Posted
The Advanced Persistent Talent series profiles ThreatConnect employees and explores how their work impacts products and offerings, how they got here, and their views on the industry at large. Want to know more about a particular team? Let us know!
One of the most prevalent criticisms of AI tools today is that they could be used to replace human creativity.
For Joe Miller, ThreatConnect’s Senior Director of Product, Polarity and AI Research, however, the interaction between AI and creativity is not so black and white. In fact, he envisions a future in which AI frees up people to think more creatively at work—even threat analysts. And finding new ways to prompt and use AI? That might be a creative act itself.
Learn more about how Joe thinks about the role of people versus the role of AI in shaping ThreatConnect’s AI research in the conversation below
The following conversation has been edited for clarity and length.
How did you get into the threat intelligence space?
Joe Miller: I started my career out of college by working with the State Department, doing logistics and supply chain work. With that, I was overseas in Iraq for a year. There, I met some folks at the CIA. I went over to the CIA and got a master’s degree in information systems. I taught myself how to code, how systems work, how architecture works from a technology perspective, and became a data scientist.
I did a lot of analytical work as a supply chain person, analyzing trucking and shipping routes—things like that. So data had always been an underlying thing for me, and statistics has always been something I was good at. That was a natural transition once I taught myself some Python and JavaScript.
When I was still with the Agency, I took over a group for Bill Michaels—who’s [now] Polarity’s Director of Engineering—that managed the data science architecture. That led me into the product world.
I had met some of the guys who started Polarity playing video games and at the Agency. They called and said, “Hey, we need somebody who can do many different things. Why don’t you come on board?” And that’s how I got into the cybersecurity world.
What does your role look like at ThreatConnect?
I do a lot of different things. I still run product for Polarity, so I still work with the engineering team and set the integrations roadmap. Sometimes, I answer support emails or jump on with customers to troubleshoot something with Polarity.
I also direct the CAL Product team, the data team, and the data science team. I work with John Snyder regularly to help him set up projects that he’s going to work on.
And then I also head up all of our AI research. We have a research team that’s getting spun up that will investigate how we can solve problems across all three of our products with AI in mind.
What are the most interesting challenges you’re working on right now?
Probably what we’re doing on the AI side. We’re going to be working on some pretty cool problems around: Can we prioritize threat intelligence for analysts? Can we tell what an analyst is looking at, whether it’s a report or individual pieces of information? Can we tell them why it matters to them, and then what to do about it? For example, how is this affecting me, and what’s the recommended next step for it? Can we make that agentic in today’s world?
How do you think about work that humans should do versus work that AI should do?
Anything creative should never be an AI’s job. This is my personal take on it. AI should not be doing art. AI should not be doing writing. AI should be doing the shit we don’t want to do, right?
Do you consider any aspects of an analyst’s job to be creative work?
For sure. I think AI is never going to be able to do everything from a cyber perspective. I think it’s going to uplevel analysts and make their lives easier—they’re not spending time doing the triage of an alert, which takes hours, right? They’re spending the time being proactive and figuring out where they can go, what they can do to stop a threat actor, those types of things.
But people still need to understand AI. They still need to be able to tell it what to do and tell it how to react from that creative perspective. I think there is a creative lens there.
How should analysts and threat intelligence teams think about AI’s role in their jobs today, or in the immediate future?
It should make their lives easier. Any company looking to use AI should only be looking to answer: How could it help my people?
That’s what we’re trying to do here at ThreatConnect—developing tools that are going to help the analyst. It’s going to bring forth the things that matter to them the most, that they need to look at, and they need to take action on. It’s going to take action on the mundane things, free up that space to be creative in the cyber world.
What do you wish more people knew about Polarity?
Polarity can interact with other tools. We’re not just a lookup tool, not just a federated search. We can enable actions for analysts: It can be creating a ticket, running a playbook, blocking something on your firewall, or blocking something on your endpoint. Polarity can do these actions for you as an analyst.
We’re also not an endpoint agent. We are a desktop application. We get that question so often. Polarity is not like a SentinelOne or a CrowdStrike endpoint. It’s like a Slack application that you interact with.
What do you spend time on outside of ThreatConnect?
I’m a nerd, first and foremost.
I’m a huge movie fan. We recently watched Dreams by Akira Kurosawa and are also doing a Star Wars rewatch.
I’m a big DnD TTRPG person. I have a lot of games and video games.
I was a professional axe thrower. I haven’t done it in a while but almost made ESPN. I was one or two matches away from ESPN.
How did you get into axe throwing?
You just go to a venue, join a league, start to figure things out, get decent at it, meet new people, and go to tournaments. Then you get sponsored.