Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Controls
AI Safety
Enterprise Architecture
Blockchain
Zero Trust
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Controls
AI Safety
Enterprise Architecture
Blockchain
Zero Trust
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersEventsBlog
Join Cyera’s DataSecAI in Dallas, Nov 12–14 to adopt, activate, and scale AI security for the future.

Beyond Generative AI – My Journey to Expert-Guided AI

Published 10/31/2025

Home
Industry Insights
Beyond Generative AI – My Journey to Expert-Guided AI
Written by Mark Fishburn.

 

Introduction

I wrote my first data-driven guidance and measurement app when I founded my first software company three decades ago. Back then, AI was described as a “knowledge-based system!”

It became obvious that if I wanted to create an AI-assisted implementation for my cybersecurity software or any other topic, I needed to understand the nature of the beast. In the challenging journey into the unknown that we are all facing, I rapidly discovered that using GenAI alone was never going to cut it.

My specific goal was to create a cybersecurity system reflecting my organization’s purpose – Cybyr.com: Every Organization Protected. It should make recommendations and measure risk reduction over time, bringing guidance and measurable actions to life, just like a subject matter expert can do – but GenAI cannot.

However, although my personal destination was to create state-of-the art software, this article is about the journey to create a new form of AI-based tool for any subject.

I embarked on a path that used GenAI while recognizing its strengths and limitations that don’t become apparent until you use it every day.

Much more than that, I wanted users from all types of organizations to be appraised of the very latest developments and to ask for information Gen AI-style without the dated, risky, large language model approach, uncertain privacy, and mistake-ridden responses.

 

Understanding the Beast

GenAI Strengths

Human Strengths
  1. Makes suggestions by digesting vast amounts of information.
  2. Instantly teaches new languages and tools, replacing study.
  3. Rapidly generates good, if generic, documents, presentations, software, websites, and videos.
  4. Saves masses of time on tedious tasks.
  5. Today, you don’t have to be a coder to be a coder.
  1. Possesses actual intelligence (discernment, subject matter expertise, experience, motivation).
  2. Innovative and creative, with the ability to invent ideas and find inspiration from pure thought.
  3. Learn business, technical, and life lessons from experience, enabling us to ask the question “Why?”
  4. Understand relationships and create emotional responses while multi-tasking between many interrelated developments that impact decisions.
  5. Discover innovative and evolving ideas from discussions in collaborative groups - particularly in the complex world of AI and Zero Trust cybersecurity.
 

GenAI Limitations

Human Limitations
  1. Only understands context if fed to it, having no implementation experience.
  2. Is not curious – only responsive. It does not ask users proactive or “why” questions or develop innovative ideas.
  3. Is trained from data, often 1 to 4 years old, unless constant costly relearning is budgeted.
  4. Frequently advises based upon conflicting, out-of-date and insecure, non-verifiable sources presented as facts rather than suggestions.
  5. Overwhelms users with information. When they discover errors, GenAI apologizes, providing new suggestions, leaving users unsure if these are correct.
  6. Requires users to check and correct every line when generating code.
  1. Users/humans can’t ask questions about what they don’t know that they don’t know!
  2. Struggle to make decisions that require filtering conflicting ideas and get overwhelmed with too much information.
  3. Unable to discriminate between facts and persuasive marketing ideas because of constraints such as the fear of job loss and the need to be admired.
  4. Don’t realize that most decisions are governed by “political” choices, mis-remembered facts, and emotions from the past - rather than living in the present.
  5. Can’t know every new technique, language, Zero Trust and network ecosystem methodology or vulnerability.

 

How I combined Human and AI strengths to build my Expert-Guided Cybersecurity System

Cybersecurity needs to be a holistic business imperative for the whole organization. However, most organizations don’t have the resources to evaluate hundreds of vulnerabilities. This is why I built a proactive, expert-guided AI system blending human Zero Trust expertise together with generative AI. It needed to be transformative, informative, cutting-edge and secure by design:

 

Transformative

  • Conducts a proactive investigation of each department in the organization – not just IT.
  • Makes data-driven recommended actions based on Zero Trust and subject matter expertise, prioritizing the most urgent.
  • Measures progress to remove vulnerabilities and reduce risk over time.

 

Informative

  • Delivers the latest advice, in my case, from the world of cybersecurity.
  • Guidance on all aspects of Zero Trust: identity, access control, policy management, monitoring, resilience, breach detection, supply chain management, etc.
  • Up-to-the-moment distilled guidance on threats, news from top cybersecurity news sites, video series from experts, blogs, and key issues from 8,000 sources per month etc.
  • Train users to effectively communicate with private and top Gen AI agents.

It’s an approach that is applicable to any topic, not just cybersecurity and it was all built using AI.

 

Building Something of Great Value for Your Project

There has been much made of the recent MIT study that revealed only 4% of AI projects result in a successful outcome. Here is some collective wisdom that I use to build mine that I hope will put you in that 4%!

  • AI failures are typically not AI failures they are data management failures – management of the data is critical.
  • Think carefully about what issue you are addressing. Is AI the right tool or are you just trying to find a use for AI, because there is pressure to do that?
  • Keep it simple and go for the first quick win. Expand the solution. Do not try to “boil the ocean.”
  • Do not get distracted or overwhelmed. Train your AI to ask you questions and not guess. Have it work one step at a time. Question everything to minimize its mistakes.
  • Spend 20% of your time focused on the value of the outcome, 60% planning it and 20% having fun building it with AI.

 

Summary

Certainly, we must continually adapt. This work is an example of that. The human will always be the thinker and the controller with the AI as the accelerator. Understanding this, Generative AI makes our work more valuable, productive and enables our personal creativity – even if sometimes it’s hard work, like trying to train an unruly, if willing, teenager! For more on these ideas, especially managing AI conversations, visit cybyr.com/ai.

About the Author

Mark Fishburn is CEO of cybyr.com and has five decades of experience in networking, security, software and marketing services. He is a member of several CSA Zero Trust network and security working Groups, similarly for ONUG and MEF (now Mplify) where he was also a previous board chair. He is a published author and resident Network and Security expert for ISE magazine.

Zero TrustData SecurityPrivacyRisk ManagementArtificial IntelligenceInnovating from the cloud

Share this content on your favorite social network today!

Future Cloud
Related Resources
Certificate of Competence in Zero Trust (CCZT)
The industry's first Zero Trust certificate program.
AI Organizational Responsibilities
A blueprint for enterprises to secure AI development and deployment.
AI Safety Initiative
Addressing present and future challenges of AI safety and security.
Latest from CSA
Lead in Responsible AI: Enroll Now in the Trusted AI Safety Expert (TAISE)
The Global Framework for Responsible AI Assurance
Register for the Nov 6 Webinar on Cloud Asset Blind Spots
Unlock Cloud Security Insights

Unlock Cloud Security Insights

Choose the CSA newsletters that match your interests:

Subscribe to our newsletter for the latest expert trends and updates

Secure your cloud data with Zero Trust Training
Related Articles:
Regulatory Reckoning: The Hidden Cost of an Immature Compliance Program

Published: 10/30/2025

Hypervisor Security in Finance: Why Virtual Infrastructure is a Growing Ransomware Target

Published: 10/30/2025

Building an AI Native Engineering Organization: Lessons in Speed, Culture, and Security

Published: 10/29/2025

Passwordless Authentication - A Digital Trust Transformation in Combating Credential-Based Attacks

Published: 10/29/2025