Episode Transcript
[00:00:00] Speaker A: AI is moving so fast that you can constantly be looking. There's all sorts of ways to utilize AI without breaking DLP rules, without breaking corporate policies, without copying, you know, proprietary information, things like that.
[00:00:15] Speaker B: You're listening to Protect it all, where Aaron Crow expands the conversation beyond just OT delving into the interconnected worlds of IT and OT cybersecurity.
Get ready for essential strategies and insights.
Here's your host, Aaron Crow.
[00:00:33] Speaker A: Hey, what's up, everybody? I want to do a little bit of a solo episode today, talk about AI automation. You know, I talk about AI a lot on this podcast, but usually it's about AI in, you know, products and using it in an enterprise capacity. You know, kind of big picture.
A lot of products that you see at, you know, RSA or the conferences, a lot of folks, everybody's an integrating AI. I just had a, a founder on the other day which has a AI focused OT product like from the ground up, like it's designed using AI. So these things are coming, and those are things that you can definitely buy and you can, you know, integrate into your core systems and into your, your, you know, remediation plans in your program, things like that. But, but that's just some of the use cases. So many of us are using AI. Obviously, you've probably seen the AI stuff that you've seen on like Instagram or Twitter or whatever, and it's the, the Yeti or the, you know, the, the babies talking and, and all that, right? So there's some really fun stuff that folks are doing, creators are creating, you know, doing, doing cool stuff with. I can absolutely see how a, you know, people are going to make TV shows and movies and things like that, that's really exciting. But from an, from a, from a cyber security perspective, as a, as an analyst or, you know, whatever your job is, you're a manager, you're a supervisor, you're in cybersecurity. Maybe you have AI tools, maybe you don't. I think there's ways that we can be using AI. Probably most people in technology are dabbling in it in some way, but AI is moving so fast. Things that I tried, you know, six months ago in AI and got really crappy results. Look at logos. Look at like heck. Now you can do video with audio and all the stuff too, but AI is moving so fast that you can constantly be looking. There's, there's all sorts of ways to utilize AI without breaking BLP rules, without breaking corporate policies, without copying, you know, proprietary information, things like that. So what are those things like obviously you can help create drafts of, of reports. Obviously you wouldn't want to put customer data in those things. You would want just high level type things. You can work through scenarios.
I know we're working with a company, threatgen that does AI focused auto tabletops.
I've talked about that here. Right. But those again are very specific tool sets that you're using. But what are some of the bigger ways CISOs and leaders, business owners are looking at this and they're terrified, they're scared because of a couple of things. Right. They're scared because they don't know what's coming and they don't want their employees looking to use tools and doing them unsafely. Right. Uncontrolled, unsanctioned use. There are many organizations just block, you know, just flat out block all of these sites which you know may be the right policy for you. But if that is not the case and you're allowed to use that in the, in on your corporate environments, you know, there are some ways that you can do it. Now obviously you need to be really intentional. You should highly recommend that you run this buy up the food chain, that type of thing. But you know, as long as you're not copying proprietary information, you're not connecting your corporate email, you know, you're not copying and pasting things that don't need to be in there. There's a lot of high level things that you can do that can help you creating presentations. Obviously again you're not going to put proprietary information in there because anything, I've said it a thousand times, but anything you're going to put into ChatGPT or any of these public AI models, I wouldn't put anything into those models that I'm not willing to post on Facebook because you can just assume that that data is available.
