Cybernomics Radio!

Organizational Theory Meets Artificial Intelligence

Bruyning Media

Share episode

We explore organizational theory applications to AI agents and examine the transformation of Security Operations Centers through artificial intelligence solutions.

• Traditional organizational structures like military-style hierarchies are being applied to AI agent systems in cybersecurity
• Matrix organizations with multiple reporting lines have parallels in how specialized security agents might be organized
• Hierarchical structures appear most stable for organizing both human and AI behavior
• Conflict resolution between AI agents can be handled through trusted arbitrators or voting systems
• The SOC market is consolidating, with Zscaler recently acquiring Red Canary
• Companies with sensitive security needs will maintain internal SOCs while others may outsource
• Career opportunities are booming for prompt engineers and applied AI architects
• AI-assisted education shows remarkable efficiency compared to traditional learning methods
• Despite concerns about hallucinations, AI provides more reliable information than many human sources

Find Richard on LinkedIn or at his Substack (steenan.substack.com). Check out IT-Harvest.com and their AI solutions at HarvestIQ.ai.


Josh's LinkedIn

Speaker 1:

Welcome to this episode of Cybernomics. I'm your host, josh Bruning, and I'm here once again with the one and only the man, myth legend, richard Steenan. Love the intro. Thank you, you have earned it and I will die on that hill. You're one of the greatest minds, I think, in this field and I am so excited to talk to you today about organizational theory and organizational behavior. However you want to frame it, as it pertains not just to human behavior but to agents and how we can apply the academics and the studies behind human behavior and how we organize and how maybe we can apply that to AI. Maybe it's possible, maybe it's impossible, but that's why we're here today and we'll discuss how possible or impossible that is. And also, today we're going to be talking about AI in the sock.

Speaker 1:

Okay, I know we've been kicking that dead horse, but the truth is, the technology is moving so fast that we're just trying to keep up, and the SOC is as we've mentioned in shows past.

Speaker 1:

You can go back and look at our podcasts where Richard and I talked about AI. The SOC is probably one of the best use cases for AI, because you were talking about huge amounts of data and that's what agents and AI would do best would be to go through that information, improve triage, trying to get to 100% triage, if that's a thing. And there are a few SOC well, there aren't a few now, but in the future there will be a handful of companies built around the SOC, and so we're just keeping our eyes on that. Richard has been keeping his eyes on that with IT Harvest and tracking those SOC companies and, for those who don't know what a SOC is, security Operations Center should have probably led with that. But you know, richard, let's start with organizational theory. What is the reigning or what are some of the reigning thoughts behind organizational theory, and how do you envision this playing into the new agentic and AI space?

Speaker 2:

Yeah, organizational theory is a you know, decades old, probably overyear-old, academic endeavor to study how humans organize to get stuff done. It's obviously a real strong business application covered at business schools and a lot of professors would cover it. Deming, of course, was probably one of the top proponents of some of these techniques, right Deming, who came up with kind of the Kanban style of task organization. I know when I graduated you know pre-tech days practically, even though I was using computers fresh out of school but the new thing on the block was matrix organization. So the classic organization of course is built off of almost a military-style top-down leader at the top of a pyramid. You've seen org charts like this all the direct reports responsible for, in a big organization, each business unit, and then it just repeats all the way down until you get to the individual contributor. And there's been a lot of talk about flattening that right. So you use technology to get rid of the need for middle managers, which of course used to be the biggest focus for academics.

Speaker 2:

And at one point when I graduated, the hot thing this is way back in 1982, the hot thing was matrix management. And matrix management meant that you had everybody had a direct report. That was kind of a charge. So if I was a, you know, as a structural analyst, I would report up to the VP of you know systems design or you know mechanical systems design or something like that. But then I would also be assigned to a project which would have a chief engineer, so the chief engineer for the whole program for building a car, right, and it was supposed to be kind of flexible, but it meant you had two bosses One kind of determined your salary and your role and your position in the company, but the other one determined your performance review. So it got very confusing for anybody in one of those organizations. For the most part people hate matrix organizations.

