Live Oak Bank's George Werbacher on AI As SecOps' Single Pane of Glass

George Werbacher, Head of Security Operations at Live Oak Bank, reviews the practical realities of implementing AI agents in security operations, sharing his journey from exploring tools like Cursor and Claude Code to building custom agents in-house. He also reflects on the challenges of moving from local development to production-ready systems with proper durability and retry logic.

The conversation explores how AI is changing the security analyst role from alert analysis to deeper investigation work, why SOAR platforms face significant disruption, and how MCP servers enable natural language interactions across security tools. George offers pragmatic advice on cutting through AI hype, emphasizing that agents augment rather than replace human expertise while dramatically lowering barriers to automation and query language mastery.

Through technical insights and leadership perspective, George illuminates how security teams can embrace AI to improve operational efficiency and mean time to detect without inflating budgets, while maintaining the critical human judgment that effective security demands.

Topics discussed:

• Understanding AI's role in augmenting security analysts rather than replacing them, shifting roles toward investigation and threat hunting.

• Building custom AI agents using Python and exploring frameworks like LangChain to solve specific SecOps use cases.

• Managing moving agents from local development to production, including retry logic, failbacks, and durability requirements.

• Implementing MCP servers to enable natural language interactions with security tools, eliminating the need to learn multiple query languages.

• Navigating AI hype by focusing on solving specific problems and understanding what agents can realistically accomplish.

• Predicting SOAR platform disruption as agents take over enrichment, orchestration, and response with simpler automation approaches.

• Removing platform barriers by enabling analysts to use natural language rather than mastering specific tools or query languages.

• Exploring context management, prompt engineering, and conversation history techniques essential for building effective agentic systems.

• Adopting tools like Cursor and Claude Code to empower technical security professionals without deep coding backgrounds.