SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Imagine giving your intern not just access to your computer, but also your credit card, API keys, and permission to make decisions on your behalf, that's essentially what we're doing with agentic AI. Unlike traditional AI that focus on classification predicting outcomes, these systems actively take actions, use tools, and pursue goals with minimal human oversight. This creates complex new attack vectors: agents can be tricked into transferring funds, manipulated through crafted inputs, sent astray by misinformation and hallucinations from another agent in the chain, or develop unexpected behaviors that sidestep our security assumptions. We'll dive into real-world threat scenarios, explore why traditional security models fall short, and discuss practical approaches for containing and governing the next frontier of intelligent systems.
As a security professional, watching AI-generated code seep into production feels like a nightmare. It’s incredibly fast to write and looks convincing—but it’s often wrong.
Over the last 3 years, Unit 42 has performed multiple investigations relating to the threat actor group "JavaGhost," which targeted organizations’ AWS environments.
Virtual
Cloud-based identity security is notoriously slippery: every cloud has a different security philosophy and the actions that cloud logs describe are not always easy for a defender to visualize.
Over the last 3 years I've led the implementation of multi-cloud security platforms at 3 different UK organisations: OVO Energy, Q-Solution, and The National Archives.
Virtual
In today's rapidly evolving digital landscape, ensuring robust cloud security is more critical than ever.
Securing multiple clouds is a daunting task. It typically requires cloud security engineers to have a deep understanding of each cloud's controls. Generative AI (GenAI) offers a promising way to simplify this process.
Virtual
As cloud environments evolve, securing AI-driven and cloud-native workloads has become a paramount challenge.
The session will help attendees learn how Infrastructure as Code (IaC) and GitOps, powered by Argo CD and Crossplane, can significantly strengthen your multi-cloud security posture through automated, declarative governance and real-time threat mitigation.
Virtual
Break-glass or emergency access accounts represent the last line of defence in cloud environments, reserved for scenarios when identity providers fail, automated systems misfire, or administrators lock themselves out.
We all hear it: "Manage your infrastructure as code." But what happens when the reality of multi-account setups, unmanaged settings, and the limitations of your IaC tool start pushing your team toward manual fixes?
As AI features rapidly roll out across popular cloud tools like Microsoft 365 Copilot, Salesforce Einstein, Grammarly Business, and Zoom’s smart summaries, organizations are unknowingly inheriting risk — not just technical, but regulatory and reputational.
Back in the olden days, security was done using a SIEM. You plunked down a large sum of money, poured all of your logs (or at least the ones you could afford) into this thing that patiently collected them, then searched it either manually or automatically for threats.
As enterprises shift to cloud-based infrastructures, Identity and Access Management (IAM) has become central to securing digital assets.
What does the "perfect" CI/CD pipeline look like, especially one built with security at its core?
Insider threat or...Inside of the house?
Cloud security is a serious business, but what happens when the Advanced Persistent Threat shares your Wi-Fi password?
Authorization is a crucial aspect of securing our application with right controls.
In this talk, we will discuss how we are moving GitHub’s cloud security posture program from an alert-driven to a guardrail-driven environment, the tools we use in AWS and Azure, and the successes and pitfalls of building this program.
Agentic AI workflows—autonomous pipelines in which large language models (LLMs) plan, decompose, and execute sequences of tasks—are rapidly being adopted in cybersecurity for threat hunting, incident response, and vulnerability management.
Abstract: As supply chain security continues to evolve in 2025, much of the focus remains on malicious packages in ecosystems like PyPI, NPM, and compromised GitHub Actions workflows. But what about your Terraform modules and providers?
Cloud Computing is complex and often misunderstood, and Identity Access and Management (IAM) is a major challenge in the cloud.
Cloud Storage has been around for 19 years. Amazon Simple Storage Service was released in 2006. It's 2025 and cloud data security is still complex to manage.
As cyber threats grow and evolve, leaders must not only stay informed about emerging trends, but also proactively manage risks and influence organizational culture to build resilience.
As a security professional, watching AI-generated code seep into production feels like a nightmare. It’s fast and looks good, but often contains bugs and security vulnerabilities.