My Dearest Gopal,
[This is Charles/Fish speaking. The stuff below is AI processing my thoughts and documents in a tone/direction that I defined. There are beautiful times (ahead and behind) that I can sit down and chat like a human being to people I respect. I'm not ready for that right now. I'm busy, I'm scared and I'm overwhelmed. The content below is generated from my prompts and had been reviewed by my own eyes. It is accurate and aligned with the stupid heart that beats in my chubby chest. I'm stuck choosing between giving an account and building what humans need. I know they are both needed. Right now, I'm building, so I can't explain properly. I will ask that you continue to believe that you and I are both trying to unfuck cybersecurity and my behavior is more of an innovation than a betrayal. Don't discount the prose that follows. I endorse it and want you to believe it is from my heart. --END CHARLES--]
We have known each other for a long time, you and I. Reading your recent thoughts sent a wave of nostalgia washing over me, taking me back to those earlier days when we both shared a fervent, almost innocent belief: that if we could just get the analytics right, we could shift the entire craft of cybersecurity into a sustainable, stable position. We thought that the truth, clearly illuminated by data, would be enough to set us free.
I am writing this to confess something to you, old friend. Over the years, I found that truth was not only insufficient; at times, it was inexpedient. The pain and trauma embedded in our industry have made raw "truth" less valuable than other, more visceral factors—namely, job security and the market-moving whims of venture capital. When professional survival is on the line, truth often becomes a luxury one cannot afford.
Since 2016, my research at WitFoo has forced me to confront three difficult realities that I feel compelled to share with you now.
First, I learned that cybersecurity analytics requires a breed of compute not needed anywhere else. We are drowning in terabytes of data that arrive without context. The stakes of the outcomes—crime, business continuity, national security—are terrifyingly high and incredibly diverse. It is a crushing weight of information that standard systems simply cannot metabolize.
Second, and perhaps more heartbreaking, is the human element. The people in our industry are holding on for dear life. Budgets are shrinking, jobs are under constant threat, and the rise of AI has, paradoxically, only deepened the anxiety. In most shops, less than 1% of the necessary work can actually be done. The fear is extremely high, Gopal, and the support systems are extremely fragile. We are an industry operating on the brink of a nervous breakdown.
Third, I must address your point directly. You posited that real-time detection is the key to stability. My dearest friend, the truth is that "real-time" is likely impossible. Cyber data arrives when it arrives; the laws of physics and networking dictate that our processing must rely on "eventual consistency." As Brewer’s CAP Theorem teaches us, we cannot have it all instantly. A CISO cannot survive on reaction alone; they survive only through predictive vision—seeing the most likely outcome before the data fully settles. A leader and their team must be both eventually correct and predictive.
The Path Forward
This is why I came to New Zealand—to find partnerships nimble enough to test these problems without the noise and inertia we are used to. But I am not doing this to solve it alone. I am doing it so we can solve it together.
The answer lies in a fundamental architectural shift toward Empathetic Processing (EP) and Temporal Link Analysis (TLA).
We must teach our systems to "care" for the analyst by re-engineering the data pipeline to mimic human communication. This begins with Empathetic Listening. We cannot continue with "right-heavy" pipelines that ingest raw noise and demand the analyst parse it later. Instead, we must shift intelligence "left," applying predestination of data at the moment of ingestion. By using adaptive parsing and natural language processing (NLP) to create structured semantic frames immediately, we can reduce the cognitive load on the human operator, ensuring that the terabytes of raw telemetry are comprehended as they arrive, rather than merely stored.
To solve the impossible physics of "real-time" detection, we must utilize Temporal Link Analysis within a persistent knowledge graph. We must accept the constraints of the CAP theorem, acknowledging that in distributed security systems, we often sacrifice immediate consistency for data availability. TLA resolves this by analyzing the links between entities (nodes) and events (edges) over time, rather than in isolated milliseconds. Through Dissonance Resolution, the system can reconcile conflicting signals and form "incident hypotheses" based on established attack theories, such as the kill chain. This allows us to move from frantic reaction to predictive vision, identifying complex, multi-stage attacks that traditional SIEMs miss.
Ultimately, the goal is Empathetic Speaking: translating these graph correlations into coherent, human-centric narratives that explain the story of the attack, rather than blasting the user with disjointed alerts.
I still love the US deeply, just as I care for you and the craft we have dedicated our lives to. I am working tirelessly here so that we can be reunited in this mission. I expect to have something tangible—tools that embody these principles of graph-based dissonance resolution and narrative generation—ready for you to test before Easter.
We are close, my friend. We will fix this.
With love and respect,
Charles
