] kind of my vision with it is can we get the analysts away from looking at
[00:11:24] raw log data at all which is pretty esoteric
[00:11:28] but the machine can get to presenting a kind of narrative to us
[00:11:33] in natural language of what's actually happening I'm kind of thinking about
[00:11:39] you know you take your car to the garage today
[00:11:42] and the mechanic plugs in an electronic machine
[00:11:46] reads the codes and it tells them in plain English
[00:11:50] you know what's wrong what does this code mean
[00:11:52] of course the mechanic could run a set of tests and get under there with his
[00:11:56] spanners and so on and probably come to the same result
[00:12:00] but it would take more time and expense and that machine they have doesn't do
[00:12:05] the fixing typically but it's good at pinpointing the issues
[00:12:08] and I think that's really where AI is helping us most at the moment
[00:12:14] and again just to highlight the importance of having AI and human teams working
[00:12:19] alongside each other we know AI can make strategic decisions but are you able
[00:12:24] to describe a scenario where maybe human judgment also proved critical and has
[00:12:28] to step in when AI falls short because you can't have one without the other can you
[00:12:34] No that is quite true and this is where I think there's this interesting thing
[00:12:40] that we have called self-awareness as humans right
[00:12:43] you kind of at least to some extent know where your limitations are and
[00:12:48] perhaps where you lack a little bit of expertise or knowledge in a particular
[00:12:53] area and we have that inbuilt capability to
[00:12:57] question our assumptions and I think one of the areas
[00:13:02] where generative AI in particular can easily fall short is the ability to state
[00:13:08] things as fact that it doesn't know and then it also goes on to make up a
[00:13:13] basis for that soapwood fact and I think probably most
[00:13:18] familiar people are familiar with hallucinations by
[00:13:22] generative AI in text but for example probably people don't
[00:13:26] think about the fact it can also hallucinate URLs or links or
[00:13:32] statistics and even code dependencies and this is really where blindly
[00:13:38] taking the output of generative AI would be a great risk
[00:13:43] and an knowledgeable human in the loop really is critical
[00:13:47] so you know if you're trying to get generative AI let's say to reword an
[00:13:51] email in a more professional tone that the risk in that is probably very
[00:13:56] low but on the other hand if you're asking it to do a
[00:14:00] task for which you've got no personal professional
[00:14:03] knowledge let's say you're not a programmer and you ask it to generate
[00:14:07] code for you um you're really taking some risk there
[00:14:11] if you don't have the capability to evaluate
[00:14:14] what it's produced either for you know is actually doing what I
[00:14:19] wanted it to do as well as for kind of safety and security and is it
[00:14:24] bringing in vulnerabilities in some way and you know I think if we take it
[00:14:29] up a level kind of thinking about geni-ais ability with things that are
[00:14:34] more strategic in nature you know I might well use geni-ai to try
[00:14:39] even to help me worse with the strategy itself
[00:14:42] or to generate an initial plan or a roadmap or some steps
[00:14:46] but I'm not going to blindly follow it because of this fact
[00:14:50] it isn't actually intelligent it's creating something for me based on
[00:14:56] data and and probability so you really have to use it as a tool in the toolbox
[00:15:02] and not as the kind of unquestionable oracle of all knowledge
[00:15:07] and if we look into the future I know this is incredibly difficult because
[00:15:11] nobody could have expected or predicted just how much geni-ai
[00:15:15] geni-ai would rock the mainstream in 18 months but yeah
[00:15:18] as AI continues to evolve how do you envision the future roles of human
[00:15:23] analysts in cyber security how do you imagine those evolving over the next
[00:15:27] let's say five years which is like another lifetime with a speed of tech at the
[00:15:30] moment but how do you see that evolving yeah there really is almost a lifetime
[00:15:35] and you know as we said I don't see AI replacing humans in the
[00:15:41] sock at any point that alone in the next
[00:15:45] five years and I think on the on the broader
[00:15:49] how things evolve there's actually an interesting piece by Gartner recently
[00:15:53] where they said they expect by 2033 a billion new jobs
[00:16:00] will be created by AI and of course that's been the same with technology
[00:16:05] developments I guess since the industrial revolution
[00:16:08] you know some job types have gone away we don't need to deal them anymore
[00:16:12] but other jobs have been created in their wake and I'm quite sure that will be
[00:16:18] the same here in in geniative AI as it relates to cyber security and
[00:16:24] what I do envision though is an increasing number of these kind of
[00:16:28] mundane structured tasks that specifically that are very
[00:16:32] database being performed by AI technologies but that the human
[00:16:38] analyst will be more required for that kind of overall context
[00:16:43] an understanding of the broader kind of I guess the context in which the
[00:16:48] business is operating what's more important and less
[00:16:52] important given the goals of the business and
[00:16:56] I think not least you know over many years now we've seen
[00:17:00] analysts burn out particularly in the sock with all these alerts being
[00:17:04] produced by so many technologies and I think there's a real opportunity
