-
LLMs in Security Operations: Helpful Sidekick or Hallucinating Intern?
Large language models (LLMs) are everywhere now. Your inbox, your SIEM, maybe even embedded in your security tool’s new “AI assistant” tab. It’s tempting to believe these tools are ready to triage alerts, write detections, and handle analyst fatigue all on their own. They aren’t. Not yet. But that doesn’t mean they’re useless. Like any…
-
Trust Engineering: Building Security People Actually Believe In
Security doesn’t work without trust. You can deploy all the right tools, write high-fidelity detections, and put together a solid incident response plan—but if the engineers roll their eyes every time you file a ticket, or leadership treats your risk assessments like noise, the entire program grinds down. This post is about something security teams…
-
The Detection Rebuild, Part 2: Automating Detection Engineering Without Breaking the SOC
Coming off the heels of Part 1, where we focused on fixing the signal problem, Part 2 is all about scale. Because once you’ve cleaned up your alerts and improved your detection quality, the next question is: how do you keep it that way without burning your team out? This post is a practical look…
-
The Detection Rebuild, Part 1: Fixing the Signal Problem
How to Stop Drowning in False Positives and Start Surfacing Real Threats Let’s be honest: most security teams aren’t short on alerts—they’re short on good ones. Every SOC eventually hits the same wall: too many alerts, not enough signal, and a growing pile of detection rules no one wants to touch because something might break.…