Cybersecurity automation: The good, the bad and the inevitable | Sean Tickle, Littlefish

Episode summary

In a lively discussion, Sean Tickle and Yakub Desai delve into shifts in cybersecurity, emphasising the impact of automation and generative AI.

They explore how automation boosts security operations efficiency, dispelling misconceptions that it replaces analysts, instead, it empowers them.

Amid rising cyber threats, they emphasise the need to balance automation with human expertise while preparing for potential system failures. They also look toward the future of cybersecurity automation, particularly in operational technology and incident response.

If you’re looking to learn more about the future of automation cybersecurity, this is one not to be missed!

Four key takeaways: The automation advantage

Cybersecurity Automation has emerged as both an ally and a challenge for security teams.

As cybersecurity leaders Sean Tickle and Yakub Desai discuss, adopting automation strategically can empower teams to respond faster, reduce noise and focus on higher-value work.

Here are four key takeaways from their insights on successfully implementing automation in security operations.

1. Balance automation with continuous tuning

One of the risks of automation is that it may lead to a kind of “invisible complacency,” where benign alerts or false positives slip through unnoticed.

But, as Sean emphasises, automation is far from a “set-and-forget” solution. The continuous refinement of detection rules and metrics is essential for maintaining accuracy.

“If you’ve got, say, 1,000 alerts and 90% are tuned,” Yakub notes, “you might still look at your metrics later and realise there’s a lot of benign or false positives there.” Without ongoing review and tuning, automation could mask underlying issues.

The key is to treat automation like any evolving system that needs routine adjustment. It should amplify your team’s insight, not dull it.

2. Automation doesn’t replace analysts, It empowers them

A common misconception is that automation will reduce the need for human analysts.

But according to Sean, that couldn’t be further from the truth. Automation should support analysts, handling the repetitive tasks so they can focus on more complex challenges.

This also frees up time for professional development and fosters growth, ultimately creating more skilled, versatile security professionals.

“It’s about empowering our analysts, not replacing them,” Sean explains. “It allows them to focus on the high-level, holistic view of security rather than just grinding through alerts.”

Automation can also open doors for analysts to participate in strategic projects. This is an invaluable investment for both the team and the organisation.

3. Anticipate and address automated attack sophistication

As threat actors increasingly use AI and automation, the sophistication of attacks is escalating.

Both Yakub and Sean stress the importance of staying ahead by using automation to strengthen detection and response.

Attackers use AI for speed and complexity, but defenders can match this by implementing proactive, AI-driven threat intelligence and response strategies.

“We’re already seeing automation being used to launch attacks that are more sophisticated,” Sean points out. “Our job is to ensure we’re using automation better, identifying, learning from and adapting to these evolving techniques faster than attackers can.”

For security teams, this means constantly expanding and adapting automation tools to protect against new types of threats.

4. Implement automation thoughtfully and focus on quality over quantity

Throwing automation at every step in the process can lead to overwhelm.

Instead, teams should prioritise quality over quantity by carefully choosing what to automate and maintaining a clear view of which alerts add value.

Sean highlights the importance of measuring true positive rates, the proportion of incidents handled manually versus those automated, and the impact on the team’s workload.

“Everyone wants to do right by their customers,” Sean says. “But we must avoid the temptation to throw everything into Sentinel with thousands of rules just to look good.

True value comes from understanding what’s relevant and meaningful to clients.” Smart automation means refining data rather than generating it, giving clients not just more security alerts but insights that matter.

Conclusion: Thoughtful automation, stronger teams

Automation offers powerful tools to amplify security capabilities, but only when paired with a mindful, strategic approach.

Sean and Yakub’s perspectives offer a blueprint for using automation to reduce the noise, improve team expertise and counter automated threats from adversaries.

In the end, automation is an asset for those who see it as a tool to elevate human insight rather than replace it.

For teams looking to integrate automation: focus on ongoing refinement, empower analysts rather than replace them, stay ahead of adversarial automation.

Keep the end goal, quality over quantity, front and centre.

Meet our speakers

Yakub Desai, CloudGuard, Automation Leader
At CloudGuard, Yakub is focused on automation and centralised architecture. He aims to simplify and optimise processes. For Yakub, IT is more than a career, it’s a mission to use technology for global cybersecurity and positive societal impact. Follow him on LinkedIn here.

Sean Tickle, Littlefish, Cyber Services Director
Sean Tickle is Cyber Services Director at Littlefish, an award-winning Managed IT and Cyber Security Services provider based in the UK that focuses on delivering enhanced user experiences, improved customer satisfaction, and authentic business value. Follow him on LinkedIn here.

Extra Links

Did you enjoy the show? Subscribe here so you don’t miss the next episode.

Follow us on LinkedIn so you never miss a CloudGuard update.