Speaker 1:

So just for the, so I'm trying to keep up because, let's just be honest, I'm the idiot in the room.

Speaker 2:

It's old school.

Speaker 1:

Yeah Well, let me. Let me just ask this the matrix organization is that a decentralized way of organizing behavior or is it hierarchical? Because it's. It sounds like you've used some hierarchical language, but just to parse those two things is it hierarchical or is it decentralized?

Speaker 2:

it's both and that's the problem. And that's the problem, exactly right. So you get you get multiple reporting structures, um but less, uh any, but you don't get any more independence inside the organization. So it's definitely not flatter.

Speaker 1:

Right, right. So what would be the equivalent of a matrix organization in AI?

Speaker 2:

AI, the, the it would be a bunch of specialized agents. And in security, what I'm finding is people are talking about pretty much an agent for each component of the technology stack, right? So there's one for reading and ded-duping and early filtering of the logs, for instance, and there'll be another one for figuring out threat intelligence and adjusting it and applying it to the logs to see if something's going on, and another one for vulnerability management and even another one for architecture. Right, they will know and understand the network. So if there's an alert that comes up looks like somebody's trying to hack the Active Directory server, but the Active Directory server is, like, totally protected by error gaps or something, then you know you don't have to worry about it. So each of those agents in a matrix would be pulled into tasks and along the other axis of the matrix would be incidents, so investigations, and it'd be pulling from each of those agents. Maybe that's the way it's going.

Speaker 2:

You know, so far I haven't seen anybody describe it that way, pretty much every description, which, by the way. So there are 16 peer play agent based cybersecurity solutions out there today, or companies that talk about creating them. Anyways, none of them have more than 40 people. So it's very early days and at the same time, the existing players, the sims, are going hey, this is perfect. You know, maybe if we tacked agents onto what we're doing, we'll finally have a justification for people spending so much money on sims, right, because up till now, you know, it's kind of up in the air. It's like wow, the sim is just a very, very expensive log management tool.

Speaker 2:

And it's hungry Consumes a lot, consumes a lot, yeah, and so maybe with agentic AI, they can actually start driving value and the SIM vendors will start selling you, I guess, ai agent enhanced solutions, which makes total sense to me. And that's the battle I think is going to be on between existing SIM vendors. You know, just imagine IBM waking up and going well, we've got Watson and we've got QRadar, let's put them together and we'll have a killer solution. Let's put them together and we'll have a killer solution. So that race is going to be on between those guys and the guys who just said you know from just quit whatever they're doing and or sold their companies and started a brand new thing with venture funding to build something from scratch. And there'll be a race. There'll be. You know, there'll be winners on both sides. I'm sure there will be winners on both sides. I'm sure have a tasking agent that lays out the investigation for all these other agents. But it is fairly flat right it's the tasking and then all the agents right underneath it.

Speaker 1:

No tiered thing going down further. So you have like one super agent and then a bunch of like regular agents.

Speaker 2:

Yeah, except and that's the way you conceive it, except that there's never just one right. If there is one, that's one that is working on one problem, but you spin up another one for the next problem and another one for the next problem. So each of these agents are elastic and potentially well I won't say infinitely, but you could have hundreds of thousands of agents if you have a big enough system that they have to work on.

Speaker 1:

Right, right. So if you were talking about the agent, let's say, just to simplify, the two-tiered system, you can have multiple tiers, which I do want to talk about at some point, but if you've got a two-tiered system, you think of that as like one company. You can have an infinite number of companies comprised of these two tiered systems and with, like, it sounds like the, it sounds like you've got the matrix again, like that matrix organization. They can all talk to each other, but they command up, which they may have the problem. They may have solved the problem that you had, which is when you're ready for a raise, you know, like, who do you? Who's responsible for promoting you? Who's responsible for giving you your orders? In this system, as long as they're partitioned, they get their orders from the super agent, but if they need to grab something from the from, you know, grab a cup of sugar from the neighbor next door, they can do that, is that?

