Cisco Meraki's Stephen Gubenia on How to Crawl-Walk-Run to AI-Powered SecOps

Stephen Gubenia, Head of Detection Engineering for Threat Response for Cisco Meraki, shares his evolution from managing overwhelming alert volumes as a one-person security team to architecting sophisticated automated systems that handle everything from enrichment to containment.

Stephen discusses the organizational changes needed for successful AI adoption, including top-down buy-in and proper training programs that help team members understand AI as a productivity multiplier rather than a job threat.

The conversation also explores Stephen’s practical "crawl, walk, run" methodology for responsibly implementing AI agents, the critical importance of maintaining human oversight through auditable workflows, and how security teams can transition from reactive alert management to strategic agent supervision.

Topics discussed:

• Evolution from manual security operations to AI-powered agentic workflows that eliminate repetitive tasks and enable strategic focus.

• Implementation of the "crawl, walk, run" methodology for gradually introducing AI agents with proper human oversight and validation.

• Building enrichment agents that automatically gather threat intelligence and OSINT data instead of manual investigations.

• Development of reasoning models that can dynamically triage alerts, run additional queries, and recommend investigation steps.

• Automated containment workflows that can perform endpoint isolation and other response actions while maintaining appropriate guardrails.

• Essential foundations including proper logging pipelines, alerting systems, and detection logic required before implementing AI automation.

• Human-in-the-loop strategies that transition from per-alert review to periodic auditing and agent management oversight.

• Organizational change management including top-down buy-in, training programs, and addressing fears about AI replacing jobs.

• Future of detection engineering with AI-assisted rule development, gap analysis, and customized detection libraries.

• Learning recommendations for cybersecurity professionals to develop AI literacy through reputable sources and consistent daily practice.