BizTech Next Level BizTech Podcast

Ep.124 AI at the Helm: Transforming SOC Operations with Jason Kaufman

July 2, 2024

Subscribe to the Next Level BizTech podcast, so you don’t miss an episode!
Amazon Music | Apple Podcasts | Listen on Spotify | Watch on YouTube

Don’t miss this incredible episode on AI, Security Operations Center, and how the transformation is beginning. Today jump in with Telarus Senior Field Solution Engineer Jason Kaufman. We talk AI at the Help – Transforming SOC Operations. We discuss nuances of machine learning and parts of the SOC that had already grown from demands for efficiency, but Jason drops some key points of how AI in its current and future form will change that and what it means when you are in discussions with customers. Also stay until the end to hear some incredible future predictions from Jason around quantum computing and what it all means.

Welcome to the podcast designed to fuel your success in selling technology solutions. I’m your host, JoshLupresto SVP of Sales Engineering at Telarus and this is Next Level BizTech. Everybody welcome back. Today we’re talking about AI at the helm and transforming SOC operations. And if you don’t know what SOC operations is, we’re gonna get into it. It’s security, it’s fun, and we’re gonna talk about AI. So with us today we have got a returning guest, third time returning guest here, and senior field solution engineer atTelarus Jason Kaufman. Jason, welcome on man. Hey Josh, thanks for having me. I appreciate after the year of hiatus of the first two and now happy to be on the third one here to talk about SOC. Well the last guy bailed so we’re super excited to have you on.

I’m always happy being the last one chosen. I was the same way in kickball in high school so now I’m happy to train it. You know it came into my professional career. I love it. Now everybody loves Jason Kaufman. Let’s kick this thing off with some you know mentorship, lessons learned, take us back a few years, something that share with the group, something you’ve learned like I said from a mentor, something you learn the hard way. Yeah, let me think of all the things that my boss Josh Lupresto told me. No, so a good one I had at a previous role was it’s been sitting with me for a long time because it affects many different processes that I deal with you know from communication to just establishing rapport, relationships and all that stuff is the one term of perception is reality. To where you’re always trying to recognize what the other person perceives as what you’re doing for them and communicating with them, you know the relationship there and that’s really their reality. So when it comes to like somebody asking a question it’s just as simple as interaction on hey who can do this you know one things we live and breathe on in the sales engineering side. You know if you don’t know the answer right away and you’re starting to go research it for them just having that quick acknowledgement email gives them the perception that you are working on it you have their back and you’re gonna get them a response as quick as possible. So it’s just that you know something that could be really easily done and just goes a long way with people and that’s where I you know one of the things that’s really hit home and everything that I try to do is that perception on I want to make sure that person feels like that I’m doing everything I can for them and they know that I’m actively doing that.

Awesome. It’s a good one. I love that. So since last time we had you on the podcast lots of crazy stuff that’s happened with AI some of it’s been just marketing collateral you know some of it’s been meaningful product things but what’s some of the most compelling things that you’ve seen so far and how would you say that that’s impacted your work? Yeah, great question. I think it’s around the transformer architecture. I know we’ll get into kind of what that does when it breaks it down to hey how are you gonna get this response and build it by you know algorithms that say this should be the next word in the phrase or how do I understand something that’s given to me and one thing it helps me out tremendously is you know coming up with content and a lot of that comes around like discovery questions so if somebody comes to me and is like hey you know I have a customer that’s interested in this you know help me gear some questions for them that I can ask where I can come back and you know see if it’s a legitimate opportunity you know before I pull you on to the conversation and you know you write into something like Gemini or perplexity or you know even chat GPT hey give me 10 questions on this they’ll spit you out seven or eight good ones and then you just gotta fine tune it and take it from there I mean it’s not gonna be perfect every time so I wouldn’t say it’d be ideal to say give me 10 questions paste copy paste it you know you definitely want to have some some knowledge on it to say yeah it’s a good question no it’s not a relevant question anymore but something like that to where it’s significantly impact how long it takes me to come up with that question even though I I know the content you’re sitting there staring at a screen hands on the keyboard and yours like frustrated because pen the paper is not working very well that’s a big one and then also like summarizing summarizing stuff so like I use a lot to if some new technology comes up somebody is like hey what’s this application do or what’s this type of technology you know just a quick hey you know treat me like I’m a teenager that response goes a long way into it into a you know generative AI and teach me about this and then you could take it from there to where you can easily explain it to somebody you can deep dive into the technology and you know figure out the intricacies of it or you know it helps you really understand things super quick yeah I love it I love the that was one of the first ones that I saw explain it to me like I’m five or give me quantum mechanics quantum computing like I’m five right and it’s it’s a fascinatingly even even to help us who we do understand what quantum computing is it helps us understand it so much better just hearing it different so yeah I love great great points there killer stuff

