Hey, I’m Alex Hurtado—and if we haven’t met, here’s the TL;DR from my last blog post on the Thor Collective Dispatch.

I want to talk about the two types of people in security.

Okay fine, there may actually be 471. But for the sake of this take and your short attention span, let’s go with two:

The Introverts and the Extroverts.

One rewrites a detection rule six times before shipping it.

The other is already demoing it to leadership with a smile and a dashboard.

Together? They keep the world SOC balanced.

The Vibe Check: Innies vs. Outies

You might think of introverts and extroverts as just personality types. But personality is the output. Temperament is the operating system—the backend code shaping how we show up. It’s not just mood; it’s wiring. These patterns of behavior last a lifetime and are shaped by needs, energy sources, and natural talents.

• Introverts recharge inwardly. Reflection, focus, deep thoughts = inner world magic.
  
  

• Extroverts get their juice from the outside world. Action, interaction, shared ideas = external fuel.

In crisis?

• Innies pause, observe, then respond.
  
  

• Outies jump into action, then figure it out mid-leap.

Both are crucial in the SOC, where incidents don’t wait for personality assessments.

Introverts vs. Extroverts: A Table of Ops Truth

Why SOC Harmony Needs Both

• Innies and outies don’t compete for airtime.

• Extroverts bring innies into the room—socials, conferences, visibility.

• Introverts help outies focus, prioritize, and think twice before YOLO-ing a playbook.

• Outies advocate when innies go unheard.

• Innies save outies from overexposure fatigue.

And yeah—conflict will happen, a lot.
There are some downsides such as the fact that introverts can be tuned out, not heard, and overpowered by the extrovert’s louder nature. Extroverts may feel frustrated by the introvert’s disinterest in taking part of conference talks, showcasing research, podcasts, any kind of limelight engagement.

Still, it’s worth it. When you decode the differences, you don’t just “manage” each other—you amplify each other. Taking time to understand the differences between how each processes info can not only help flatten relational speed bumps but actually shake things up and thrive off each other's strengths instead.

Susan Cain Was Right About Everything

Reading Quiet didn’t just change how I saw introverts—it taught me how understand introverts in a world wired for extroverts. Big tech orgs, fast-moving startups, RSA vendor floor chaos—they all push the Extrovert Ideal: charisma over clarity, presence over precision.

Cain’s whole thesis?

“We dramatically undervalue the power of quiet.”

Reading Quiet also made me a bilingual communicator.
Working with loads of SOC innies in big corps and startups? Instant validation.

The two takeaways from Cain that hit especially hard in post-RSA life:

The Harvard Business School (HBS) Kinda Has it Wrong

She goes into a hard deep dive on the HBS, where students are literally graded on how much they talk. Speak early and often = leadership potential. But in security? We don’t need leaders who fill airtime. We need leaders who understand the assignment (and don’t hallucinate detection logic.)

Introverts Think Then Speak. Outies Speak Then... Keep Speaking.

Cain doesn’t roast extroverts (thankfully), but she highlights the imbalance. Extroverts talk to discover their thoughts, while introverts think to discover the right words.

Which one’s better in a post-incident root cause analysis? Trick question. You need both.

Susan Cain wasn’t writing about SOCs. But she might as well have been.

If you only invest in the loud, you miss out on the deep.
If you only build for the quiet, no one hears the signal.

Cain made me realize:
I’m not just navigating personalities—I’m navigating energy economies.
And if you want a resilient SOC, you need both currencies in circulation.

How to Speak Innie (Introvert-Friendly Comms 101)

Referring to them as innies and outies like belly buttons. Because…cute.

• Tackle one topic at a time

• Overcommunicate in writing via Slack/Teams

• Match their energy and pace

• Create quiet 1:1 spaces

• Say “Thanks for sharing” when they open up

• Cut the small talk—go for substance

• Respect their need to process info first

Great leaders aren’t always the loudest

Rosa Parks and Eleanor Roosevelt were quiet but powerful leaders showing that influence doesn’t require volume. In AI/CTI/DE discussions, you need leaders who think critically, listen well, and steer with intention, not those who dominate airtime. Kevin Gonzalez is the perfect example of this at Anvilogic.

