In this edition of Senior Tech Talk, we sat down with Yakub Desai, Head of Engineering at CloudGuard AI, for an insightful conversation on the evolving role of automation in cybersecurity. Yakub shared his thoughts on balancing complexity and simplicity in tech, the importance of the human element in automation, and how technology can drive positive change.
Automation in Cybersecurity
Automation is transforming cybersecurity, but it’s also a buzzword. From your perspective, what are the most meaningful ways automation is used to simplify and optimise processes in XDR (Extended Detection and Response)?
In my experience, the best place to start with automation in cybersecurity is by looking at the patterns in your processes. Especially what your SOC analysts are doing day in, day out.
Take incident investigations, for example. When an incident comes in, analysts typically focus on Indicators of Compromise (IOCs) like IP addresses, email addresses, or URLs. These are key pieces of information that can be checked against threat databases to build a profile of the potential threat.
Now, this process is pretty standard. An analyst grabs the IOC, searches platforms like AbuseIPDB, VirusTotal, or Recorded Future, pulls the results, and pastes them into their investigation notes. But it takes time, time that adds up when incidents keep coming.
If you automate these steps, you can have the system enrich the IOCs for you, summarise the results, and pop them straight into the incident record. Just doing this saves analysts a huge amount of time and stress.
Let’s say a medium or low-severity incident comes in, but the enriched IOC data flags something high-risk, maybe it’s a malicious IP or a suspicious URL. You can have the system automatically bump that incident to high severity, making sure it gets the attention it needs sooner rather than later.
Start with those repetitive, high-impact tasks that have clear outputs.
Automate those first and watch the difference it makes to your workflow. Once you’ve got that nailed, you can start getting creative. Work smarter, not harder and take the pressure off your SOC team.
Balancing Complexity and Simplicity
You mention striving to simplify and optimise processes. With the complexity of modern IT environments, how do you balance introducing innovative solutions while keeping systems manageable for teams on the ground?
Automation should be viewed as a tool to improve existing processes, not to complicate them.
Your focus should be on making things more efficient and manageable. Rather than having users manually trigger automation, think about how you can use data to automatically trigger actions, saving time and reducing friction in workflows.
Innovation doesn’t always need complex solutions, you can use existing technologies in new ways to simplify things. What I’ve done is automate tasks that seem small. For example, a task that takes five minutes manually, can deliver substantial savings over time. Even if it takes longer to set up initially, the return on investment is clear when that task is automated every time it’s performed.
If you invest time in automating processes upfront, you can achieve greater overall efficiency, freeing up valuable resources for more critical tasks in the long run.
The Human Element in Automation
Automation often raises questions about the role of human decision-making. How do you see the balance between automated processes and human intervention in areas like threat detection and response?
Automation has become an invaluable tool in threat detection and response, particularly when it comes to hunting threats at scale.
Say you have 100 incidents in a day, each with multiple IOCs, maybe 200 IOCs in total. Automating the process of presenting enriched IOCs to analysts saves enormous amounts of time.
Instead of an analyst manually going through each IOC, automation can enrich this data and present it to the human analyst ready for action. This makes it easier and faster for analysts to go through incidents and respond appropriately.
You can let automation handle the initial stages, gathering and enriching IOCs, but human intervention is still important. Some incidents may be fully automated end-to-end, but others only automate the investigation process, leaving the final decision to a human analyst.
Even for these fully automated processes, we've built in safeguards to ensure that if there's any uncertainty, the incident is passed on for human review. This ensures critical thinking is applied where it matters most.
At CloudGuard, we treat our automation like a human analyst, training it with the same level of feedback and continual improvement. This ensures that both the scale of threat hunting and the quality of responses are improved. There's a common misconception that automation will replace humans, but in reality, when we approach it this way, it amplifies human capabilities rather than replacing them.
Tech for the Greater Good
Your mission to use technology for the greater good is inspiring. Can you share an example of a project or initiative where your work made a tangible societal impact, such as in healthcare or cybersecurity?
For me, using technology for the greater good isn’t necessarily about delivering an entire project end-to-end with a grand societal impact. I look at it as improving existing processes to make them more efficient. If you can spot inefficiencies and apply automation or technology to make everyday tasks easier, faster and more effective, that’s when you’re really making a difference.
One example that stands out is from my time working in healthcare. During a visit to a healthcare site, I had the opportunity to shadow the site manager and walk through a typical patient journey. As I observed the process, I noticed areas where small adjustments could save valuable time. I was able to streamline certain steps between areas of a patients journey on a visit, and this meant we could reduce patient wait times by 5-10 minutes.
Though 5-10 minutes may seem insignificant, these small time savings can have a big impact. Reducing waiting time in such a high-pressure environment like healthcare means less anxiety for patients, especially for those undergoing stressful procedures like CT and MRI scans. It also means more patients can be seen in the same amount of time, which improves the site’s overall capacity and efficiency.
This experience taught me that technology doesn’t always need to be used in complex, end-to-end solutions. Sometimes, making minor tweaks, automating repetitive tasks, or using existing technologies in new ways can make all the difference. Little improvements can create a significant, tangible impact on people’s lives, helping them get things done with less stress.
Ultimately, my approach to using technology for the greater good is focused on solving real-world problems, even in small but meaningful ways.
The Future of Cybersecurity Leadership
As an XDR Automation Leader, what do you think are the key skills or mindsets that future cybersecurity leaders need to cultivate to stay ahead in such a rapidly evolving field?
Alignment, innovation, and learning new technologies I believe are key to success when it comes to leadership.
At CloudGuard, alignment across teams, sales, engineering, customer support, ensures we’re all working toward the same goal: delivering ‘Security Done Different’.
Using automation, we make processes scalable and efficient, this lets us to focus on providing value to customers. Innovation thrives when ideas evolve through collaboration. Sharing concepts with different teams helps refine solutions that benefit everyone, from engineering to customer support.
Staying ahead in cyber means embracing new technologies. I work with various automation tools, each solving problems in unique ways. This also means I’m not bound to one type of technology and don’t get stuck in a “we’ve always done it this way” kind of mindset. If you can learn to not restrict yourself from the start, you’ll find building solutions much easier.
I'm also passionate about learning as much as I can about emerging technologies like AI and quantum computing. This industry evolves so quickly that it’s tough to keep up, but putting in the effort is important, without it, innovation becomes much harder. Learning about these new topics can inspire your work in ways you might not even realise.
This mindset ensures we stay competitive and adaptable, always ready for the next challenge.
Thank you Yakub!
To find out more about GloudGuard AI, click here.
