I get asked a lot lately what I think people who want to get into cyber security should focus on. My go to answer is incident response, since it seems like the mountains of vibe code and half-assed zero trust architectures is creating galactic scale potential breach energy. Would that be called vibe responders? Or is that for when we figure out how to hand over IR to AI as well?
Discussion
Loading...
Post
@jerry Vibe reponse is the only way to handle the volume of alerts from all the things.
Shared a thousand files with a yahoo address? Looks fine. I have a cookie tin to investigate with higher priority.
To "get into cyber security", especially in the context you mentioned, would also include lucrative, but illegal work… wouldn't it…?
It 'feels' like we created systems that are easily made insecure on accident.
If you leave a lot of bombs laying around that are hair triggered, at some point it's the system architecture that's the problem and not the users.
I mostly avoid certain domains because of this. I don't host services online because I don't know enough about them to keep them secure, though one day I will tackle that, and I have in the past, but I have just found it easier to avoid it for now.
@jerry my go to answer would be to learn shell scripting, networking and Linux terminal commands. People want to jump ahead too fast.
@x41h The issue is that people are having a hard time finding entry level jobs now and so wanting to know what sorts of jobs are still in demand. Broadly speaking, I agree with you - I think the best security workers have an IT background, but even those roles are hard to get these days.
@jerry ah true. In this case finding an IT job can lead to entry level infosec positions. I support security solutions e.g., vulnerability scanning & EDR. I speak to companies of various sizes. Less sophisticated tools don't require MDR. In-house teams manage these security tools and handle incident response... sometimes better or worse than others.
MSSPs have high churn due to burnout. Places like Arctic Wolf, RQ, etc. provide on the job training for security analysts. Although these roles offer great experience it might turn one into an alcoholic. I notice these positions hiring more frequently. They prefer least experience because the pay doesn't scale well.
So my advice is to search smaller companies with open IT positions because eventually the role will require focus on security. Get with their security folks to learn about org security posture. Ask questions and show interest. If they don't have visibility into their security posture then perfect timing to push budget goals and take lead.
In my time in a SOC I never saw AI being utilized. Though it was claimed. Threat detection engineers leveraged machine learning. Security analysts still used XDR to pivot during investigations.
I think it's still a great time to get in before the market relies on AI in full capacity. I personally have not seen AI taking over blue team roles.
@jerry Word of 2025: Vibe responders. That "Feels" like the way to go. Let's do that!
@briankrebs @jerry I know so many cybersec people that are 100% sold on "vibe coding" and everything associated with it and can't stop talking about it. Makes me kind of nauseous.
I think it's time to start making furniture or something.....
@jerry DFIR is one of those fields where to be good you need the experience and scars of having investigated human activity in lots of different scenarios/environments. AI by its very nature can’t do this, and I’m tired of folks trying to personify these code-boxes. Like has been said in this thread, AI is a great tool. We’ve seen good success at our firm with helping get some broad strokes with large datasets, and with summarizing what a human has already called “bad”. But you’ll have to convince me that it’ll be able to do things like see Entra Session hijacking, understand it needs to investigate, and eventually find an ESXi in-memory implant that can pull cookies from VMs and proxy the replayed sessions through the hypervisor itself. That’s what human adversaries are doing (probably augmented with AI).
@jerry I am glad and congratulate myself for having stopped sticking my nose into cybersecurity and going back to programming in Linux, just for the art. The bugbounty scene, in particular, has been filled with Mac kids playing with AI.
@crp I think if you ask any open source program, they'll tell you that they are absolutely swamped with AI generated vulnerability report nonsense. So you are probably onto something
@jerry Vibe Responders = Slop Cleaners.
Contrary to AI marketing, AI will not take IR jobs. Those who say it will do not know all the aspects of IR. AI will enhance IR but will not replace it.
I agree that IR is a great field to get into and can talk for hours about its finer points.
@Walker In my career, I have been involved in the response to well over 1000 incidents (it's a long story), so I completely agree with you on all points, but I am not sure the reality of the situation is actually going to change where we're headed
@jerry true, AI will change the field, but my one of my fallback responses to those who say AI will replace IR professionals and all aspects of cyber security is that for AI to control everything then AI needs to know about all systems within an environment.
Complete asset management is effectively impossible and massively expensive. There is always shadow IT BYOD, etc, most companies can not afford it. This creates blind spots that could be exploited. The risk of these blind spots could be mitigated but that is also expensive.
Then there is the AI arms race. As good as AI defense becomes the AI attackers will also get better.
Plus IR involves other intangible factors including legal, data privacy, communications, HR, client / vendor relationship management. Those intangibles still require human relationship interactions.
@jerry my answer would be architecture as that is least likely to be successfully killed by "ai". Also IR is just a slogging dread that makes you wish to die asap.
@jerry isn't it great how the industry is turning into needing people just to push a button? Soon they won't even need people to push a button and then we'll be living IN THE FUTURE
@jerry Security Copilot
Responding to the vibe is grooving.
@jerry *is* there a PG answer to what a vibe responder is?
@jerry The SOAR vendors are already trying to AI-ify IR. It's... not good.
@cR0w “first, we made a dumpster fire that makes your IT a dumpster fire. now we’ve made a dumpster fire that manages your dumpster fire caused by the dumpster fire “
@jerry @cR0w i'm 99% confident that what's happening is the entire global market is praying that if they start switching to AI now, it'll be ready and actually useful and better than humans before they actually complete the transition. it seems to be guided out of a fear of companies being left behind if they don't switch to AI and it does turn out to be as good as """Open"""AI wants everyone to believe it will be 6 months from now (for the past 5 years)
@cR0w hopefully it all can run on kubernetes at least.
@jerry It sure is convenient that the worst ones also provide their own "elite" IR services to clean up all the dumpster fires. But they're expensive because they use humans instead of dumpster igniting software.
Bonfire community
This is a bonfire demo instance for testing purposes
Automatic federation enabled