So obviously you gotta be really careful with that. But I also still believe that there are a lot of great use cases for using AI and just the generic AI models that are out there. Obviously if you' more advanced and more technically capable, you can spin up a vm, you can have, you know, Ollama running in your, on your own personal environment and then that data is not going anywhere. So I'm not talking about that because obviously you can take that a lot further. But even with that you're still taking data off of the corporate environment and putting it in your environment. So still there's, there's, you know, DLP data data policies that, that go into that. But let's look at this at a, at A high level. You could be looking at threat intel, things that are obvious, already available on the Internet and you could be taking vulnerability data that comes out news reports, things saying, hey, what this new vulnerability on this, on this asset or this, this Microsoft update, et cetera. You can be digesting all of this data. You can automate reports and summaries, alert triage. Again, publicly information, publicly available information. This stuff is already out there. It's coming across your LinkedIn, your news feed. You can clean that stuff up. You can set up agents to be searching for certain things. Google Alerts is a great example. It's not AI. Well, it wasn't, but it was something you could set up keyword alerts and anytime a new alert came up, it would send you a notification. Well, you can set up automation to do, hey, if you see this come in, then take care of this. Right? You can draft policies, you can draft job descriptions, you can help draft emails. Again, none of these things are proprietary. If I'm going to send an email to, you know, my boss and I'm struggling with exactly the right way to say it, you can tell chat GPT that and say, hey, this is what I'm trying to communicate. This is the, the thing I'm trying to get across. And again, none of the information, I would not tell it anything that again, I'm not willing to put on Facebook. So, you know, no, put any proprietary information from the company, any, you know, financial information, anything like that, but you can help it with wording, help with making it sound better, come across better. These are all things that will help to, to help you with communication. I see ChatGPT is just like anything. It's like your cell phone. It's like, you know, back in the day having a, a calculator and math. You still have to understand how to do it, but that can help. It's spell check on a, on a word processor. It's, it's, you know, the grammar, Grammarly, you know, all of these have been tools that we've added on and, and we've, we've used them to subsidize and make us faster and more efficient in the jobs that we're doing. Right. So I really see AI and in these spaces, even as a cybersecurity professional, being in, integrated and integral into how you do your job on a daily basis. You can build playbooks, you can build tabletop scenarios. Okay, you don't want to put proprietary information. I keep saying that, but I want to hammer that home in that you don't want to put that stuff in there, but you could still build Playbooks. Build me a generic playbook for a, you know, pharmaceutical company that has five manufacturing facilities and has one outage a year and is doing vulnerability updates and blah, blah, blah. Like you can walk through the scenario and it'll help you build it can have recommendations for different types of legacy data. You can have, you can build custom GPTs for your specific use cases, even creating, you know, in document management processes. There's, there's just really the sky is the limit on, on what you can use. Look at your workflow, look at a daily basis on the things that you're doing. Are there things that you're repeating on a daily basis? The repetitive things, the monotonous things, the things that take a lot of time to do and to go through and be trained or outsourced to a third party. I look, I look at LLM or AI as Could I train an intern to do it? If I could train an intern to do it, could I train an AI to do it? Obviously we'll want to use local private LLMs for sensitive data, but you could integrate AI into SOAR platforms. You could start building things internally. That's the other piece of this is you're not going to want to put things in chat GPT, but have you had a conversation? What is your company's policy on. Do you have an internal, you know, LLM, can you do it on site? Can you do it on a, on a company server? Can you start building out AI integrations? You know, N8N is a great free tool that you can do and download and run in a local container. You can run that in a container and all. N8N does the letter N, the number 8, the letter N it runs. It's basically zapier for a free integration and it's really designed for this automation so you can have it tie into with API calls, it can do web hooks, it can do all, you know, it can log into email and all this stuff. Again, be careful with that. In a corporate environment, you could do a lot of things with this. You can build a lot of automations. When somebody drops a file into this folder, I want it to read it, I want it to dump it to a local model, I want it to summarize it and I want to send me an email or I want to drop out a report from that in this other folder, right? There's all sorts of little tools and capabilities that you can start building and looking at both as a team, whether You're a SOC analyst. Whether you're an OT guy or gal, whatever your job description is, start looking around and thinking outside of the box. Go through the right approvals, don't do anything that's, that's risky or dangerous to your, to your, you know, organization. But start thinking about, AI is coming, y' all. It is coming. It's not going away.
