PLAY PODCASTS
Effective AI for Practical SecOps Workflows w/ Hayden Covington
Episode 4

Effective AI for Practical SecOps Workflows w/ Hayden Covington

Antisyphon Training Anticasts

January 28, 20261h 19m

Audio is streamed directly from the publisher (media.transistor.fm) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.

Original episode pageView transcriptChapters

Show Notes

Which AI workflows are already running in production SOCs right now, and which ones could you implement by next week?

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits:
https://poweredbybhis.com

🛝 Webcast Slides:
https://www.antisyphontraining.com/wp-content/uploads/2026/01/Effective-AI-for-Practical-SecOps.pdf

✏️ Learn from Hayden on Antisyphon Training:
https://www.antisyphontraining.com/search/Hayden

Join Hayden Covington (Black Hills Infosec - SOC SecOps Lead) for a free one-hour training session to learn how to augment security analysts with AI through practical, tested workflows.
Cut through the noise of vendor demos, hype, and ChatGPT wrappers.

Hayden will teach you practical AI workflows that help analysts work faster and smarter without replacing their judgment.
Learn real techniques for detection engineering, case management, and QA, plus where AI truly helps (and where it doesn’t) so you can apply it right away.

Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel

Chapters:

  • (00:00) - INTRO – 2026-01-28 Effective AI Hayden
  • (02:29) - About Hayden
  • (03:33) - What This Session Is (and Isn't)
  • (04:26) - Let's Get Something Straight
  • (06:11) - What Augmentation Actually Looks Like
  • (12:03) - Before You Implement Anything...STOP
  • (13:14) - Consideration: Cost
  • (18:30) - Consideration: Policy & Legal
  • (20:41) - Consideration: Data Sensitivity
  • (21:21) - Consideration: Team Buy-In
  • (23:35) - Consideration: PEBKAC
  • (27:55) - How We'll Break Down the Use Cases
  • (29:14) - Start This Week! – AI Projects: Curated Team Agents
  • (32:12) - Building a Good Agent
  • (33:18) - Detection Code Review Agent
  • (35:31) - Detection Code Review: Example Prompt (GH)
  • (37:01) - Why Markdown and Change Controlled Prompts Win
  • (38:38) - Start This Week! – SOC Analyst Agent
  • (40:20) - SOC Analyst Agent: Example Prompt
  • (41:56) - Other Agent Examples
  • (42:53) - Quick Wins: Raycast InfoSec Extensions
  • (44:44) - Raycast Example
  • (45:12) - Build This Month! – Case Management: Alert Titles & Summaries
  • (46:23) - Case Management: Example
  • (47:10) - Case Management: Sample Implementation
  • (48:08) - Build This Month! – Quality Assurance: Automated Ticket Review
  • (48:44) - QA Workflow Options
  • (49:45) - QA: What It Catches
  • (50:15) - QA: Sample Prompt
  • (51:37) - Build This Month! – Detection Engineering: First-Draft Generation
  • (53:12) - Detection Engineering Workflow
  • (54:04) - Detection Engineering: Starter Approach
  • (54:45) - Detection Engineering: Sample Prompt
  • (56:58) - Where AI Often Fails
  • (59:27) - Key Takeaways
  • (01:00:31) - Resources & Next Steps
  • (01:01:39) - QA Start
  • (01:04:31) - Patterson's Workshop

Creators & Guests
Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com


Antisyphon Training

https://www.antisyphontraining.com/


Active Countermeasures

https://www.activecountermeasures.com


Wild West Hackin Fest

https://wildwesthackinfest.com

Click here to view the episode transcript.

← All episodes of Antisyphon Training Anticasts