Revio’s John Baird on AI’s Role in Boosting Sovereign SOC Capabilities
“I’ve had people say to me that SOC analysts will disappear, that we won’t need them in the future – it will all be done by AI.”
This is Revio Cyber Security’s CEO, John Baird, who says that future may still be a long way off. For now, AI is helping analysts at the organisations Australian Security Operations Centre do their jobs more effectively.
ADAPT’s data shows that SOC teams are overwhelmed by alert volumes, with 69% reporting burnout due to false positives. But they report that AI is increasingly automating event correlation, anomaly detection and log analysis, reducing the “noise” analysts face and shifting them away from manual threat monitoring.
When AI handles baseline monitoring, SOC analysts are freed up to focus on more creative tasks such as threat hunting, adversarial simulations and proactive defence.
AI is playing a significant role in strengthening the capabilities of Revio’s three-year-old SOC, which provides continuous monitoring, threat detection and incident response services to Australian enterprises.
Baird explains that, unlike other SOCs that focus on post breach response, Revio’s aims to keep organisations in the ‘prepare phase’ through threat assessments and evaluations that help them execute strong cyber plans. Its SOC looks not only for traditional indicators of compromise but also for signs of poor hygiene and risky human behaviour within organisations.
When data enters its data lake, a machine learning algorithm tags specific events as alerts. AI capabilities then gather additional information, review it and automatically add detail to incident tickets before promoting them up the list of priorities.
“That [the data] is then looked at by a real human who can respond more quickly. They’ve got the information at their fingertips, they know certain things are being done already and that’s where AI is helping them to handle more tickets, more quickly”, he says.
Revio has also developed a separate, in-house AI capability on a physically isolated machine, used to interrogate customer data securely.
“The most important thing about AI is that in 5 years, [we’ll] have 5 years’ worth of experience. On both fronts, we’re building up our experience to figure out how to best use AI. We’ve just released a new SOA (statement of applicability), and it’s being integrated into that SOA.
“So, when automation demands arise, they [analysts] can consult the AI, request clarification and come back with new ideas to integrate into their response actions”, he says.
Building the right level of AI experience remains a challenge for Revio. Staff have spent the past 12 months exploring what can be done using existing AI tools available in the market.
“We’re not going to develop a new model from scratch; that’s not our role. We’re using other people’s models. We need to figure out what they require, how to execute and connect them, what the answers mean and what their limitations are – what you can and can’t rely on.
“Then get them [the models] into the team, get the team testing and gathering feedback about when they hallucinate…when they run down the wrong rabbit hole and see how we can fine tune [them].”
Building a sovereign AI capability
Baird is a strong advocate for Australia developing its own sovereign AI capability, arguing that a local industry is essential for national security.
“It’s one of my passions…there’s no way we can secure Australia if we don’t have a local industry. We can’t just bring things in from offshore and hope for the best.”
Baird is also an adjunct fellow at Macquarie University in Sydney, which has worked with TAFE to develop micro-credential courses such as the SOC Analyst Bootcamp. These programmes are designed for students who haven’t come through the university system or who hold unrelated degrees, giving them hands-on experience with real-world tools in simulated environments.
Revio is also a signatory to the NSW Government’s alternative pathways program and has committed to ensuring that 20% of its staff come through this channel.
“We’ve got people without a background in computing…it’s actually proven to be a really good idea. These people bring a wonderful diversity of thought, and they come up with ideas, options and scenarios that you wouldn’t have thought about”, he says.