More and more is going to be done with this. So start thinking now. How can I do this safely? How can I do this without risking my environment, without risking my job? And think about what is those, what is the value that I can bring to my organization by automating. We've been doing automation forever. I've spent multiple projects where we were automating things by doing scripts, building scripts, these long, you know, crazy scripts that we would go out to go grab data off of Windows machines and summarize the data and consolidate data across, you know, these fifty or a thousand devices into a single report. Just using scripts, all of these tools now, it makes it so much easier. You don't have to be a, you know, excellent JSON scripter. You don't have to be great with PowerShell. AI can help you create the scripts. That's the other piece to this. I can create a script in my chat GPTs, in my CLAUDE and a lot of these platforms, and then I can scrub it, make sure that it's clean, make sure it's okay. So again, there's no proprietary information in there. I'm saying, hey, I need to connect to a Windows machine. Windows machines are everywhere. I need to connect to a Cisco switch on SSH using this port. I need to connect. You're not going to give it credentials, you're not going to give it the names of your IP or IP addresses of your devices, but you can say, hey, I want to create a script that can connect to Windows machines, grab all the Windows information, pulls out the installed applications, pulls out the, you know, whatever the types of devices and information that you're looking for goes through the logs and looks for these keywords, whatever the thing may be. You could start telling this stuff to ChatGPT, to Claude, to all these, these chat agents, and start helping you build these scripts, helping you build these customizations, these automations, and really uplevel the work that you're doing. I see this hugely beneficial at smaller organizations. Think about the wastewater places, right? The places that have low, limited budget, limited resources. How can you empower your staff to do more with less? I can't necessarily go buy that New product. I don't really have the skill set to do it in house. My team doesn't. I can't afford to send them to training. How can I do this in a safe way that enables them to do more with what they have, the tools they have, with the skill sets that they have and be able to use these tools to lean on and up level exactly what you're doing. How to stake a client. I know I continue to go by on this, but what data are you sharing? Is it classified as a private or is it public? You know, build a list, here's what's safe to automate. Be really intentional about. Talk with your team about it, talk with your leadership about it. Hey, this is what I want to do. This is the type of data that we would be putting in there. Making sure to put no, you know, company, you know data in there. Use company approved tools with AI integrations. If you have Microsoft tenant, you have copilot and that is in your space. So there's another example of a way that you can do it Again though, you need to consider and talk with your companies, policies, your leadership, etc. Make sure that you're following the path that is approved for your organization.
You know, document your usage. Really document it, right? That's really the cya. When somebody says how did you create this? Where did it go? What, what data did you copy and paste there? Right? So really keep those logs so that you understand and you can show the evidence, the receipts of the things that you did, how you did it and you know, the information where you put it, all that type of stuff, right. There's all sorts of tools. The other piece to this, on the flip side of this is almost every tool now because they all have AI. You've got to be really intentional about which tools you use. Notion has AI, you know, Microsoft Copilot, Google now has AI. Like all of these things have AI integrated and if it's not turned off, so you may have been using something on your own, Gmail, any number of things that has that AI integrated and you need to make sure that you are not putting things in places that doesn't need to be. I don't think AI is going to replace you.
I don't think that it's there yet, but it's going to replace people who waste time and aren't doing it. Organizations that don't adopt AI and figure out how to use it to, to fast track and, and to improve is going to get left behind. Cybersecurity is evolving don't get left behind.
It's. You are at a place in time where having cybersecurity is great and having that skill set is great. But you're going to have to also use AI. You're going to have to integrate that into processes. I don't care if you're accounting, I don' if you're in, you know, the business finance group. I don't care if you're engineering, you. We are all going to be utilizing AI because it's going to help us work faster, more efficiently and better. If I assign an analyst to look through logs and manually hunt for a certain word, he's not going to be. He or she is not going to be as good as me training a computer to look for that same word. It's just impossible. So there's. We know that AI is going to be able to help us and make us go faster. It's just about where can you do it as an individual contributor in my own space and do it in a way that A is not going to get you in trouble and B, it helps your organization, helps you, helps you be more efficient. We're not trying to avoid work, we're trying to do it faster and do it better so you can focus on the things that matter. A lot of the times we're focused on and we end up having to spend time doing things that take a lot of time. They're monotonous. Think about a, an expense report. I hate doing expense reports. I despise them. But imagine if I had an environment where I took my expense report or I took all my expenses, I scanned all those receipts and I made a summary of them into report and then even if I have to then manually enter that into my expense system, at least I can keep track of So I don't keep, I don't forget about things. Right. I'm very bad about keeping my receipts. I scan all of them. Now I use. But those are my, that's my data. It's not a company, you know, information issue. That's all on my phone. I take pictures of receipts, all that kind of stuff. But I still sometimes struggle to keep, keep track of. Oh, I forgot to re. You know, do this receipt. You can set up systems to help you remind remember to do certain things like that. So anyways, all this to say guys, definitely think about how can you use. I'd love to hear some feedback from you guys on what are you using AI for Outside the box thinking. Are you using public systems like ChatGPT, Claude Grok, et cetera. Are you using local LLMs? What are you using for? What are the use cases? Did you get approval? Have you been in trouble? Where have you struggled? Where are you? Where are you wanting to do? Are you working to build out any AI automation type stuff? So love to hear more about it. Definitely Post Comment Let us know Share Ideas Guys this is how we grow and how we get better and faster.
[00:15:21] Speaker B: Thanks for joining us on Protect it all where we explore the crossroads of IT and OT cybersecurity.
Remember to subscribe wherever you get your podcasts to stay ahead in this ever evolving field.
Until next time.