AI agents are often marketed as the natural evolution of large language models. The implication is that agents are smarter, more capable, and more useful than a standard chat interface. In reality, many so-called agents fail to add meaningful value and instead introduce friction, duplication, and confusion. To understand why this keeps happening, it helps… Read More »
As we enter the winter months and holiday season, when many of us will struggle to maintain or lose weight due to colder weather, a natural inclination to hibernate, and all those tempting holiday meals, I wanted to share my weight loss journey. This is not my typical post on AI, security, or career, but… Read More »
I have been making my way through a lot of long book series over the last few years, and once you fall into the right one, the books disappear faster than you expect. Joe Ledger is the one I am deep into right now, and that reminded me how many great multi-book runs I have… Read More »
Over the past several months I have written several articles about AI as part of my own learning journey. Each time I dig deeper, I find new ways to explain how these systems work in a way that makes sense to people who are curious but not technical. This article continues that effort by covering… Read More »
Artificial intelligence is often said to be grown, not built. The phrase, often attributed to thinkers in AI safety circles, captures the idea that modern AI systems are not engineered like traditional software. They are cultivated through data and experience, shaped by feedback, and refined through countless iterations until patterns begin to emerge. AI did… Read More »
If someone walked you through what they did to “create an AI,” you might be surprised, or even a little disappointed, by how simple it actually was to bring it to life. AI coding often sounds far more mysterious than it really is. When people hear “AI development,” they tend to imagine complex systems being… Read More »
Traditional SIEMs follow a predictable model: collect logs from many sources, ingest them into a central store, normalize them into a readable schema, index them, and then use queries, dashboards, and alerts to investigate and respond. This design exists because data is scattered, inconsistent, and hard to retrieve. Centralization solves those problems but introduces challenges… Read More »
During a recent Security Copilot demo, a customer asked an excellent question: “Can these agents run PowerShell?” The short answer is not directly. Security Copilot does not execute arbitrary PowerShell commands like a runbook or automation platform would. However, it appears technically feasible to accomplish similar outcomes by triggering automation through existing Microsoft services. It… Read More »
KQL is easy to learn, efficient, readable, and perfect for daily hunting and incident response. It powers queries across Microsoft Sentinel, Azure Monitor Logs, and the Advanced Hunting experience in Microsoft XDR. Every time you open the Logs blade or run a query in the portal, you are using KQL to explore the Analytics Tier.… Read More »
What It Really Looks Like to Study Artificial Intelligence Online A decade ago, most universities treated artificial intelligence as a single elective buried deep inside computer science. It was the kind of class you took after surviving data structures, algorithms, and a heavy dose of calculus. That began to change in 2018, when Carnegie Mellon… Read More »
Another Unforgettable Black Hat & DEF CON Week I landed in Las Vegas and checked into Circus Circus, a no-frills spot but close enough to DEF CON to make the walk easy. It felt like the right basecamp for a packed week. My 4th hacker summer camp! Tuesday was about arrivals, badges, and parties. I… Read More »
With so many Large Language Models (LLMs or GPTs) available today, how do you know which one to use? The truth is, there isn’t a single “best” model. Instead, the right choice depends on your specific needs and the tools you have at hand. General-Purpose LLMs Text-based LLMs like ChatGPT, Gemini, and Microsoft Copilot are… Read More »
Vibe Learning is a new approach to education that uses AI tools like ChatGPT and Copilot to create a fast, interactive, and engaging learning experience. By shifting from traditional study methods to conversational exploration, learners can accelerate understanding, focus on what matters, and build knowledge more efficiently.
I was explaining my career progression to a new mentee recently, someone new to IT, and it got me thinking about how, early in life, it can be unclear how someone might transition through multiple jobs or careers. For many, these transitions are driven by interest, necessity such as being laid off, or a drive… Read More »
Introduction Microsoft released Security Copilot worldwide on April 1, 2024. This service provides a natural language, generative AI assistant for Security Operation Center (SOC) analysts. Security Copilot is a generative AI-powered chat assistant add-on designed for various Microsoft Security tools. It enables security analysts to converse with an AI assistant, share conversations, and use generative… Read More »
A simplified approach to following the DOD (U.S. Department of Defense) Zero Trust roadmap using Microsoft security solutions. Introduction The DoD Zero Trust Portfolio Management Office (ZT PfMO) released the Department of Defense Zero Trust Strategy and Roadmap on Nov 22, 2022. It defined what the DOD needs to do to execute Zero Trust. A… Read More »
I’m still recovering from my third year at Black Hat and DefCon. The physical and emotional exhaustion, social overload, and post-event sniffles are all signs of a great conference. This year, I added an extra day for the first-ever Black Hat AI Summit. I was drawn to the topic, the networking opportunities, and my usual… Read More »
I returned from my second Hacker Summer Camp a few weeks back, Black Hat and DEF CON, and I’m excited to share my observations and notes. What is Hacker Summer Camp? DEF CON was started by Jeff Moss (known as Dark Tangent) at the age of 18 in 1993, with around 100 attendees, and it… Read More »
Are your Entra ID (AAD) logs getting too expensive in Sentinel? I have a theory on this. These logs appear to be created primarily for reporting purposes. Optimal sizing may not have been a primary consideration. In my experience these logs can grow rapidly and may become too expensive to retain in Sentinel. The two… Read More »
It is often necessary to setup alert or ticket integration between two monitoring solutions. For example, sending alerts from one system to an ITSM or SIEM. I will refer to the data being transferred as alerts here for simplicity. Where do you start? First determine your requirements: Look for out of the box and community… Read More »