okay so so you’re in a lot of discovery calls right you’re very customer facing the partners are bringing into you a lot of these different things so before we step into kind of the AI and SOC parts one final thought on you know what’s a misconception or just something surprising that you get as you step into this AI security you know any of these kind of conversations the biggest misconception I see is people thinking that AI is just gonna work you turn it on and it’s gonna be the ideal situation everything’s gonna be gravy and your your operational efficiencies are gonna go through the roof your revenue is gonna be max it’s gonna give you everything you need just by turning it on so a lot of it started on hey I saw these you know I need to implement co-pilot I just need to talk about the five different types of licenses as there are from Microsoft you know which one do you think I need and like you know hold on a second there’s a lot more you need to do here or else you’re gonna have employees access the information you don’t want them to plus co-pilot is gonna tell you the ins and outs of I don’t know you know you type of question it’s not gonna have the data that needs to respond effectively so it’s gonna tell you I don’t have an answer to this you know that’s when we whole start to the hallucinations and all that stuff so it’s it’s taking a step back and saying hey before you’re looking at implementing AI one let’s define what you’re talking about with AI is it you know you want to find a large language model do you want a data pipeline to get some business intelligence out of this do you want to do robotics process automation and get rid of some manual workflows but ultimately all starts off with data science and saying hey what data do we have is it correct let’s classify it and make sure we’re not gonna have any leakage to somebody I shouldn’t be seeing this data because if you have a large language model has access to your entire tenant of data it doesn’t know who has access to what it’s gonna give them a spit out unless they can recognize a tag or something like that that says hey this data is super secret to the company yeah good good point and it seems like a dramatic it just seems like nobody’s thinking that through and people are finally I mean it did so logical right but yeah the marketing is always fascinating in the stuff as opposed to how it really how it really happens behind the scenes yeah and a fun fact is if you go on if you go on like a co-pilot Microsoft marketing market extra you know we always call it it says hey just implement co-pilot and the users only see what they have access to through our back control so my role dictates what I have access to but what we find out in practicality is no that’s at the tenant level so you have somebody like me a low-level employee I could type in and see whatever whatever I want about the company as you know assuming there’s no data classification that’s been done and guidelines around that yeah yeah great points all right so so let’s get into we’re talking security operations center we’re talking AI we’re talking transformation so you got AI productizing all over but it seems like securities had components of anomaly detection and you know little bits of maybe we didn’t call it AI but it’s had it for a while so if you see somebody you know out there these these socks these outsourced socks that we’re looking to do you know and helping customers where do you see this really see AI productizing in this yeah I mean everything’s all about that telemetry and the anomaly detection so what we’ve seen is like you know even if you’re looking at any ER XDR provider crowd strike signal one carbon black defender all of them have some form of AI that says hey we’re gonna establish a baseline that we’re gonna notify if something falls out all outside of that you know the anomaly but what is gonna be the most way to make a sock super efficient so you know now the big thing is hey I need a sore I need to have something that automates runbooks to where when an anomaly is detected it can automatically see and and actually react to it to a certain level to where it’s containing that potential breach or that malware or whatever it is and then allowing somebody to go in and investigate so now the big things with AI that we’re seeing is socks are leveraging the generative AI tooling and you’ve seen companies leveraging the you know elastic that they brought in a generative AI tool into that they’ve used the Microsoft co-pilot that’s built on Sentinel you have East entirely just released theirs so you have in his large database of all these different you know threat you know threat vectors and threat you know attack vectors all that stuff all put in including like the common vulnerabilities and all that stuff and what it does it allows somebody to that you know is not a you know very you know proficient sock analysts be able to do a job of somebody that’s higher up because the system’s telling them hey this is what we’ll recognize here’s all the history on it and then here’s the you know five steps to take to you know resolve the issue so where socks are coming in is they’re layering those automation runbooks and using the generative AI tools to make it more efficient for the people that are there because then they’re cutting costs for how they’re you know eventually going to turn that back on to the customers does it ultimately you know we we talk a lot about you know job shortages and security it seems like we’ve been talking about that three four or five years in a row now and it doesn’t seem to be getting any better does this ultimately you know not only I guess make everybody faster and more efficient but is it allow us to someday close that gap on the security jobs because we can bring others