Post

The Importance of Horizontal Security in the AI Arena

Posted Updated
Preview Image
By
5 min read

I have been working professionally in the cybersecurity field since 2019. Before sharing my own thoughts, I want to talk a little about what I have done. I will connect the story at the end.

For about two years, I provided SOC L1 and L2 services to large companies operating in different sectors in Turkey. I think I learned the dynamic nature of consulting and the difficult but educational side of startup culture very well.

When I was working in SOC in 2019, the things we did were actually almost the same as today. Of course, technology and orchestration have improved over the years, and they will continue to improve. But I do not think the performance of a SOC L1 Analyst on a night shift can be compared with the performance of the same analyst on a daytime shift in any metric. I have many friends around me who work as SOC Team Leaders or SOC Managers.

In my opinion, SOC is actually a culture. This culture is the opposite of the approach that says, “Let’s buy every product we can and put them inside. Yes, now we are secure.” SOC actually means SLA.

For example, imagine a high-level alert comes in, and at the same time, a medium-level alert comes from another customer. It is a night shift, and only one person is monitoring. Under normal conditions, it is very possible to miss something. You may say, “One person should not work alone in one shift anyway.” But no, at one time, it was like that. Even if there are now three people in one shift, the number of monitored customers is much higher.

Because of this, I hate the sentences I am about to say in the age of AI, but unfortunately, I think people who do not continue their lives together with AI will be eliminated by natural selection after a while.

The relationship between SOC and AI is already at a point where AI can analyze almost all incoming L1 attacks, fully automate the process, and escalate them. Also, you do not need to spend money for this. If you are interested in AI, this was probably one of the first project ideas that came to your mind: automatically analyzing and reporting L1 attacks.

In my time, we used to check everything manually, analyze it, open a ticket, and send it to the customer with an email template. This is a primitive method, but many organizations still continue this way. I am not against it, but I know that its end is coming.

If I talk about the security level in 2019, everything was more enjoyable back then. Because there was no AI thing, and there was a real challenge. This is similar to the death of CTFs. Even though this makes me sad, it also brings new excitement.

Another domain is penetration testing. For years, I went to many different companies to do pentests, wearing a shirt even though I did not like it.

SOC and pentesting are two different vertical areas of expertise. In fact, they must also have their own sub-branches.

But if you are a consultant and you have limited time, you have to do and know everything. The people who have walked this path will understand this best.

When doing a pentest, for example, the time lost in the recon phase has now decreased a lot. I even have my own agents now, and they can find vulnerabilities according to the OWASP Top 10 better than me. And they do this for almost 100 dollars per month.

We need to accept this: LLMs are better than us, and they will become even better.

So, should we still have a vertical specialization? Or should we move horizontally and add multiple domains to our knowledge pool by combining them both in theory and practice?

If you ask me, I definitely support the second option. Of course, these are completely my own thoughts, and their correctness can be discussed from a philosophical point of view.

The reason I briefly gave the SOC and pentest examples is this: because I do not have a neurotypical brain, I have done engineering in a multidisciplinary way over the years. I used to complain that I did not have a vertical specialization. But recently, I attended a workshop by a vulnerability researcher whose knowledge and experience I respect. In that workshop, he defined the path I had already been following for years. He said, “There is no vertical specialization anymore. I recommend that you move forward completely in a horizontal context.”

Actually, I have been doing this for years. Jumping from topic to topic, seeing cybersecurity as a whole discipline, and approaching it like a soldier. Yes, this is definitely what defines me. This is who I am.

Finally, I want to say this. You should definitely have a vertical specialization. But it should no longer be your only focus. At least, this is how it is for me. And thanks to this path I have drawn, I can make a living.

No one knows how far AI will go, but I want to finish with this example. Right now, AI has a trend, and it keeps moving upward. Think about this: when Intel released its first chips, there was a similar rise. Over the years, this rise first moved like a sine wave, going down and up, and then it settled on a horizontal level.

Nicholas Carlini, whose presentation I listened to recently, shared this idea. And actually, he touched on a point that I could not clearly define in my own mind.

So, get through the FOMO issue and start creating something. Believe me, nobody knows anything. You just have not started yet.

Thank you for reading.^^

AISec
AI Horizontal
This post is licensed under CC BY 4.0 by the author.