SOC

Threat Hunting “You are a threat hunter. Given the following network logs, identify any patterns consistent with lateral movement, beaconing, or data exfiltration. Think step by step before giving your findings.” ...

AI tools are showing up in analyst workflows whether your organization plans for it or not. A Tier 1 analyst dealing with a hundred alerts a day will find ways to work faster — and if the org hasn’t provided sanctioned tools, they’ll use unsanctioned ones. That’s not a criticism, it’s human nature under pressure. ...

Tier 1 analysts using AI for alert triage is one problem. Security engineers integrating AI into automated pipelines is a different one — and in some ways a harder one. When AI is in the pipeline, the decisions it influences happen at scale, without a human in the loop on every call, and the code you write today becomes the attack surface your team defends tomorrow. ...

AI adoption in SOCs is largely happening bottom-up. Analysts are finding tools that help them work faster. Engineers are integrating models into pipelines. This is happening whether or not there’s an organizational policy governing it — and in most cases, the policy comes after the adoption, not before. ...

What I Built and Why Most threat intelligence dashboards are either expensive enterprise platforms or simple embeds pulling from someone else’s API. Neither felt right for a portfolio — one costs money, the other doesn’t demonstrate anything about your actual capabilities. ...