Speaker 2:

does that make sense? Yeah, that's good, and it's no surprise, right? This is super early days that we use the first organizational structure, right, which was probably, you know, if you think all the way back to Sumerian or Egyptian times, then you had the ruler and you know the direct reports, and then all the taskmasters that would assign the slaves their tasks. And in military, same thing. Right, you got the Caesar or the general, all of his direct reports. You get all the way down to centurions and whatever they call the people in charge of ten people, a decurion, probably, and same thing, and of course that has survived all the way to today. In the military world, they called the people in charge of 10 people a decurion, probably, and same thing, and of course that has survived all the way to today in the military world. And obviously that's the way we're going to start.

Speaker 2:

But there's probably going to be a lot more multidimensionality to what we're going to come up with. Eventually, to what we're going to come up with eventually, it may be that instead of, you know, two-dimensional matrix, you get three or infinitely dimensional matrix, because that's essentially what the AIs are in the first place. So why not take advantage of their multidimensionality and it will be, you know, extremely hard to visualize, but all you care about is the inputs and the outputs. Inputs will be whatever the environment is doing. Outputs will be solved investigations.

Speaker 1:

Yeah, I'm trying to think of a decentralized organizational structure that has worked, and it seems like I I struggled to find one. I could think of one that's sort of a hybrid um, which is the human brain, right, yeah, um, but it seems like from the animal kingdom all the way, like you said, military, it seems like the reigning structure for human beings being organized. The behavior is just like to be organized, to not go rogue, is hierarchical, right, I'm thinking of. Have you ever? Have you followed? This is a really weird thing. Do you know? Do you know who King Charles is? The dog, not the? I do not. Okay, so you got to look this thing up and if you're listening the person listening to this right now, do yourself a favor, look up King Charles. You can probably find it on TikTok. I think would be the easiest.

Speaker 1:

King Charles is this dog at a dog adoption center, kind of like a giant outdoor pound in China, right? Adoption center, kind of like a giant outdoor pound in China, right, and he's just like taking over the internet because there's this hierarchical structure in the yard. You've got like 50 dogs or something and this dog keeps all the other dogs in check and he's got lieutenants where if a dog misbehaves, he approaches that dog. If that dog is giving him too much trouble, one of his lieutenants will give that dog a nip, right, and the dogs just fall in line. And now there's this whole mythos around and people have, just like you know, basically anthropomorphize this dog and all of his compadres, like he's got the. You know, he's like caesar, right, yeah? And to the point where there's another dog that comes in and everybody's like here comes the challenger, is he gonna win? And makes king charles like kind of back down. But the other dogs come to king charles's support. So it's not just his strength, he, he is a just and fair leader and so he's respected from the corny corso all the way down to the chihuahua. Everybody bows down to King Charles. It's just like I've spent way too much time in this, but it's fascinating because you're looking at organizational behavior in real time and it seems to be the most stable structure that exists.

Speaker 1:

Now here's my question to you, richard Can you think of any other structure other than the pure hierarchy that would keep AI in check? So let's say, I'm an executive decision maker, I'm the human in the room. I want to be able to talk to one agent. I don't want to talk to all of the other agents. I want to talk to one agent and hand down or pass down orders all the way down to the to use your centurion term all the way down, the way down to the whether the decaturian, whatever you call that person down to the privates. There we go. Yeah, do you can you think of? Do you think of? That is the way forward, or can you think of any other possible organizational structure that would work for agents other than the hierarchical?

Speaker 2:

Yeah, I think the independent agent. So, as a matter of fact, this is how Gartner works, or at least it did when I was there. Each analyst was independent of the only you know. The only reason they needed a manager was to interface between the company and the analyst and the manager would, you know, tell them about the bonuses and changes to healthcare, whatever. But each analyst would organize amongst the other experts in their field and decide what the research agenda was. And then for big events they'd assign one of the analysts a manager for the agenda for a big conference, and that person would have to wrangle all these independent people and get their content organized for the big thing, but very, very decentralized.

