Conference Talks & Presentations

Showcased a practical implementation of Large Language Models (LLMs) and Retrieval-Augmented Generation (RAG) technology to supercharge security analyst workflows at BNY Mellon. Demonstrated context-aware assistance with institutional knowledge, semantic search across thousands of rules, automated rule generation from threat intelligence, redundancy detection at scale, and streamlined threat intelligence automation.

The complete journey of building an operational machine learning organization from the ground up at BlockFi. Covered building cross-functional ML teams, scoping business problems for executive buy-in, conveying strategic vision, operationalizing ML and data science, building clear business objectives, and establishing MLOps infrastructure for production-ready machine learning in cryptocurrency financial services.

Showcased how BlockFi uses Splunk to identify operational risks and ensure the safety of client assets leveraging machine learning techniques including anomaly detection for unusual transaction patterns, forecasting for threat prediction and risk assessment, and graph analytics for data mining blockchain transactions, tracing fund flows, and identifying connected threat actors to prevent fraud and account takeover in real-time.

An overview of machine learning and AI concepts tailored for security analysts, cutting through the marketing hype to focus on practical applications. Covered ML & AI fundamentals, the difference between ML and AI, and the promise and limitations of AI for security analysts. Included practical walkthroughs of ransomware detection using behavioral analysis and botnet detection with clustering techniques, demonstrating real-world use cases with measurable results.

Webinar cutting through the vendor hype to provide useful definitions of AI and ML terms in security context, practical applications of the technology, speed improvements for incident reaction time, and resource optimization for IT security staff. Demonstrated real-world implementations that deliver measurable results including automated threat triage, intelligent alert prioritization, and accelerated investigation workflows that reduce mean time to detect and respond.

Explored the journey from reactive to prescriptive analytics in security operations. Reviewed the advanced analytics maturity model (descriptive, diagnostic, predictive, prescriptive) tailored for security operations. Covered utilizing machine learning to respond to security incidents, automating remediation workflows, building an analytics-driven SOC, and operationalizing ML models at scale with behavioral analytics, anomaly detection, and automated response orchestration.

Demonstrated common tried and tested SPL patterns used in building security use cases. Deep dive on the tstats command with tips and tricks, data model acceleration techniques, and performance tuning best practices. Covered proven query structures that balance accuracy, efficiency, and reliability while minimizing performance impact and building scalable detection logic for threat hunting and compliance requirements.

Hands-on workshop teaching security best practices for building operational Splunk apps. Covered technical add-ons, data validation, Common Information Model (CIM), summarization, data enrichment, analysis techniques, and visualization. Advanced topics included machine learning, data science techniques, hypothesis formation, and process considerations for operationalizing detections. Participants iteratively developed a working security app using the Boss of the SOC competition dataset.

Explored machine learning toolkits available in the Splunk platform for botnet hunting and advanced threat detection. Covered using ML to identify command and control communication patterns, periodic beaconing detection, unusual traffic patterns, and behavioral analysis. Demonstrated detecting data exfiltration through statistical analysis including volume anomalies, destination analysis, protocol anomalies, and time-based patterns for effective botnet identification.

Explored existing machine learning toolkits available in the Splunk platform and how they can be applied to data exfiltration detection, port/traffic analysis, and advanced threat use cases. Demonstrated how Splunk's ML Toolkit makes advanced analytics accessible to security practitioners without deep data science expertise. Covered combining Suricata's rich network telemetry with machine learning for feature engineering, behavioral analysis, anomaly detection, and operationalizing models for early botnet detection.

Explored machine learning toolkits in Splunk for security practitioners focusing on practical, operational machine learning that SOC engineers can implement without deep data science expertise. Covered data exfiltration detection through abnormal data movement patterns, port/traffic analysis using statistical analysis, and advanced threat detection using ML to identify sophisticated attacks that evade signature-based detection. Demonstrated anomaly detection workflows, statistical outlier identification, and time-series analysis for operationalizing ML models in production SOC environments.