WOW, it’s good to be back in National Harbor for this year’s Gartner Security & Risk Management Summit! I’m here with my Lead Security Engineer, Michael Gates, and there is one key theme we’ve noticed just in this first day of content: artificial intelligence isn’t just trending, it’s dominating.
Nearly every session today focused on AI in some form. But despite the hype, the message is clear: AI is not here to replace your team, it’s here to make your team stronger.
Let’s go over what stood out to us from Day 1.
Takeaway 1: AI Isn’t Replacing Analysts. It’s Empowering Them.
We heard it in multiple sessions: AI should be viewed as a force multiplier, not a replacement. CrowdStrike’s keynote reminded us that attackers can move laterally through an environment in just 51 seconds. Compare that to the traditional response rhythm of 1 minute to detect, 10 minutes to investigate, and 60 minutes to contain. AI helps close that speed gap, but it does not remove the need for human oversight and expertise.
Adversaries can move laterally in as little as 51 seconds, but many organizations still operate on a 1-10-60 detection and response cycle
In their SOC, CrowdStrike uses an AI-powered triage system called “Charlotte” to process every alert before it reaches a human. It’s reached 98 percent alignment with human validation. That’s impressive, but it also reinforces the need for validation, not blind trust.
Takeaway 2: Train Your Analysts on AI Behavior.
AI doesn’t think like we do, and it doesn’t act like we do either. That means your SOC team needs to be trained not just on how to use AI tools, but on how to monitor and respond to AI behavior. One session emphasized the need for tabletop exercises and structured protocols. AI agents must be tuned with internal data, like your own phishing training scenarios and incident response workflows, to be truly useful, and safe.
Takeaway 3: Don’t Fall for the Hype (But Don’t Ignore It Either).
Today’s Gartner keynote challenged attendees to rethink how we evaluate new technology. It’s easy to chase the shiny object, especially when the industry is buzzing with AI use cases and big funding numbers. But responsible organizations are using Outcome-Driven Metrics (ODMs) and Protection Level Agreements (PLAs) to justify investment and guide implementation.
“Hype, if we’re not careful, can derail both the organization’s and cybersecurity’s ability to collaborate on common goals.”
That means shifting away from fear-based budgeting and toward clear metrics that demonstrate how a dollar spent reduces risk. Example: a $1 million investment that improves critical system recovery from 20 percent to 70 percent. That’s how you align cybersecurity spend with business impact.
Takeaway 4: Burnout Is a Breach Vector.
One of the more sobering data points from today: 83% of security professionals say burnout has contributed to errors that led to breaches. That’s a wake-up call. AI can help here, but only if it’s used intentionally, to reduce the noise, eliminate repetitive tasks, and give your analysts space to focus on what really matters.
83% of IT security professionals say burnout contributed to errors that caused breaches.
Automate what’s boring. Govern what’s critical. And above all, stay human-first in your design.
Takeaway 5: GenAI Is Supercharging Attackers Too.
Peter Firstbrook’s session on the GenAI threat landscape confirmed what many of us have feared, attackers are using AI to boost their productivity just like we are. Underground large language models like Xanthrox are being used to build malware, automate phishing at scale, and bypass basic security measures. Detection is tough. In some academic tests, even advanced tools could only identify AI-generated content 50 percent of the time.
“What attackers are doing is the same thing we are doing, using GenAI to accelerate their productivity.” — Peter Firstbrook
We also saw how attackers are blending GenAI with deepfakes, layering voice, video, and email to impersonate executives and escalate fraud. According to Gartner, nearly 30 percent of organizations have already encountered deepfake audio attacks.
Takeaway 6: Exposure Management Needs a Business Lens.
The talk on exposure management brought us back to basics: security doesn’t matter unless you can communicate it in a way the business understands. That means translating alerts into impact, and using simple scorecards to show what’s red, yellow, and green. One of the more powerful quotes from the day: “You’re never going to patch everything. The goal isn’t perfect coverage. The goal is effective risk reduction.”
The lesson? Use your data to tell a story that connects security posture to operational outcomes.
Takeaway 7: GenAI in the SOC — The Good, the Bad, and the Ugly.
One of our favorite sessions of the day was a practical dive into how SOCs are integrating GenAI. The good: it improves knowledge retrieval, code generation, and summary writing. The bad: it can reinforce bad habits, erode skills, and create dangerous overconfidence. The ugly: it’s often unauditable, and many vendors can’t answer basic questions about what their tools actually do.
If you’re going to bring AI into the SOC, you need strong governance, validation protocols, and clear fallback plans. And you need to make sure your team is ready to manage AI, not just consume it.
That’s a wrap on Day 1. We’re digging through some excellent vendor content, sessions, and conversations. From quantum threats to AI-powered social engineering, there’s a lot to digest. But one thing is already clear: we’re not just witnessing a shift in cybersecurity, we’re in the middle of it.
Stay tuned for Day 2.
Dan Marschall | Director of IT Operations
Michael Gates | Lead Security Engineer