Speaker 2:

And I can see agents being able to do that right when they're trained on or rewarded for results. You could have a bidding platform where you say, hey, I need this done, I need a thousand leads from kennels in China. Give me the, the kennels in China, I mean the kennel managers in China, because I'm going to sell them a solution to King Charles. And then, you know, a bunch of agents could be out there, obviously, you know, run, technically run and provided for by their owners, and they could just bid on that and the winning one does the job and turns in the results and gets paid and you can see that happening from a purely independent doing stuff. You can do the same thing with stock trading. You're not going to be able to. You know what's the point of having agents if they don't get to work on their own right and develop their own investment theories and develop their own portfolios. So I think we'll see. We will see that happening.

Speaker 1:

Last thing on the agents conflict resolution. I feel like that's one of the main functions of organization in the first place. Do you see that being a problem?

Speaker 2:

Big time. You have to decide how you do it, the way we've been doing it at IT Harvest. So we've got our own database, of course, with 4,000 vendors, 11,000 products. We embed that just in a big rag so you can query it and you're basically querying it with Cloud. But we launched that to end users. We got 300 end users within days.

Speaker 2:

They were asking questions outside Cloud products and vendors right, like, hey, you know what's the best way to organize a sock or something like that. So he said, ok, we got to also query, you know, an outside general purpose AI like perplexity, which we did. So now we have two answers to the questions and we give them both to Claude and let Claude decide what the best answer is combining or giving it just one of those. So that's a. You know we're relying on Claude to make a judgment call as to match between the question and the answer, and so that's one way. The other way is voting and you decide. And that's the way self-driving cars work. They'll be at least in Teslas. There's two massive GPU-based chips in the vehicle and when a decision is being made to slam on the brakes or shift gears or turn right or turn left, or turn the turn signal on both of the chips have to come the same decision to do that.

Speaker 1:

Okay, okay, so kind of like being in a nuclear submarine or deciding to launch a nuke, both people to turn the key in.

Speaker 2:

Yeah, that's brilliant, I hadn't thought of that yeah, or two people you know signing a digital certificate? Yeah, In many, many cases Huh.

Speaker 1:

Well, would you look at that, Richard? That's why they pay you the big bucks. Yeah, that's smart. Okay, so let's move on to the SOC. In the time that we have left, what's going on in the SOC market? Oh my gosh, Not the stock market, but the SOC market. You've got all the data.

Speaker 2:

Well, this combines the two because yesterday Zscaler announced that they were buying Red Canary, one of the top players in the modern MSSP space. So right up there with I don't know ArticWolf and eSentire and those guys with I don't know ArticWolf and eSentire and those guys, and Zscaler, of course, is had. You know, it's confusing to the market right now. Confusing to me. The market seems to love it because Zscaler's up I don't know 20% or something. But it's confusing because Zscaler went to market with a SaaS solution where they basically filter all of your traffic going in and out and kind of obviated the need for a SOC for their big customers. So now they bought a traditional SOC management MDR company.

Speaker 2:

The language around the justification for it had something to do with AI. I'm like, hey, maybe I'm not sure. I believe that it wasn't big enough into AI, but it did raise a very interesting issue. Instead of all these startups generating AI agents and then selling them to companies like MSSPs, why not the MSSPs develop their own? They know the problem that they're facing. They can just hire some really smart developers and create their own. And now they're not selling you the agent, they're selling you the result of having an agent doing all the you know the early heavy lifting for tier one analysis.

Speaker 1:

Yeah, yeah. What would, just for my edification, what would be some of those outcomes? What are some of the results?

