Events Add an event Speakers Talks Collections
 
RSAC 365 Virtual Summit
January 27, 2021, Online
RSAC 365 Virtual Summit
Request Q&A
RSAC 365 Virtual Summit
From the conference
RSAC 365 Virtual Summit
Request Q&A
Video
AI/Machine Learning: What is Actually Working in Cybersecurity?
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Add to favorites
565
I like 0
I dislike 0
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
  • Description
  • Transcript
  • Discussion

About the talk

This session will first show how the terms "Artificial Intelligence" and "Machine Learning" have been overhyped in cybersecurity but point out the starting points for use cases that advanced techniques have shown value. The session will then detail several real world examples of ML being used to reduce time to detect, time to respond and time to restore.

About speaker

John Pescatore
Director at SANS

John Pescatore joined SANS in 2013 with 35 years’ experience in security. He was Gartner’s lead security analyst for more than 13 years. Prior to Gartner, Pescatore was Senior Consultant for Entrust Technologies and Trusted Information Systems, where he started, grew, and managed security consulting groups. Prior to that, he spent 11 years with GTE developing secure computing and telecommunications systems. Pescatore began his career at the National Security Agency and the United States Secret Service, where he developed secure communications and surveillance systems. He holds a BSEE from the University of Connecticut and is an NSA Certified Cryptologic Engineer.

View the profile
Share

Welcome everyone on John Pescatore. My fancy title is Sans is the director of emerging security trends. No. Mine. I fear Sans after almost 14 years has the least security Analyst at Gartner and spent my entire security career, my entire career in security, starting right out of college, in NSA, and the u.s. Secret Service and over decade with GTA in the formation systems, in Peak a guy with and Trust before. Coming The Gardener got a fun topic here. I'm going to do about a 30 minute session and sort of give you 60 years of history, of AI and machine

learning, and sort of put on my Gardener, hadn't started to book some myths and some hype around it, and it rolled down a little bit at the cybersecurity use cases. And then there's going to be a following session by Dave. Holtzer, with some great demo, some Hands-On demos of implementing, some algorithms in Python code, and some security function. So, this one precedes, Dave's talk, and I'll stay a little bit at the fifty thousand foot level. Will Downing and I'll be able to answer your questions through the texts mechanisms as we go along. So let's get started a little terminology.

We're going to talk about Argo AI or artificial intelligence and that is pretty much what it sounds like. It's us attempting to make computers. Mimic what humans do as far as problem-solving generally. And we're going to zero in on a subset of all that which is machine learning, which is, we're trying to fool people into thinking. The computer is solving problems without actually being program that we always have to program computers. They don't do much without us, but rather than sort of rigid algorithms or single-use function, not, it's not just calculate, the trajectory of rockets and

bombs, but figure out the best way to hit a moving ship from another moving ship, you know, might be something you might take a bold use of machine learning. Not really going to talk about sort of something you hear a lot about deep learning which is where we start trying to involve neural networks. And try to really make CPUs add up to acting like the human brain does, which can be a good thing. In many cases in many cases, not so good, a thing, but it's very hard to do. So we're going to focus pretty much completely here on machine learning. And what I want to do is give you a little

bit of drill down there. So this to broad classes of machine learning, you hear about the the bottom. When you see there is supervised learning, this is essentially we're near the simple ones. You might think of have a bunch of inputs, and a bunch of outputs bunch of dots on a graph that we have an x-axis and y-axis and the computer says, here's the equation that makes those lines are. Here's the here's how to connect those dots in line or curved. It fits them. So often it's minimizing the errors between the line and the dots and dropping your machine learning called minimize losses. And

since then ml, now though sort of Holy Grail supervisor autonomous learning. We're just sort of dumped a lot of data into the top of the computer and it starts doing something with that data. The mostly it turns out that's good for clustering work and tell you these of Answer these pieces of data that there were tagged in certain ways. They are related to each other. In this blob over here. This cluster, and is another cluster over there, that's related to each other and we'll drill down on that. You might think of it as cybersecurity case. Here's a bunch of things,