into the fold and give them the tools to make them even a little more efficient or shore up any lack of knowledge a little quicker I think it would decrease training time and allow somebody that like if you see any job wreck right now for a sock analyst say hey we this is an entry-level sock analyst needs 10 years of experience you know we’re not gonna see that type of environment anymore it’s gonna be hey we can augment and train as you go but you’re gonna have you know AI you know augmenting you along the way that’s kind of where everybody’s saying you know AI is not gonna replace jobs it’s gonna augment people and it’ll replace people that don’t use AI so the same thing can be said about sock analysts if you can have something dummy down to where you have a runbook that’s either automated on the back end to where you everything’s already contained you know you don’t have the pressure or it’s telling you what you need to do to be effective as part of that job just like we have agent assist on the contact center side you know how much how much easier is it gonna be to have increased quality and decrease quantity of a sock team and you know make it way more efficient on the same time I mean we’re gonna be doing that across the board so let’s shift this now then to the customer side so I’m a partner I’m listening I want to get a little bit deeper and it kind of uncover the need with what my what’s the common thread or complaints that my customers are having so what do you see in these discovery discussions that you know perspective customers related to security and related to sock that that we can kind of help probe deeper in and uncover for the other partners listening yeah so the first one is like the ROI conversation a lot of the customers have been burned before they had like a local MSP that you know handled their sock and they found you know they got breached anyways to where you know there was no there’s no immediate remediation you know they found out the person was in their network for 200 days there was no backups being done that they could restore to so there wasn’t you know true mitigation techniques I mean we always assume that that breach is going to occur you know it’s not good to sit there and say it’s never gonna happen but what mitigation techniques and what is your RTO or appeal policies to get back online business continuity plans and all that stuff if you don’t have all that defined then you’re obviously gonna get probably burned by somebody that doesn’t know how to do that stuff so it’s you know those are generally the more cost-effective providers out there somebody tried outsourcing before so now they’re in the you know the ROI of do we outsource again and try this try this again or do we build it out internally and then it’s looking at you know what does it cost to stand up you know a sock team you know you got the tools you got the you know the implementation of it you got the sock analysts what do they cost do you need you know why do you need more than one you know who’s gonna govern all this stuff you know IT it’s not something that IT can just absorb so then we get into that conversation they’re like oh no automation could handle all that we just need a soar and it’s like well sores have to define the playbooks they have some pre-built ones but it’s not gonna handle everything so you need some form of human component here in order to take it over so then it starts talking to okay so what is this gonna cost us to do what is it gonna cost to outsource and then it always comes back on okay so you know this is what’s gonna cost us unfortunately I don’t have that in my budget but I know I need it you know after talking with us we tell them all the different stuff that’s going on how to how to mitigate all these different potential threats you know how do they afford it now so that’s the cool part about being you know an agnostic engineer that spread across the entire portfolio is now we can look at other avenues like hey you know there’s other ways that we can open up that budget by saving saving costs across different technology spends you know above and beyond just what a normal circuit aggregation can do you know that’s where we’re pulling in like mobility we’re looking at thin ops for cloud stuff you know we’re looking at optimizing their networking gear if they need to do a complete refresh you know talk the difference between a capex and opex model what’s gonna open up their budget and make it more friendly to them so it’s more on just hey here’s your options it is hey let’s help you push through that and open up that option for you to where you don’t have that hard decision we need to go back and ask more money from your sea levels yeah that was it’s an incredible example because I think you know we talk about this a lot hey you know bring it bring it to Larry sales engineer in we’ll help you find more and uncover that you know this deal in blah blah blah and give you you know all these extra resources and obviously although that’s true but that’s such a good example of how we do that when you would think jeez I’m just gonna bring Jason in for a security conversation it’s just a conversation about sock well anything that’s just a conversation about something is never just a conversation about something and so I think it’s it’s so cool to see what you do in these discovery conversations right hats off to you because a deal that starts with one thing never ends up with more you know with just that one thing it’s always more and and and there’s such a mutual benefit there right the partners eyes are opened at all of these other possibilities that relate this technology relates to this technology and you always see the customer going oh jeez I didn’t think of that right so okay yeah utopia they buy everything today right that’s that’s not always reality but the reality is you’ve helped them uncover the things that they need to do and maybe they they thought about it but you’ve now just put it right in front of them where they go okay I