Welcome to the Cyber Sizzler — the only cybersecurity newsletter that helps industry professionals get 2% better every day.

🌶️

AI and security are tied at the hip from here on out.

I'm not talking about securing AI, we need that too, but I'm talking about literally AI in security tools. There's just too much data to look at and analyze for AI to not be involved. And by AI I really mean a subset of AI, Machine Learning (ML).

ML's sole job is to look at enormous amounts of data and make predictions about what's going to happen next, which is why so many security tools use ML. And your vendor rep won't let you forget about it because it sounds so cool.

I chatted with a SOC analyst today and mentioned brushing up on their AI skills. That conversation led to today's primer on AI and how it's used in security. And if you're AI curious, there's enough free material to keep you busy for quite a long time.

There’s a bit more coverage, but AI’s role in security takes the lion’s share.

Hope you enjoy it.

🌶️

ON DECK FOR TODAY

• AI And Security Will Be Friends Forever

• JALA-MEME-ÑOS: 🌶️ 🤣

Heating Up

Spicy links of original reporting

news / Meta’s AI Model “Leaks” To The Public

Meta’s giant AI model “leaked” to the public late last week.

I’m using leaked sarcastically because the data model has already been available to select researchers. But now, 4chan got their grubby hands on it and spread the AI model far and wide. (link)

tech /

• MSFT Word 9.8/10 RCE bug discovered (link)

• Akuma botnet uncovered (link)

• SentinelOne breaks down Remcos RAT (link)

AI And Security Will Be Friends Forever

I'll preface this, I'm not an AI expert. I just like what the field offers humanity.

With that out of the way, I'm going to set the stage with some context and commentary. If you just want the links, they'll be at the bottom.

Sounds good?

Ok, buckle up!

What Is AI And Why Do Security Companies Use It?

AI is a very large subset of computer science that has a goal of making computer programs that do very complex things usually reserved for humans like reasoning, learning, and decision-making.

A quick example of an industry using a Learning AI is the field of fraud detection. Back in the day, humans had to sift through mounds of data to figure out if credit card fraud was taking place. As the two industries advanced, AI took the lead in spotting fraud, using pattern recognition and hunting for anomalies. Something that would take humans a very very long time to do.

Machine Learning (ML) is a field under the AI umbrella which uses data to make predictions and decisions.

Some of the ways it learns is by being rewarded for not driving off the road when in autonomous driving mode, or being trained on what a picture of a cat looks like and giving a prediction of what you're drawing is a cat. ML just really loves data, and the more of it ML gets, the better off it is.

If ML loves data, then it's easy to see why the security industry loves ML.

• Computers create tons of data

• Networks create tons of data

• Applications create tons of data

You can probably see where I'm going with this.

Most of the AI used in the security industry focuses around Machine Learning (others exist, but we’re focusing on ML for this post), where the vendors train ML models (their own implementation of ML) to look at all the incoming data and predict what will happen. Spam filtering, endpoint protection, and anomaly detection all fall under ML. Each vendor does it differently with ranges of success.

And this is where we start learning.

Brush Up Your AI Skills In 3 Phases: Crawl, Walk, Run (Plus 2 Extras At The End)

Most of the links below are free, but there are a few paid resources. All of these come highly recommended. None are affiliate links.

Basic

• Andrew Ng's "AI For Everyone" -- Not technical, taught by the co-founder of Google Brain and Coursera (free) (link)

• Google's Problem Framing -- Security data is great for ML, this teaches you why (free) (link)

• Kaggle -- Free ML Training (link)

• Google's ML Crash Course -- Hands on meant for beginners (free) (link)

• Google's Data Prep Course -- If you want to do ML, the data needs to be clean (free) (link)

• SuperDataScience Team's "Machine Learning A-Z" -- 900K+ have taken their Udemy primer on ML (paid) (link)

• Joshua Saxe with Hillary Sanders "Malware Data Science" -- Sophos' AI lead has a book (link)

Intermediate

For our middle level, you should have some Python skills.

• Ng's "Supervised Machine Learning" -- You'll build machine learning models in Python (free) (link)

• Codeacademy's Intermediate ML -- A definite step up in learning ML (free then paid) (link)

• KDNuggets Blog -- A great post of links to learn even more about ML (free) (link)

• Kaggle -- Free ML Training (link)

Ok, we ran out of gas, but if you made it this far you should have all the resources for advanced training you need.

I know there's a lot to go through, and we haven't even touched on what the hell is coming for us in the security space.

But we can chat about that another time.

2 Bonus Links

• Ben's Bites -- Ben Tossell's free newsletter provides an INSANE amount of value. There are 2 links here, both are free.

  • Non-paid affiliate link to Ben’s newsletter (link)

  • This is a direct link to his newsletter. (link)

• Learn Prompting -- Learn how to interact with Generative AI, aka ChatGPT. It's a free online course that takes you from a Beginner to Advanced prompting. I got the link the other day from Nathan Labenz on Twitter and really like how it's structured. (link)

Don't forget to look at all the YouTube content!

Jala-meme-ños

🌶️ 🤣

TALL GLASS OF MILK

Time to cool down with a tall glass of milk. Thanks for reading! We'll be back tomorrow. In the meantime, feel free to reach out if you have any questions or feedback. Keep crushing it!

AFTERBURN

#bribery

If you made it this far could you help us out? 

If you found this fun and interesting, could you share this with your team? We’re grassrootsing this thing and would love extra help spreading the word.

🌶️ 🙌