How to Speak Outie

“Let’s talk this over” might be an outie’s love language.

• Let them talk it out—we think out loud

• Brainstorm together. It's bonding.

• Don’t expect every convo to have a point (sorry!)

• Use stories and vivid examples

• Emote. Bring the jazz hands.

• Mirror energy (with extra pep)

• Validate their ideas before riffing

• Help them stay on track with gentle nudges

Energy: The Invisible Currency of the SOC

Energy can’t be created or destroyed—only transformed. Sound familiar?

• Innies get fragmented when they spend too much energy in loud environments. They need solitude to reorganize and recharge.

• Outies get disorganized by stillness. Action transforms our chaos into usable fuel.

TL;DR?
One needs a nap.
The other needs a party.

Carl Jung once suggested that conflict isn’t random but fundamentally rooted in the natural tension between introverts and extroverts. Conflict gets a bad rap in the SOC. It feels messy, unproductive, and a distraction from the mission. But here’s the thing: rupture and repair? That’s how strong teams are forged.

It’s not the absence of friction that builds resilience—it’s working through it. Testing your system, your relationships, your reflexes. Again and again.

(Okay, I’ll stop. I’m veering dangerously close to therapist territory—though I do consider myself a false positive therapist on occasion.)

Now... back to our regularly scheduled post-RSA programming.

Enter the Era of “Just Plug in an Agent!”

It’s 2025, and RSAC sounds like a garage sale of autonomous security agents:

• “LLM-powered alert triage agents!”

• “Auto-generating SOAR playbooks via agents!”

• “Data pipeline agents!”

• “Context-enriching detection agents!”

Oh—and apparently, we’re supposed to start calling traditional endpoint agents sensors now, because the term agent has been unofficially rebranded for AI. I can’t make this stuff up.

And yet… alerts still suck.

Why?

Because everyone forgot to invite the quiet builders to the AI party.

You know—the ones who actually understand the data layer, threat operationalizing and modeling layer, and worse yet the political layer. The upstream where the logic actually happens and was created/operationalized by someone on your team even if it was some time ago.

LLMs Aren’t the Product. Your People Are.

Let’s get this tattooed somewhere:

“An LLM is not your SOC strategy. It’s just one (fragile, occasionally hallucinating) piece of it.”

The real work? That’s Linda. That’s Miguel.

That’s your introvert detection engineer who turned your SIEM rules from rage-inducing spaghetti into something vaguely usable.

As Andrew Green pointed out in his brutally super encouraging post, agents will only ever be as good as the data + pipeline + and detection logic you feed them.

And who builds that pipeline?

• The people who aren’t the loudest in meetings.

• The ones muttering “just give me JSON or give me death” under their breath.

• The ones who see detection engineering as a craft, not a checklist.

Meanwhile, the Extroverts Are Out Here Saving Us Too

They’re the reason anyone even knows about that brilliant detection logic.

They’re running tabletop exercises, calming down stakeholders, and asking questions like:

• “Can we demo this?”

• “How does this impact mean time to triage?”

• “Do we have a spicy chart for this?”

They bridge the gap between quiet craft and organizational buy-in.

Without them? Your genius never makes it out of the terminal window.

The Best AI Agent You’ll Ever Have Is Still Your Team

So yeah—deploy the agent. Play with the LLM. Build the workflow.

But also:

• Ask who’s cleaning and contextualizing the data.

• Ask who’s building guardrails so the AI doesn’t YOLO into production.

• Ask whether you’ve staffed your SOC like a real team, not just a collection of tools with brand stickers.

Because while the industry’s busy shouting about autonomy, the real revolution is happening in the quiet moments:

• In the shell scripts.

• In the detection tuning.

• In the awkward “this is probably nothing” Slack messages that become everything.

To the introverts: you’re the backbone of operational AI.

To the extroverts: you’re the spark that turns it into impact.

To the agents: Good luck keeping up with them because you don’t know how to navigate political red tape or who is drinking with whom at the Four Seasons.