[00:17:09] of us as we see this technology developing to really leverage
[00:17:13] AI to deliver more human friendly output so rather than depending on this kind
[00:17:19] of memorized understanding of you know thousands of
[00:17:24] windows event log codes we won't need that as human beings
[00:17:29] anymore because the AI will be able to interpret that and give it to us
[00:17:33] in a in a more consumable fashion and I think kind of side by side with that
[00:17:39] you know we've we've always got this conversation about kind of the
[00:17:42] disconnect between business and technology and what's
[00:17:45] the value of cyber security to the business and
[00:17:49] I think this will also give both the sock analysts the sock management
[00:17:55] and and and the CISO that more ability and more help in
[00:18:00] articulating what they're doing to audiences that are outside the direct
[00:18:06] technology area so you know getting these kind of large language models that
[00:18:10] gen AI depends on fine tuned with some industry
[00:18:14] specific knowledge that can actually help turn that
[00:18:18] those findings what goes on into in the sock
[00:18:22] into content that's suitable let's say for a
[00:18:25] board audience kind of highlighting the risks
[00:18:28] in business terms what will really be hugely valuable in the future
[00:18:34] and cyber security also I think we should highlight has a well documented
[00:18:38] skills shortage it's an industry with zero percent
[00:18:41] unemployment and with the right course or qualification it can be
[00:18:45] a lucrative career for anyone to enter whether you're in the tech industry
[00:18:49] or not listening to this but what would you say are the key
[00:18:52] skills that you think cyber security professionals of the future
[00:18:55] should maybe focus on developing right now to stay relevant in this increasingly
[00:19:00] AI integrated embalming yeah I think this is a really good question and
[00:19:05] probably a lot of people are scratching their heads about this right now
[00:19:09] because of the speed of change and yeah I think you know fundamentally we're
[00:19:13] still going to need cyber security professionals who understand
[00:19:17] networking you understand code and and malware
[00:19:20] you know the AI isn't going to replace the need to have that foundational
[00:19:25] technology skills but but when I think about
[00:19:29] hiring individual contributors myself I
[00:19:33] prioritize curiosity over almost any other skill yeah you know a person who's
[00:19:39] curious well-engaged in lifelong learning and one of my favorite
[00:19:43] quotes is from Einstein who said I'm not especially gifted I'm just
[00:19:47] passionately curious yeah other people might think about him differently but
[00:19:50] that's what he said about himself but I guess in terms of specifics you know a
[00:19:55] lot of focus is doing place for example on prompt engineering as a skill in the
[00:20:00] AI world and you know we no doubt see the benefits of that
[00:20:05] but I also read an interesting piece in the Harvard Business Review talking
[00:20:10] about that kind of problem formulation the ability to
[00:20:14] identify and analyze and delineate problems will be much more of an
[00:20:18] enduring and adaptable skill and that's really where the humans have the
[00:20:23] edge and I think kind of on the softer side all
[00:20:26] professionals should really focus on developing
[00:20:30] those skills and I think also one thing that people forget about this is
[00:20:36] our cyber security tooling itself is also part of the attack surface right
[00:20:41] and and perhaps this there's nowhere this is more evident than in AI
[00:20:46] so I think there'll be a big uptick in the need to understand
[00:20:51] both compliance security and data privacy
[00:20:54] in the AI space and how to protect the platform
[00:20:59] and the models and the data itself by bad actors I think that's definitely
[00:21:04] an area to invest in and I guess the big question is
[00:21:09] especially for people listening to our conversation today how do you at log
[00:21:13] with them ensure this balance between leveraging AI for efficiency
[00:21:17] and maintaining robust humanity oversight to prevent any potential AI missteps
[00:21:22] or indeed biases and I appreciate it is a big big question that we could
[00:21:26] focus an entire episode on but is there any examples you can share
[00:21:30] around that yeah I think I mean it's honestly
[00:21:34] kind of partly through policy approach I think you have to think about and
[00:21:38] define where will you use the various types of AI
[00:21:44] and where you won't use it either because of
[00:21:47] of data protection or perhaps the risks are too high
[00:21:51] in the space that you are or just the technology is not yet mature enough or
[00:21:56] really suited to the to the use case and you've kind of got this
[00:22:02] this this kind of tension I guess between business feasibility
[00:22:06] and what the associated risks are and you know for example with
[00:22:13] with engineering undoubtedly AI can help you write code
[00:22:17] but do the engineers just go from writing code
[00:22:21] to debugging code that AI has generated without actually gaining any efficiency
[00:22:27] so I think kind of measurement will be a very important thing in the future
[00:22:32] not just assuming everything needs an AI solution let's use it in those
[00:22:39] places where it excels and I think organizations can easily get into this
[00:22:45] mindset of oh everything's going to be done by AI
[00:22:48] but some things are going to lend themselves
[00:22:52] to it and I think this kind of keeping in mind the key is to work with
