Thoughts on humanness, AI, training, and gut-based detection

On the Jane Street trading floor, every algorithm had its own sound. Walking the floor was said to be like being in an arcade, a cacophony of soundbitesconstantly going off, each corresponding with an issue that needed to be addressed. Traders didn’t just look at dashboards; they experienced rhythms and could identify when something was going wrong, not just from looking at a monitor, but by hearing it in real time.

I love a good pewpew map, even though they’re usually pretty useless and completely inaccurate representations of threats. But what if we applied the Jane Street concept more seriously to the SOC?

Imagine if every detection rule had its own sound. You would hear it every time it fired. (A badly tuned detection rule would immediately become unbearably annoying – a great motivator for reducing false positives.) An analyst would know their network was being attacked not by squinting at a Splunk dashboard, but by the specific sonic sequence of a kill chain unfolding in the room around them. 

Consider if you could taste the bitterness of Kerberrosting, or hear the rhythm of SMB enumeration in progress. While this sounds absurd on the surface, I would posit that it is more absurd that we have compressed all threat detection into a 2D screen, ignoring all senses beyond sight, ignoring the full human nervous system’s analytical capabilities, and hampering our ability to develop intuition quickly.

A couple of years ago, I worked as a deckhand on the Götheborg of Sweden, an exact wooden replica of an 18th-century East Indiaman tall ship. My time on the ship reminded me how many English phrases are maritime metaphors. Now, when someone says “all hands on deck”, I can physically feel myself awoken from my hammock and rushing to get on deck in the cold and wind to push a capstan along with 10 other crewmates, just to tack. I don’t conceptually just know the phrase. I know how it feels. Experience is a deeper level of understanding. With a multisensory SOC, an analyst’s understanding of an attack would go from conceptual to experiential. This is the same reason hospital monitors beep, and airplanes have stall horns.

I think a lot about what it means to be a good analyst and how we develop the next generation to be even greater. In the book Thinking, Fast and Slow, author Daniel Kahneman provides an anecdote about how the Israeli military conducted interviews. There would be checklists to follow, but the best interviewers would follow the list, then close their notebooks and stop, seeing how they felt in their gut. This combination of process and an educated gut was where they found the best judgments were made.

The AI native SOC is coming. Detection, triage, and most tier-one analysis will soon (if it hasn’t already) be fully automated by agents. If we don’t intentionally train the next generation of cybersecurity professionals, we’ll wake up in a decade wondering where all the mid-level talent went. 

So how do we build up gut-level experience in the next generation of cybersecurity professionals? I believe it will be through building something like a Multisensory SOC. A system that unlocks the full human sensory analytical capacity and compresses the timeline for turning conceptual knowledge into experience.

As models continue to improve, meeting and exceeding human capabilities in cybersecurity (just look at Anthropic’s Mythos Preview), I increasingly believe the only moat for humans is to lean into being human. It’s our feelings, it’s our intuitions, it’s our gut, the things AI will (hopefully) never be able to replace.

—

I’m increasingly interested in people who are building things to unlock multisensory experiences, bringing about the physical manifestation of the digital. If you’re building in this space, I want to hear from you.

—

Footnotes:

1. Going Infinite by Michael Lewis has a great recounting of the Jane Street trading floor

2. My Thinking, Fast and Slow anecdote is an extremely boiled-down summary. I highly recommend reading the book if you haven’t already.

3. A sound-based network monitoring system was tested in 2000 by two researchers (Michael Gilfix & Alva Couch) at Tufts University. They called it “Peep: The Network Auralizer”. It never got beyond the experimental phase.