First, welcome to all the new subscribers! I was looking at the stats the other day and saw a nice increase in the last few weeks so appreciate it! I started this newsletter as a way to track my learning and it seems that other people are benefiting as well which is all I’m asking for!

So Apple had its big day with the WWDC 2024! I’m an Apple fan boy since the beginning of time. No big surprises in the approach Apple is taking - model on the device and a big focus on privacy. In the past, Apple has demonstrated its ability to integrate technology and provide an end-to-end experience which was a key differentiator. Let’s see if they can make it happen again. Will definitely spend some time learning more about that split between on device and OpenAI and obviously the Private Cloud Compute setup as well. Also, the play on the name is just awesome: Apple Intelligence = AI! Love it!

A huge piece on AI and the future by Leopold Aschenbrenner. Have not finished it yet, as it’s a 165 pages document! For those who don’t know him, he worked at OpenAI in the superalignment team at OpenAI and has a pretty impressive track record(to say the least). You can also find a YouTube interview here.

An interesting read on start-up hiring, where Ross Haleliuk is explaining that hiring top performers from larger cyber company is not necessarily a good thing for a start-up. You can be a start-up or a big company, you need to hire the talent that you actually need and not just jump for the top performer. This is going back to the usual story of talent shortage in cyber. I always had my opinion on this, which was more the fact that the industry is bad at identifying the skill sets it actually needs. Hint: it’s not someone with a collection of certification and 25 years of experience with a technology that is only 10 years old. This topic require a longer write up but that article from Ross should not be just read from a start-up point of view. What matters is the thought process and approach to identify what skill sets you actually need. This matter even more at the moment based on the state of the market » MORE

I’m back with some Cyber AI magic. I wanted to move to an agentic workflow to help understand incident or attack. The workflow is (still) basic but powerful:

I’m sharing the full script and a couple of example output. Hopefully that’s helpful for someone else » MORE

A researcher Agent who is in charge to “uncover the latest development in the cyber security domain”

A writer Agent who is in charge of “crafting compelling content on cyber security”

A timeline Agent who is in charge of “creating a timeline of security incident”

A research task which is basically the start of workflow. This is where i’m asking about a specific threat actor or an incident.

A timeline task to basically get the content from the researcher agent and create a timeline in the mermaid format.

A writer task which is basically putting it together.

Serper is basically a Google Search API. Super useful to search the internet and get some of the news.

The website search tool, is a RAG tool that search a specific websites.

The CSV search tool, is a RAG tool that search a specific CSV file.

Run 1: first run, the Google Threat Intelligence Blog was not included.

Run 2: have added the Google Threat Intelligence Blog in the website tool, hoping for a better result knowing Mendicant has published some very details blog post.

Run 3: have disabled the delegation of tasks.

Run 4: have enabled delegation of tasks for the writer and the timeline. Have switch to hierarchical rather than sequential. However the timeline is not in the right format.

Stating the obvious here, but garbage in / garbage out. If your input is bad or the tools you used are not the right one, the outcome is obviously not going to match. Highlight again the importance of data in anything AI workflow.

I had a couple of runs where the whole workflow seems to get lost. What I mean is that if you look at the debug info, it looks all good until suddenly it takes a wrong turn. I had a very early run where the output ended up being a list of cyber incidents in 2023 for example.

This means you need to be precise in the different prompt you are using. Even if you have to state the obvious like don’t do X or focus only on X.

The biggest challenge i’m seeing at the moment is consistency. Knowing this is GenAI I don’t mind some changes in terms of wording but the fact that the timeline section for example is changing significantly from one run to the other is a problem.

AI excels in creativity, problem-solving, and information synthesis, areas previously thought difficult to automate.

AI learning is similar to human learning but lacks automatic knowledge transfer between phases.

Future AI advancements include expanded context awareness, continuous self-improvement, localized intelligence, and decision-making.

AI will impact enterprises through meeting transcription, self-updating wikis, automated reports, and specialized oracles.

Engineering will see self-documenting code, requirements as code, automatic integrations, and localized models for operations.

CISOs face persistent challenges in vulnerability management, detection, compliance, measurement, third-party incidents, and least privilege.

The underlying issues inhibiting solutions are coverage (width and depth), context (who, what, where, why, how), and communication (translation).

AI can address coverage by scaling triage, context by synthesizing information, and communication by tailoring data for audiences.

AI can help with communication by synthesizing data and translating it for the intended recipients.

Hiring top performers from large cybersecurity vendors can ruin early-stage startups.

Sales at a startup differ significantly from sales at a large vendor.

Startup sales require educating prospects about new problems and solutions.

Startup salespeople must be agile educators, ready to hear "No" frequently.

Revenue leaders at startups must learn who their customers could be.

Hire entrepreneurial, results-driven people with high ownership for early-stage startups.

Move fast, learn by doing, and iterate as needed in startup roles.

Focus on hiring in-network referrals for better matches and retention.

Ensure executives from large vendors are willing to work as individual contributors.

Prioritize learning, unlearning, and relearning in new environments.