[00:22:57] technology not to technology let technology really be in the driving
[00:23:02] it's got to be solving a business problem and that problem has to be defined
[00:23:08] and understood by the humans who are really driving the solution that you're trying to get to
[00:23:16] and on that very topic there at that point of generating business value or
[00:23:20] delivering business value what advice would you offer to any organization
[00:23:24] or business leader listening that are cautious about integrating AI into
[00:23:27] their cyber security practices maybe it's fears of de-skilling their workforce
[00:23:31] or something completely different any advice that you would offer to anyone just at the beginning of that journey
[00:23:37] yeah and you know as we discussed I really don't believe that AI will de-skill
[00:23:44] the workforce to that point in particular I think it's a bit of a false equivalence
[00:23:49] and as I said history shows there's always something needed to manage the technology
[00:23:55] and that technology tends to be a net job creator not a destroyer
[00:24:00] and of course in any case we haven't created general AI yet but kind of thinking about the
[00:24:05] sock in particular if you can help sock analysts with the mundane parts of their jobs
[00:24:12] and reduce false positives isn't that a good thing both for effectiveness
[00:24:18] and for the well-being of the analyst where we think about burnout as really being that
[00:24:24] challenge in the industry and I think really the best way is to have a clear policy
[00:24:30] on clear goals start small and leverage AI for some kind of quite discrete well-defined tasks
[00:24:38] and go from there and of course no one has to a top day I like that but I think those
[00:24:43] organizations that do will achieve real competitive advantage
[00:24:49] and before you came on the podcast today ironically I was reading about so many
[00:24:53] different CEOs are betting up to something like 10 million dollars trying to prove
[00:24:57] Elon Musk's AI prediction wrong that AGI is imminent are going to be here by the end of the year
[00:25:03] where would you place your body on a bet like that
[00:25:07] I would place my money a very long way out
[00:25:11] I would join you on that one too and obviously you're someone that is proudly curious
[00:25:17] and a self-learner and there's almost a pressure on every single one of us now no matter
[00:25:21] what industry we're in to be in this state of continuous learning so I've got to ask
[00:25:26] where or how do you self-educate any tips you can share there yeah so I guess I'm just looking at my
[00:25:33] bookcase behind me here I'm a little bit of a book and I do try just to read business books as
[00:25:41] well as technology books just to continue in that kind of self-education I guess and you know
[00:25:47] I follow kind of several cybersecurity news sites and an online learning conferences and so on and so
[00:25:55] forth but I just feel kind of intrinsically at some level if you're not learning if you're not curious
[00:26:02] you really are kind of on your way to re-renewance in the in the current environment that we're at
[00:26:08] 100% with you and I think that's a beautiful moment to end on but before I do for anyone
[00:26:13] listening wanting to find out more information about logarithm connect with you or your team
[00:26:17] all that great stuff where do you like to point everyone listening yeah so visit our website
[00:26:22] at logarithm.com lots of useful information now we regularly blog on cybersecurity subjects there too
[00:26:28] follow us on LinkedIn and feel free to get in touch well I think in recent years the introduction
[00:26:35] of generative AI into cyber security has sparked so many different discussions especially around
[00:26:40] the potential impact on the workforce but contrary to those very concerns I love
[00:26:46] your belief here about automation replacing humans around that and your belief is more that AI
[00:26:51] is poised to augment rather than replace human expertise due to the current maturity limitations
[00:26:58] it's a topic we could talk about for hours but just thank you so much for bringing it all to life
[00:27:03] to know yeah thanks very much Neil it's great to talk to you wow what a fascinating
[00:27:08] discussion there with Andrew about the role of generative AI in cyber security and for helping
[00:27:13] me uncover how AI is not only streamlining repetitive tasks but also enabling cybersecurity
[00:27:21] professionals to elevate their roles to tackle more strategic and creative challenges and I think
[00:27:27] it's clear that the future of cybersecurity isn't about replacing human insight but enriching it
[00:27:33] with advanced AI capabilities it is a tool that is it I think people get a little bit carried
[00:27:38] away just expecting to go and do their job for them but it's not that at all but obviously this is
[00:27:44] just me chatting into a microphone in an empty room what are your thoughts on integrating AI
[00:27:50] into your cyber security strategy what are you concerned about what excites you could AI be the
[00:27:56] partner your security team needs please share your views and join the conversation by emailing me
[00:28:03] tag blog writer outlook.com DM me on twitter linked in instagram just at neil c hugh's i looked
[00:28:10] here your thoughts on this so we can keep this dialogue going and maybe just maybe unlock a few
[00:28:16] new possibilities together by brainstorming a few ideas but that's it for today I'll be back
[00:28:22] again tomorrow with another guest but thank you for listening today and until next time don't be
[00:28:28] a stranger