why a soc analyst is learning AI (and why you should too)#
so i was thinking about something.
i spend most of my day staring at alerts. triaging. correlating. escalating. repeat. and somewhere between the 40th investigation and the third cup of chai, i realised — the tools i use every day are powered by technology i barely understand.
anomaly detection. behavioural analysis. threat scoring. all AI under the hood.
and i’m the analyst on top of it, making decisions, without knowing what’s happening underneath.
that bothered me. so i started learning. this series is me thinking out loud.
why should you care?#
your tools are already AI. your SIEM flags anomalies. your EDR classifies behaviour. understanding it makes you better — you stop blindly trusting the tool and start knowing when to question it.
attackers are already using it. AI-generated phishing. deepfake social engineering. LLM-assisted malware. if you don’t understand how these work, defending against them is guesswork.
rare skills pay more. period. a SOC analyst who understands AI is not common. the ones who do — hired differently, paid differently. that’s just how rare skills work.
12 posts. one concept at a time. no PhD required.#
some will feel familiar — your SOC experience gives you a head start. some will be genuinely new territory. we figure those out together.
short posts. no scroll fatigue. you read, you learn something, you move on.
see you in post 1.
curious — what made you click? the tools, the career, or just tired of nodding when vendors say “powered by AI”?
took ai help to clean up typos. my brain works faster than my fingers. xd
next up: AI Series #1 — “AI, ML, deep learning — same thing? not quite” back to series index