top of page
Search

My Journey of Learning AI - 10/23/25

  • Michael He
  • Oct 23
  • 3 min read

ree


10/23/2025 - NLP


My current focus is on building proficiency in Python and AI, with the ultimate professional goal of integrating AI capabilities into security platforms like Sentinel or XSIAM.


I recognize that this goal requires a deep, fundamental understanding of how machines process human language and text-based data. Therefore, I am starting my journey with Natural Language Processing (NLP).


While some basic integration tasks might not require advanced NLP knowledge, mastering these foundations is critical for future success, allowing me to:


  1. Extract meaningful insights from security logs, reports, and threat intelligence.

  2. Build robust, custom models for anomaly detection and incident classification.


The NLP Foundation: Core Concepts


I understand that NLP serves as the essential building block for handling textual data within AI. My plan is to methodically cover the following core areas, moving from traditional statistical methods to modern deep learning techniques:


1. Fundamental Learning Models


  • Supervised vs. Unsupervised NLP: Understanding the difference between training models with labeled data (like classifying known malicious alerts) and finding hidden patterns in unlabeled data (like topic modeling on incident reports).


2. Data Preparation


  • Text Cleaning: Implementing standard preprocessing steps including Lowercasing, Stop Word Removal, and Tokenization.

  • Semantic Reduction: Applying both Stemming (fast, approximate reduction) and Lemmatization (accurate, dictionary-based reduction).

  • Context Capture: 

    • Bag of Words (BoW): A simple frequency-based text representation. It treats text like a pile of words, losing the critical element of word order.

    • Utilizing N-grams to capture phrase-level information. It becomes more meaningful in comparing with BoW.

      ree

  • Information Extraction: Using Parts-of-Speech (POS) Tagging and Named Entity Recognition (NER) to extract key entities like IP addresses and usernames.


3. Vectorization and Semantic Representation


  • TF-IDF: A powerful weighting scheme that prioritizes rare and highly distinctive words.


4. Advanced Semantic Modeling


  • Topic Modeling: Understanding unsupervised methods for discovering abstract themes in large corpora:

    • LSA (Latent Semantic Analysis): The algebraic, SVD-based approach.

    • LDA (Latent Dirichlet Allocation): The probabilistic, generative approach.


  • Sentiment Analysis: Applying methods, from Rule-Based systems to Pre-trained Transformer Models, to gauge the emotional or priority context of security communications.


5. Model Building


  • If you plan to build your own text classifiers using foundational Machine Learning algorithms, including -


    • Logistic Regression: This model uses a straight line (or plane) to separate text documents into two categories, then uses a function to turn that separation score into a probability (e.g., 85% chance of being malicious).


    • Naive Bayes: This is a probability-based model that classifies a document by calculating the chance that it belongs to a specific category, based on the historical frequency of all the words it contains.


    • Linear Support Vector Machines (SVM): This algorithm finds the optimal, widest boundary (or "margin") between different categories of documents, which makes its classification decision extremely clear and robust.


This structured approach ensures I build a comprehensive skill set necessary to effectively apply AI to complex cybersecurity challenges.




9/14/2025


I want to start by saying: I’m not an AI expert - not even close. Like many of you, I’m learning as I go, and I’d like to share a bit about my journey so far.


Where It All Started


My first step was the Azure AI-900 certification, which gave me a very basic understanding of AI concepts - things like definitions of LLMs (large language models) and AI fundamentals. From there, I moved on to AI-102, which dives deeper into API calls and explains various AI functionalities. I found this extremely valuable, as it prepared me to engage with AI tools and concepts in a more hands-on way.


How Far I Plan to Go


Will I learn the inner algorithms of LLMs and AI? Probably not. My focus is on using APIs from OpenAI and frontier models rather than reinventing the wheel. At most, I’ll experiment with fine-tuning techniques like LoRA and QLoRA, which I feel are more than enough for someone with a network security background like mine.


Exploring Agentic AI


One area I do want to explore is agentic AI - since it’s a hot topic across the industry. I’m particularly interested in how it can improve workflows and daily operations. For example, my company embedded an agent into ServiceNow: when a new ticket is created, the system automatically reads it, runs retrieval-augmented generation (RAG), and provides helpful links to users. Are those links perfect every time? No. But it’s a step forward in automation, and I really like the direction it’s heading.


What’s Next


The big question for me now is: how can I apply what I’ve learned in AI to the field of network security? That’s where I want to focus my future learning and exploration.



My Study Materials


Comments

bottom of page