Will AI replace your security analysts? (There's a better question to ask.) | Nerdy 30

In this eighth episode of the series, host Ben Baker (Director of Content at Expel) sits down with framework author Nick Hatcher (Senior Product Manager) and Ray Pugh (Senior Director of SOC Operations). The conversation cuts through the AI hype to address a critical practitioner dilemma: exactly where does AI belong in your security operations operations, and where must humans remain in control? The team details how to map your security workflows against a practical matrix to safely navigate automation. What you'll learn: The Trust vs. Impact Framework: How to audit and plot any security operation workflow based on how bad it is if the machine gets it wrong versus how much you trust the system to get it right. The new hire mental model: Why treating an autonomous AI agent exactly like a newly hired human analyst sets the perfect baseline for setting operational boundaries and validation milestones. Rapid alert triage for identity: How AI safely accelerates highly ambiguous user behavior and baseline assessments across environments while leaving the final execution to a human analyst. The danger of autonomous remediation: Why high-impact actions, like taking a critical system offline, must remain strictly in human hands to prevent catastrophic automation errors. ⏱ CHAPTERS: 01:00 - Introduction & The Expel Nerdy 30 Series Backlog 03:00 - Beyond the Hype: Asking the Right Questions About AI in the SOC 04:00 - Core Architecture of the Trust vs. Impact Matrix 05:30 - Meet the Experts: Product Management Meets 24/7 Threat Hunting 07:15 - Moving Beyond the "Department of No" in Cybersecurity Teams 12:00 - Pitfalls of Shoehorning and the Need for AI Intentionality 16:00 - Identity Context vs. Endpoint Malware Alerts: A Practical AI Use Case 22:00 - Embracing Failure & Running Upstream Validation Testing in the SOC 28:00 - Critical Risks: When AI Must Stay Far Away From Remediation & Detection Control *🔗 RESOURCES & LINKS:* Trust vs. Impact Assessment Tool & Whitepaper: https://expel.com/trust Read the Expel Security Blog: https://expel.com/blog Catch past episodes on YouTube:    / @expelsecurity   Follow upcoming episode announcements on LinkedIn:   / expel   ABOUT THIS EPISODE ━━━━━━━━━━━━━━━━━━━━━━━ This episode focuses on practical, real-world deployment metrics over artificial intelligence hyperbole. Security leaders shouldn't be drawing a hard line against modern technology, but they also can't blindly trust an LLM with remediation actions like taking critical internal infrastructure offline. By breaking tasks down through peer conversations, security teams can establish clear parameters for exactly when an automated tool is truly ready to ride the SOC ride. Key quotes: "Take the word AI out of it, and take it as if you hired, like, a new hire on your team... there are certain things Ray has to see before that analyst gets to do those things... instead of talking to a human, you're going to be evaluating an agent to do it." — Nick Hatcher, Senior Product Manager "Identity alerts traditionally can be very ambiguous... it's baselining both user behavior, what's normal in that environment, what have we seen in other customer environments... it serves up all of that information to an analyst to have that human in the loop dynamic to more quickly arrive at the same conclusion." — Ray Pugh, Senior Director of SOC Operations "The tendency these days is to just shove AI at the problem rather than like thinking critically about does AI belong here... rather than just shoehorning AI into every problem, it's thinking critically and intentionally." — Ben Baker, Director of Content ABOUT NERDY 30 ━━━━━━━━━━━━━━━━━━━━━━━ Welcome to Nerdy 30—the series where we take 30 minutes to dive deep into complex, practitioner-forward cybersecurity topics with zero fluff. Produced by Expel, we bring together operators, threat hunters, product engineers, and industry leaders to pull back the curtain on modern security operations, MDR markets, threat trends, and architecture. Hit subscribe to build better operational frameworks and stay ahead of emerging threats. #Cybersecurity #SecOps #SecurityAnalyst #ArtificialIntelligence #MDR #IncidentResponse #LLM #ThreatHunting #Expel #Nerdy30