caz

571 posts

caz

@cazcik

product security

florida, usa Katılım Nisan 2021

98 Takip Edilen132 Takipçiler

caz@cazcik·12 Nis

@bettersafetynet yeah it’s really hard to articulate my thoughts with this format honestly but a lot of the traditional ways we do things really don’t make sense if we move towards agentic first workloads and cost is very relative but it probably still works out even before optimizations

English

Mick Douglas 🇺🇦🌻@bettersafetynet·12 Nis

@cazcik More than fair. They're neat tools, I could see where they'd help some hunting workflows (but not all). I'm just saying not to put LLM in your detection pipeline. It's hella expensive and not even that great.

English

112

Mick Douglas 🇺🇦🌻@bettersafetynet·12 Nis

I am begging you once again. Please do not hook LLM up to your detection pipelines. If you *must* use an LLM in your SOC, here's awesome use cases for them. - help write KB articles - summarize threat reports - help write ticket templates

English

228

27.3K

caz@cazcik·12 Nis

@bettersafetynet yeah i see what you’re saying. without getting into specifics i think we would agree it just depends where although i do feel ai is capable of high fidelity detection via research based threat hunting (if you’re willing to do the work—it’s not a plug it in and forget it thing)

English

106

Mick Douglas 🇺🇦🌻@bettersafetynet·12 Nis

@cazcik I'm not saying you shouldn't use AI. I think AIs are pretty dang neat. I'm saying LLM are poor tools to put inside your detection pipeline.

English

670

caz@cazcik·12 Nis

listen my distaste for soar/workflow automation tools like n8n has made me super bias but if the goal is tech debt, the actually fastest way to do it is by having claude build a framework for you using standard event driven tools

English

caz@cazcik·12 Nis

i’m having a hard time trusting people here taking the easy dunk on @claudeai you can’t deny the ux normally i wouldn’t think twice but everyone hating on anthropic is also building an agentic coding harness??? don’t punch down; but if you come for the king you best not miss

caz@cazcik

claude code is powerful, codex is functional

English

caz@cazcik·12 Nis

claude code is powerful, codex is functional

English

caz@cazcik·9 Nis

gonna have opus read the mythos papers and ask it to close the gap brb

English

caz@cazcik·7 Nis

@BVeiseh managed soc is cooked

English

Brandon Veiseh@BVeiseh·7 Nis

Our goal is to build agents that conduct most of your security operations, so you dont have to pay all the legacy providers for data just to then have to pay humans to review it all.

English

caz@cazcik·6 Nis

to me this really just says: everyone has an opinion, but few are operators given how much snyk was recommended

English

caz@cazcik·6 Nis

absolutely crazy semgrep didn’t make this list (or opengrep)

Gergely Orosz@GergelyOrosz

From the replies (thank you!). A lot more options, these mentioned so far: - Synk - Datadog - Aikido - GitHub Advanced Security - GitLab - DependencyTrack - Mend - Safe Depo - Cloudsmith - Google OSV

English

164

caz@cazcik·6 Nis

nobody asked but my current setup is claude at work and codex at home i’m learning a lot about their individual strengths claude really gets enterprise and has great ux; codex is really fast, flexible and smart

English

caz@cazcik·5 Nis

security products could greatly improve their trust just by being open source orgs will happily pay for a hosted/maintained version so you have nothing to loose unless your scared Palo Alto is gonna cram it into EnshitX (or XSHIT) in 3 years build a better product, it’ll work

RajΞΞv@0xRajeev

Cybersecurity has always had a long-standing problem with “snake oil”: products hyped with exaggerated, misleading or outright false claims that promise near-magical protection but deliver little real value. Measuring security objectively is a grand challenge. Is AI-powered security the latest snake oil?

English

caz@cazcik·5 Nis

@0xRajeev not if it’s open source

English

RajΞΞv@0xRajeev·4 Nis

English

4.1K

caz@cazcik·4 Nis

i immediately rule out any ai company that’s just building something with ai take a risk ffs, do something different, throw away the rule book i want to experience something that makes me question everything i know you can do it; you have too

English

caz@cazcik·3 Nis

@ZackKorman unlikely without a BAA.. but hmu anyways and i’ll see?

English

Zack Korman@ZackKorman·2 Nis

Anyone here responsible for security at a company that uses Claude Code? I need someone to test some of what I'm building at embroidery

English

12.7K

caz@cazcik·2 Nis

@agent_duckman @IceSolst if i had to guess, the average price per automation at most companies is probably $10,000/year for 3 years soar is a roi psyop

English

323

AD 🅅@agent_duckman·2 Nis

one time i terminated the contract for a SOAR the company had purchased (and renewed) 2+ years ago that no one had ever built a single integration with.

solst/ICE of Astarte@IceSolst

When joining a new security team, the highest ROI action you can take is terminate Snyk as a vendor

English

10.5K

caz@cazcik·31 Mar

@cyb3rjerry @ZackKorman i demand name drop lol

English

Tony/Humpty@cyb3rjerry·31 Mar

@cazcik @ZackKorman Wdym I went to sleep lmao

English

Tony/Humpty@cyb3rjerry·31 Mar

Seeing all security vendors pop onto every tweet about Axios kinda funny to watch unfold

English

caz@cazcik·31 Mar

@ZackKorman @cyb3rjerry i think this tweet ended rather abruptly

English

Zack Korman@ZackKorman·31 Mar

@cyb3rjerry There is one vendor in particular doing this 10x more than others

English

801

caz@cazcik·31 Mar

personally i only use eol software that’s 10 years old, never had a single supply chain issue

Gergely Orosz@GergelyOrosz

Supply chain attacks are becoming more frequent, and far more serious. What are sensible practices to protect against these when using Node or Python packages? I assume pinning versions is the bare minimum; for those with security teams / tools: why else do you do / can you do?

English

caz@cazcik·29 Mar

this stems from a much deeper problem the entire market exists in medium to large enterprise, normal people don’t care to understand or ask questions, “public” security companies are more like PE than tech, inflate every number or metric for prime M&A rights, schmooze CISO’s for ~11.5% of IT/SEC budget, growth and name recognition over all else, sell for $200M-$20B there are exceptions sure; but this is the world now—thanks zscaler, palo, crowdstrike, wiz, google, microsoft, cisco, etc. admittedly i’m on the outside but vc’s are definitely ahead of this and know the playbook better than anyone else so they’re just going keep getting away with it while they raise new funds over and over again and don’t get me started on the “but ______’s a good friend” “so what i’m an advisor with a couple basis points” “i’d use that shit extension if i paid for it” “it’s just a CISO summit in the mountains” “they sent me a hoodie”

solst/ICE of Astarte@IceSolst

infosec has a sales problem: bias, lies, lack of nuance, manipulation, extortion, spam, harassment, kicking you out for handing out anti-drink-spiking covers…

English

Keşfet

@bettersafetynet @claudeai @BVeiseh @0xRajeev @ZackKorman @elonmusk @BarackObama @taylorswift13