have to do something on this so just kudos to you on on kind of your process and anybody that hasn’t pulled you in that’s listening to this you’re doing a disservice to yourself so leverage this guy because he will he will help you in these and it’s just a fun experience to watch thank you for the compliment you bet uh all right let’s go let’s talk about let’s talk about the AI shift a little bit more so you know the partners that are listening to this there’s so much information out there right we talked about well listen on Twitter get into this forum you know try not to get too deep into this subreddit you know go to medium listen to all these places right so so for the partners out there from your perspective right where you see how we help them you know what they focus on how would you advise them to to kind of research and absorb or you know absorb and apply some of this and try to understand what’s different with all this product coming out yeah the one thing is you know we always tell everybody you know try to see through the market texture fine find people that you trust that you know are you know industry leaders they you know they have a good grasp of everything that’s going on in the marketplace you know they they have the you know the podcast and blogs that they follow on their own and just you know shared and and you know you have a full knowledge sharing team one thing that I always recommend is you know if you’re gonna do your own research you’re gonna spend a lot of time doing that there are plenty of plenty of you know blogs out there that are just like a TLDR too long didn’t read they’ll summarize everything that’s going on you know or you can even leverage AI for that there’s many times where I come in the morning and I go on you know Gemini perplexity or even Grog and say hey spit me out you know the the 20 most recent news articles on what’s going on the marketplace for cybersecurity AI cloud you know and all that stuff and then you have all the up-to-date information that summarized right there for you you could deep dive into something that sounds interesting but I would be oppressed if I didn’t mention that the the next level business tech bought visit tech podcast is probably one of the best places to get all this up-to-date information and then also the Kaufman Chronicles make sure there’s a V there the Kaufman Chronicles comm is another good one it’s just a love fest today guys it’s just we’re trying to give you a wealth of information to help you at the end of the day we’re not doing this I mean it is fun but we’re not doing this for fun there’s there is huge value in this and I hope what what you get out of this is just a glimpse into kind of what others are doing and and and what’s successful so that you can stay focused on what’s working and pay attention to that so I I love that I’m gonna actually I want to add a part two to that right so you’ve got that you’ve got that barrage of information you’ve you’ve sent them to places that they can go listen and learn how do you see you know you got Microsoft obviously leading this out with co-pilot you got Gemini you got just you know open AI on its own how do you think that impacts things you know are they the leaders in this over the next couple years does the the second to market that we don’t even know who it is yet below this thing out of the water what’s just Jason’s perspective on this so I tested quite a few of these and I would say it comes down to not only speed and efficiency but also accuracy is a big important one like if you’re if you’re leveraging open AI you’re doing the free version you’re only on GPT 3.5 that’s legacy data from like 2022 so I mean you’re you’re only looking at you’re not looking at data that could be relevant so when you ask it a question and ask it for the latest and greatest stuff it’s not gonna have that answer so you usually need to be on Microsoft co-pilot that’s using you know through open AI integration that’s using like GPT 4 or paying the $20 a month to have access to GPT 4 if I could say it say that ten times real fast or leverage something that’s real-time like Gemini or my biggest my favorite one that I’ve been using a lot for because I know it’s it’s focused on accuracy like it takes that that in square that M score that confidence factor and applies it to all of its X results that it does is that perplexity I mean you know you’re using it for something to where you need to write a paper on something or I even use it for the blogs a lot like hey I’m thinking about doing a blog on this you know give me give me some data points that would be great for this and some articles that I can read attached to it and it will attach those articles on behalf of the result so you can deep dive into it right there it’s like a really cool focused Wikipedia page where you scroll to the bottom and see all the all the scholarly articles everything was written on so I think it’s gonna maximize efficiency but we’re gonna see ones that come out with hey we’re gonna have an accuracy score of this you know we’re gonna promise this it’s gonna be more of like an SLA I think so we’re gonna promise this level of accuracy and you know you’re obviously gonna continuously train it with the thumbs up and thumbs down but yeah taking it all back and summarizing again I think you know in order perplexity would probably be the top one Gemini would be second and then if you have access to a to like a 4.0 Microsoft co-pilot or open AI chat GPT that’d be a nice third to have yeah I love this right I love innovation innovation keeps us sharp it keeps company sharp it keeps people sharp but this is such a wildly paradigm shifting race of capital to innovation in and it’s just it’s it’s almost like new paradigm shifting innovations every other week and so it’s really hard to to comprehend that it can be getting this much better this much faster and so to see the size of the organizations contributing investments to this to try to get this better right who’s gonna buy the next you know 