Abstract: 

This training was delivered this year in Defcon (Blue team village, Cloud village, ICS Village, Packet Hacking Viallage, Wall of Sheep, Creator Stage, Telco Village, and Adversary Village). It is now more refined and streamlined after many iterations. 

Register Now!

In the complex landscape of modern cybersecurity, identifying coordinated attacks within massive volumes of security data is a formidable challenge. Security professionals often grapple with distinguishing these attacks from numerous false positives and isolated incidents. This talk will illuminate how data science can be harnessed to transform tons of events, logs, and alerts into a bunch of clusters, a few kill chains, and fewer actionable insights, with open-source models.

Join us on a journey to enhance security operations efficacy and efficiency

Register Now!

.

In the intricate and ever-evolving landscape of modern cybersecurity, pinpointing coordinated attacks amid vast volumes of security data is an immensely challenging task. Security professionals constantly wrestle with distinguishing genuine threats from a sea of false positives and isolated incidents. This talk will shed light on how data science can be leveraged to transform an overwhelming number of events, logs, and alerts into manageable clusters, insightful kill chains, and actionable insights using open-source models.

Attendees will gain a comprehensive understanding of the necessary steps to preprocess and normalize diverse data sources, map them to standardized threat models, and use AI-driven methods to contextualize and correlate security events, like clustering, knowledge graphs and community dteection. The training will also cover how to generate different types of tickets, such as false positive advisories, incident reports, and detailed attack stories, to streamline response efforts and enhance security operations’ overall efficacy and efficiency.

Register Now!

Who is this training targeted to?: 

SOC Analysts, SOC Engineers, SOC Directors, SOC Managers, VP of Cyber Security Operations

What should students bring? (i.e mac book, RAM?, api for openai, etc)

Laptop & browser with at least 2GB Ram

Register Now!

What would the attendants get from this course?

They will know how to operationalize machine learning & aritfiical intelligence towards use cases in the SOC, from enriching with environmental & tactical cyber knowledge, to correlation with other similar & sequential data points & contextualization with relevant business logic. 

BIO: 

Ezz Tahoun, a distinguished cyber-security data scientist, who won AI & innovation awards at Yale, Princeton and Northwestern. He spoke and keynoted at Blackhat, Defcon & others. He also got innovation awards from Canada’s Communications Security Establishment, Microsoft US, Trustwave US, PIA US, NATO, and more. He ran data science innovation programs and projects for OrangeCyber Defense, Forescout Technologies, Royal bank of Canada, Governments, and Huawei Technologies US. He has published 20 papers, countless articles and 15 open source projects in the domain. When he was 19 years old he started his CS PhD in one of the top 5 labs in the world for cyber & AI, in the prestigious University of Waterloo, where he published numerous papers and became a reviewer for top conferences. His designations include: SANS/GIAC-Advisory-Board, aCCISO, CISM, CRISC, GCIH, GFACT, GSEC, CEH, GCP-Professional-Cloud-Architect, PMP, BENG and MMATH. He was an adjunct professor of cyber defense and warfare at Toronto’s school of management

Register Now!