Speaker 2:

Yeah, so they're great. I saw a great demo today Okay, somebody remotely logging in over VPN, and the solution I was looking at was actually profitai and it's awesome, right. So first it generated the list of questions to ask the other agents. So things like you know really cool ones you know are hey, check the person's calendar. Are they taking time off right now? In other words, are they traveling so they could be VPN in in from some strange location? In this case, mexico was example. Um, do they? Um, you know, is there anything in their email that indicates that they would be logging in remotely? Have they used this open VPN before? Yes, they have.

Speaker 2:

So you walk all the way through that, something that would literally take you 10, 15 minutes of investigation. You can answer in 20 seconds, but have a complete analysis of what they did, you know to the point. No human would ever bother writing down all the questions they asked and the answers they got, et cetera, but it's free once you got the AI there to do it. So that's just an example. You know, repeat that thousands of times a day for a large organization and you've got instant cost savings.

Speaker 1:

What are you seeing in the consolidation of this space? Do you see consolidation accelerating? Do are you able to track how fast companies are consolidating? Because I've got a little you can't see it here, but it's an imaginary um, uh countdown where at some point there will only be a handful of socks, right, and you know, right now you've got a lot, not to be confused with underwear so a handful of socks, that's. I'm down to a handful of socks. I need to go shopping, but that's neither here nor there. But if you're looking at a handful of SOCs at a certain point, are you able to track that consolidation?

Speaker 2:

And if so, okay, oh, yeah, we'll be able to, because it's really hard to know when General Motors decides to outsource their security to one of these MSSPs. Maybe they have, I don't know. Very, very difficult to track that. So the only SOCs that you can track are the MSSPs. Maybe they have, I don't know, very, very difficult to track that. So the only SOCs that you can track are the MSSPs. And, of course, the vendors of SIMs and other tools. And all these agents will know who's got a SOC because they're their primary customers, their ICP. So, yeah, it's going to be super difficult to tell if that's happening. Now, mind you, there are many organizations that will not allow their data to be commingled with somebody else's data, right? So they're not going to outsource to an MSSP. So Lockheed Martin, right, they're always going to have their own internal SOC. A lot of organizations are like that. They have to. You know, your classic Red Canary doesn't see the 15 separate Chinese APT attacks that are happening every day at Lockheed. So they need that specialized expertise.

Speaker 1:

So they need that specialized expertise. With this shift, do you think that there are going to be employment opportunities? Because it seems like the vendors may be disadvantaged. The Lockheed Martins of the world they're not going to outsource, so what are the employment opportunities that you see in this?

Speaker 2:

space prompt engineer or anybody who's able to architect what I call applied AI or applied gen AI, then the world's your oyster. You'll have many, many jobs to choose from, and that's what everybody should be looking to do, right? If you're not going to build your own AI directly, then you should be looking at applying the knowledge that you've acquired since ChatGPT came out two and a half years ago, and you should be consulting. You should be hired into organizations and just working on anything to do with AI.

Speaker 1:

All right, shout out to my friend Jenna Gardner. She's already there, good.

Speaker 2:

And my daughter, who's just found she was interested in instructional design, got hired into an IT department a year and a half ago and all of a sudden she's the AI expert for education in a major state university.

Speaker 1:

I will be launching I don't know exactly when I'm doing preliminary research to the local schools here in Savannah and there's a huge need for people to educate schools and students on AI, especially places like Savannah Not knocking Savannah, but it is my home now. It's my local community. The schools here have some of the lowest scores in the entire country. Schools here have some of the lowest scores in the entire country and I think it would be a testament to the technology of AI to be able to put that power into the hands of people. And we can measure that not just in academics but in real world entrepreneurship.

Speaker 2:

Absolutely. There was a study just came out. It was done in Nigeria, you know, which has a fairly traditional educational system. It was done in Nigeria, you know, which has a fairly traditional educational system, and they compared the results from six weeks of AI-assisted learning to two years of traditional learning and the AI-assisted outperformed the two years traditional.

Speaker 1:

Wow, makes total sense.