10,000 Nvidia GPUs and have the better model I mean it’s it’s it’s wild to see and so yeah I I love that awesome awesome perspective there ten thousand I don’t know if you saw the last order for grok 2.0 was a hundred thousand yeah yeah just when you thought you know getting ten thousand was hard just let let Papa Elon give the Nvidia CEO a call and poof magic it’s done right all right so so take us home here final thought you know we’ve got we’re wrapping up kind of this AI sock operations track so okay we’ve we’ve established we’ve got a talent shortage okay maybe that gets better over time we’ve done some previous episodes on building your own sock and kind of thinking through what the costs are and and why that kind of doesn’t make sense so if you look at what’s coming right what we’ve sort of talked about in the last the last question but over the next few years how do you see sock operations innovating and just any other innovations that kind of you’re you’re looking most forward to yeah I’m you know I just to summarize all up I know we kind of discussed this a little bit previously but I think the automation and the runbooks are going to expand like the more the more you can automate the the more efficient you can be in the quicker you can be responsive to the threats that come in I think that’s going to be a big push the more runbooks you know people are going to prioritize hey we’re seeing this over and over again let’s create a runbook on it and then we’ll just establish it across the board and then same with the gen AI the augment so a lot of people are building these these massive databases of all the different breaches that they’ve encountered you know looking at the public databases and stuff like that and they’re creating you know that not only just I wouldn’t say the automated runbook but the manual runbook on here’s your next steps that you need to apply here let’s take you from a beginning sock analyst and turn you into you know somebody that’s been around equivalent to like five or six years and almost like train as you go type thing and I think that’s gonna be the big push because again it’s gonna be you know saving the company money as they get more efficient leverage these tools and ultimately it’s gonna be you know a lot more competition out there so you know the cost of these different services are gonna go down they’re gonna have to but I think that’s gonna be like the big part of what sock ops are gonna happen but I think you know you mentioned a little bit before was quantum computing there’s gonna be a lot there that we don’t know yet I mean everybody’s assuming that quantum there are there are you know different cryptography practices that are quantum proof but you know you’re looking at RSA is already being confident being breached using Shor’s algorithm where it takes like the larger numbers and uses prime factors to get it down to something that’s more easily understood but a lot of the quantum stuff we haven’t even tested what the capabilities are because now we’re gonna looking at superposition to where you know everything that we’ve talked about now is binary to where it’s either on or off and the compute structure says the CPU or GPU says it’s either on or when it’s on I need to make the calculation when it’s off you know I’m sitting there and standby until it comes on again so you have a certain you know certain direction where everything has to go in you know there’s there’s a linear path for that but with quantum computing and super position it could be on it could be off it could be both it could be in the middle so doing all these transactions all at one time all the simultaneous processing that we haven’t even been able to experience that it doesn’t even you know nobody knows what’s gonna happen yet so I think socks are gonna have to you know kind of leverage the traditional you know CPU binary GPU stuff and they’re gonna try to automate that stuff as they learn the new stuff that’s coming out with quantum computing well that’s a lot of like monster future forward quantum it’s fascinating to me what’s coming in this I think you touched on some great points and we might have to come back and do it do a track on quantum just to kind of break all of this down because just like any of these innovations I mean it’s just gonna be here in your hands faster than you know it right we can already play on quantum computing and move cubits around on Azure and things that I would have thought were five years ten years out from now so exciting stuff man exciting stuff I do have one thing to add on that so so a little little tidbit of what’s coming in the future at players partner summit there is going to be a special breakout session that I am leading with a with Cisco to where the the individual that I’ll be talking to has started at least four different AI companies and now lead the AI push at Cisco and we’re gonna be breaking down into a lot of these how to secure a you leveraging AI you know what AI threat threat vectors are out there and then we’re also gonna end it keyword keyword is we’re not gonna be focusing on but we’re gonna be ending on some quantum computing discussion spoilers if you really want to nerd out go get registered to layers partner summit lots of good stuff in those breakout sessions exciting pop into that one I want I want to hear more about quantum so good okay Kaufman is always a wealth of knowledge thanks for coming on man really appreciate it yeah thanks for having me all right that wraps us up as always do not forget go find this wherever you’re listening to Spotify Apple subscribe you get these notifications every Wednesday when this drops so you don’t miss this and you can stay ahead of your competition with all these secrets and all the great things that folks like Jason bring to the table here in these conversations so that wraps us up for today AI at the helm transforming sock operations Jason Kaufman senior field solution engineer tellers I’m your host Josh Lupresto SVP of sales engineering at Telarus.