Three questions the exam didn’t cover. AI just made them mandatory. Expert Insights from ToxSec: AI Security Engineer at Amazon, ex-NSA, USMC, M.S. Cybersecurity, and CISSP.
Loved this line: "You don’t need to become an AI expert. You just need to know which of your assumptions stopped being true. That’s the work now." I think this applies across the board to every sector.
That’s something we see in cybersecurity all the time! Many people ignore the topic completely because they feel it’s too complicated.
Yes, some concepts are very complex, but you don’t need to understand everything in detail. Often, you just need to learn the basics and understand how they influence your decisions.
I think you guys need to team up again - this is sounding like a part two!! And, it's also so very applicable to how we should all be working with AI no matter the industry or role - don't make assumptions, know enough, keep learning, be proactive, know how to identify and manage risks, know when to escalate and who to direct it to...
Thanks both for this excellent article. I learned a lot in reading this. I think for me the key takeaway is that process beats detection. Ultimately we need to really be thinking about working with our employers and our employees to make sure that people are asking the right questions rather than trying to spot patterns, which themselves are becoming very difficult to tell apart.
I think that's a pretty great way of looking at it. Process beats detection. And right now, we are struggling to keep up. But you're right; investing in our employees is the way through this right now.
Thank you for your comment, Sam. I think that’s a great takeaway from this article! And you’re absolutely right, investing in employee education is the first line of defense.
Loved this line: "You don’t need to become an AI expert. You just need to know which of your assumptions stopped being true. That’s the work now." I think this applies across the board to every sector.
A great read, team!
🙏 Thank you so much Dallas!
That’s something we see in cybersecurity all the time! Many people ignore the topic completely because they feel it’s too complicated.
Yes, some concepts are very complex, but you don’t need to understand everything in detail. Often, you just need to learn the basics and understand how they influence your decisions.
Absolutely. And depending on your team structure, we're often not the person who even knows the most.
We just need to know enough to find out that the product is vulnerable and get it to the right people for remediation.
I can only agree here. It isn’t about being the most experienced expert in every room.
Even the CISSP exam doesn’t test you on technical details in every domain. You need to understand the concepts that allow you to manage risks.
And there are certainly people who know far more than I do in each domain.
it’s actually pretty incredible the breadth the cissp covers. but then again that’s why it’s the gold standard.
I think you guys need to team up again - this is sounding like a part two!! And, it's also so very applicable to how we should all be working with AI no matter the industry or role - don't make assumptions, know enough, keep learning, be proactive, know how to identify and manage risks, know when to escalate and who to direct it to...
I’m already working on my guest post, so we’ll be teaming up at least one more time, hopefully more!
Very true! I can only agree!
very true on all accounts!
Thanks both for this excellent article. I learned a lot in reading this. I think for me the key takeaway is that process beats detection. Ultimately we need to really be thinking about working with our employers and our employees to make sure that people are asking the right questions rather than trying to spot patterns, which themselves are becoming very difficult to tell apart.
I think that's a pretty great way of looking at it. Process beats detection. And right now, we are struggling to keep up. But you're right; investing in our employees is the way through this right now.
Exactly. And what’s the downside? A more informed and AI literate workforce. Seems like a win-win to me.
and win-wins are pretty rare in the security space!
No doubt about that!
Thank you for your comment, Sam. I think that’s a great takeaway from this article! And you’re absolutely right, investing in employee education is the first line of defense.
Thanks, Larry!