SOC alert triage analysts, learn to threat hunt... https://twitter.com/bindureddy/status/1313890927685955585

A lot of people up in my DMs upset about this because they think I’m overselling ML. I’m really cynical about ML. However, machine-aided automation has definitely reduced the manual work in security ops in the past 15 years. The job I did back then would be almost unrecognizable.

Good security teams and vendors have made a definite push to automate simple and repetitive tasks and rightly so. This goes for detection and triage. Playbooks, automated workflows, smarter SIEMs, better event correlation and statistics in bigger indexed data sets.

SOC analysts aren’t going away anytime soon. However, many analysts today would barely recognize the job role in 2005. In ten years it will be made even more efficient and machine aided.

But remember, machines are okay at machine stuff, and humans are better at human stuff.

That’s why I bring up threat hunting - because it’s a logical better use for junior analysts as more dull, repetitive tasks are automatable. Why waste analysts on tasks computers are getting better at performing? Use them for things that computers are still quite inferior for.

It’s not only a more efficient use of time and resources to provide better defense in depth with threat hunting, but it also gives your analysts ability to do more interesting stuff, learn, and grow. Less burnout, more learning. Win win!