Curmudgeons #
Security people are interesting to me. The role of a penetration tester, security consultant, red teamer, or whatever you want to call it is at the end of the day a technology generalist. The role demands a constant adaptation to an evolving set of technology, but the understanding of the technologies is often limited to just enough to know how to break it.
Of course, a web app tester understand the concepts of relational databases and how the front end application interacts with the backend database, but they will know far less about the complexities of databases than say, a lifelong database administrator. Don’t get me wrong being a penetration tester is a way better deal than being a DBA. You could not pay me enough to surrender myself to manipulating SQL queries for decades.
However, this ultra-practical mindset can have its drawbacks. In my (limited) experience there are two problems:
- Knowing just enough about a technology to see its problems
- An aura of superiority over the ugly bits of a new technology
This view of technology would be like sports with no highlights. Imagine watching the Super Bowl where all you see is the huddle and first down runs for 3 yards. Yes, you would get a semi-realistic understand of how the game is played, the often mundane rules surrounding it, and the meta-strategies underlying the game. But, there’s no fireworks. No love, joy, or amazement. You would never get to experience the magic, the emotional, the awe-inspiring moments that makes kids want to be like their favorite athletes.
Simply put, this is a boring life. In the same respect, viewing technology as a mess of half baked code slapped together by someone that just wants the the damn thing to work is like viewing Michelangelo’s David as a 17ft tall rock cut by a spoiled, but failed banker. Technically, it is an accurate description but it fails to capture the inexplicable beauty of what is produced.
Essentially, this is a winding and undirected precursor to express my discontent with the security industry’s bemoaning of artificial intelligence, especially LLMs. A generational defining technology is written off by many in the security industry as an insignificant facade. There is no argument that, in its current state, AI is disproportionately emphasized compared to its actual practical applications. However, this is short sighted and only views the technology through its flaws. For the first time in history, we have created a system that can emulate the accruement of knowledge through language. One of the defining characteristics of the human that separated us from the rest of the animal kingdom is our ability to encode data about the world into words and speech. This allowed us to store tribal knowledge, develop societies, and create beautiful works of art. Finally, we are standing at the doorstep of equipping machines with the same ability. LLMs will not merely be helpful assistants or convenient search engines, but agents that can act independently in our world.
If you want to understand how life will change with AI, take the agency pill.
This post is a bit more winding and a bit less friendly than I like to be.. however the next post should be more optimisitc :^). Read it at the link above!
– Josh