#02: The Future of Cybersecurity - Automation Meets Human Insight

In this episode of Follow the Rabbit, host Kofi Osae-Attah welcomes Lili Guo, the CISO and partner at Modelverse. Together, they discuss the delicate balance between automation and human intuition in cybersecurity. Lili shares her experience transitioning from the "dark ages" of 100-page Word documents and endless Excel spreadsheets to establishing functional digital infrastructures. She emphasizes that automation is not only about APIs and dashboards; it's also about reducing the "work burden" and preventing burnout for security analysts.The conversation delves into the architecture of an Information Security Management System (ISMS). Lili demystifies the path to ISO 27001 and other major certifications. She explains that an ISMS is a dynamic, living system, not a static checklist. Organizations can achieve continuous compliance by integrating automation into daily operations rather than just "cramming" for an audit. Lili also shares a strategic "source of truth" approach, showing how to map one set of automated controls across multiple frameworks, such as SOC 2, PCI DSS, and NIST, to save hundreds of manual hours.Finally, the episode addresses the human element in technology. Although AI is a game-changer for incident management and threat detection, Lili argues that technology cannot replace the cultural context and strategic design that a human CISO provides. Learn how to balance incident detection tools with "fit for purpose" policies to ensure your security measures protect the business without disrupting workflow.TakeawaysDitch the "Dark Ages" of Excel. The foundation of effective cybersecurity automation is digitalization. The first step to reducing toil is moving lists from Word and Excel into a centralized platform.The ISMS is alive. An Information Security Management System requires continuous improvement and management involvement. Automation should send routine check alerts year-round to keep the system active.Unified Compliance Strategy: By establishing a single source of truth, companies can automate the collection of evidence that satisfies multiple audits (ISO 27001, SOC 2, etc.) simultaneously, reducing redundant work by up to 80%.AI in Incident Management: Automation and AI are essential for filtering false positives, allowing SOC teams to focus on real, high-priority threats.Judgment can't be automated. Security policies must be "fit for purpose." Only humans can understand organizational culture and ensure that security measures don't stifle productivity.Why Listen?If your team is stressed for weeks before a security audit, your process is broken. Listen to this episode to learn how to transition from a reactive, manual approach to a proactive, automated security strategy. Whether you're a technical lead or a business executive, Lili Guo provides a blueprint for scaling your security operations using smart technology and human-centric design.Don't forget to like, push, and subscribe to the Follow the Rabbit podcast! Join us as we explore the intersection of technology, trust, and the people behind them.Links:You'll find Lili on Linkedin. More about Modelverse here.