Speaker 2:

Yeah, I mean, I use it to educate myself on organizational theory, on anything you know. Yeah, it's, they can draw on all the historical background. Yeah, you can say you know? Ok, dumb that down for me, explain it like I'm five. Ok, that's two. You know, I'm really 12, not five. It'll just. It'll just keep coming at you with better and better ways to learn.

Speaker 1:

And let me just attack something here head on the hallucinations Everybody's like. Well, it hallucinates. Is it going to give me the wrong answer when I ask it something? It's not so reliable. Why would I want to be educated by something that hallucinates? Look man, you go out there and you ask the average person any of these questions, you're going to get flat out wrong information, misinformation, and you will have no way to validate it Right. When somebody I still have in my memory bank so much wrong information from when I was a kid, I know Me too.

Speaker 1:

Right. So they tell you all kinds of weird stuff when you're young and you don't question it Especially if you have older brothers and sisters.

Speaker 1:

Right what's right or what's wrong. So let me just put that to rest. If you're listening to this, listen closely. Chat GPT Claude Deep Seek. Even they hallucinate, yes, but it is way better than going out there into the real world and trying to find experts to learn about the world around you. Because, number one, that's slower. Number two, you're going to get misinformed. Number three, people will flat out lie to you. But at the end of the day, if you're really talking about 20 years of being educated by AI versus 20 years of just naturally going out into the world, yeah, you might not get everything right with the AI, but I think you're going to be further ahead with the AI than if you were to just go out and try to get that information from the real world and tell it to show its work right.

Speaker 2:

Don't just tell me the answer. Tell me where you found it and how you derived it. It'll give you the links and you go look at the sources, see if you think they're credible, right, you. And see if you think they're credible, right, you verify.

Speaker 1:

Just like anything. Yeah, yeah, All right, Richard. Anything else to be said on the SOC before we wrap up?

Speaker 2:

No, I think. For now anyways, it's the most exciting area that I see out there. There's plenty of other areas for AI to address Vulnerability management, red teaming, just attack and penetration, but we'd talk about those in other sessions.

Speaker 1:

Yeah, yeah, and I really want to talk about compute costs when it comes to the SOC. So stay tuned to Cybernomics, your one-stop shop for everything. Cybersecurity economics. Richard Steenan thanks again for joining me today. Oh, I didn't do the whole. Where can people find you thing? If people want to find you because I want them to find you go to Richard's house. He's going to be hiding under the table. No, I'm kidding. If people want to find you, how can they find you and how can they learn more about IT Harvest?

Speaker 2:

Yeah, they can find me on LinkedIn. That's the easiest way and, unlike a lot of people, I actually have my contact information. So a lot of people don't know this, but on LinkedIn there's a little clickable link that says contact info and it'll have my phone number and my email address, so you don't have to ask me. You can also look up my Substack, where I write about a lot of stuff on the cybersecurity industry. That's steenansubstackcom Check out our website. It-harvestcom Check out the list keeps going and it's going to get bigger and bigger. Harvestiqai is our chatbot that I described. That will query multiple AIs to answer your questions, including our data, and then, of course, dashboardit-harvestcom, which is our platform for cybersecurity industry research.

Speaker 1:

I got to ask do you get spammed having your email address publicly? Never.

Speaker 2:

Wow, never. The only place I get spammed is the form contact form for IT Harvest Press, which is just a Wix website, and people tell me you know my website needs updating and I go yeah, thanks, I know. Yeah.

Speaker 1:

I get those calls all the time Wow, oh, we saw your website, bruning Media, and we think that we can do a better job. I'm like Eden worked her ass off to build that website and it's a great website. Don't call me telling me that you can do a better job. I mean number one.

Speaker 2:

I don't believe you. Don't do that. Don't do that.

Speaker 1:

Don't do that and don't spam Richard, all right? Well, thanks for listening to this episode of Cybernomics. You can find me on LinkedIn. If you want to learn more about Bruning Media and what we do, check out bruningcom B-R-U-Y-N-I-N-Gcom. See you later, see ya.