SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

AI is everywhere. Most organizations and users are still just using it as a glorified google search, but it can do so much more! in this talk, we will walk through a practical example on how to leverage agentic AI to enrich your pentest reports with auto tagging mitre ID's!
Top-rated RSA session in 2023, 2024 and 2025, the "Always-On Purple Team" session is back! Attendees will discover how AI agents autonomously execute purple teaming and showcase an architecture where AI agents collaborate on threat intel, adversary emulation, and detection engineering. Will include a live demo (based on publicly available tools) and sharing of code!
This session will be a fairly lighthearted look at the problems we have in cybersecurity today, and why we struggle to improve things, despite spending billions. We will have a short case study and then finish with some suggestions on how we can make things better.
The term DFIR has become really popular over the last several years and is used as an all-encompassing term for digital forensics and incident response. But the reality is that there is actually an inherent contradiction between digital forensics and incident response, because the actual end goals of digital forensics and incident response are actually not the same. The reality is that for most organizations, incident response focuses on making the pain go away, and maybe improving security going forward. Thinking about a legal outcome is far from the reality for most organizations.