sysadmins for doing that probably were good things. They were doing backup, sir, or replicating databases. Here's a bunch of things you're doing, but they only looked at 1 record at a time. That could be a bad thing. That could be an attacker that could be so sad, man, gone bad and starting to surf the database soak. Those are the two broad classes. We get back into the real world example, these layers, but I promised you 60 years of History. So let's, let's tackle that there is something Harvard put together a few years ago, in a, in a paper they wrote. That was very interesting. They can you

see the timeline of the history of the term? Artificial intelligence, back to 1950 to 1960, and 1958. Alan? Turing publish can machines, think which started Listen, he's the creator of the famous touring test, which is still used today to determine if natural language processing. That computers, do could really full some buddy into believing. It's a human. Now, if you see that blue curve in the numbers, on the left hand side, what they also did is over the years. They ran LexisNexis searches of the LexisNexis database for the term. Artificial intelligence and the

blue line represents, one of the popularity of the term. What percent of all LexisNexis items contain the word a guy. So, it's sort of like a popularity curved. I'm not going to drill down in many of these but let's take the start when the term first came out of state 1950 and you can zoom forward. I like the Zoom forward to where you see autonomous vehicles there in 1986 the first autonomous cars built by Carnegie Mellon limit 1980s, 6. It's now 2021. So we're 36 years later and was still talking about autonomous vehicles. So, machine learning to drive cars around. We're still not

really ready to do some other stuff. All events. Are you see in 1997? IBM, deep blue beat the Chess, Master Garry, Kasparov at Chefs, that was sort of whenever you begin to say we're doomed to the computers are just going to take over. They can beat us a chess match at about that. Same year was when Dragon system without the first sort of semi usable speech, recognition software that would run on an IBM PC. And that was sort of when everybody said, well, you know, it's over with the computers of one. Well, the problem is that now they really didn't win here. We are again. 21 years later

still complaining about how bad Siri is it voice recognition. And while the computers have gone on to be Masters that other games, like go in Jeopardy, even though we haven't seen them, solve a lot of the unbounded problems. We need to deal with it, will throw down on that in a little bit. Now. I'm going to be as I said, I'm going to put my Gardener had on here for a bit. One of the more fun things and I think useful things we did a gardener is something called a hiker. When you see one on your screen there for artificial intelligence. Tell you how they work on the left. You see

Innovation trigger. These are new things that come about and artificial intelligence is when you can think of quantum, Computing, or blockchain as showing up somewhere and you see, Quantum Computing hear anything, new immediately store. Quickly generally zooms up to the peak of over-inflated expectations that get hyped up Quantum. Computing is going to kill encryption or is it going to make the bad guys win? And then it has rooms down into the trough of disillusionment where turns out. Well, it's really hard to do Quantum Computing. Right? And what the heck is blockchain doing for us

anyway, and then something's gets stuck in that traffic disillusionment and go away. Remember years ago, never the two wheel thing Segway like a lawn. Mower with two wheels, you stand on and ride around, that was going to revolutionary Revolution highways and enforce cars off the road. And and now it's total. I can't think Taurus use them in a lot of cities, but you don't see it and maybe a mailman or two. You don't say a heck of a lot of Segways anymore, but Most cases, in many cases, technology does escape that trap and then flows out into the plateau of productivity there.

And I'm actually going to get rid of my little video windows up here so I can see. And you see in this case on a eye graphics processor Processing, Unit, accelerators, to run. A lot of the number-crunching for machine learning is something that's in this plateau of productivity. It just works and these days with what's happening with Alexa. And okay. I'll give Siri a break and other medical uses and other things. A speech recognition. It's just a commonly used techniques. So that's out on the plateau productivity. So you're if you look you can see my purse. If you look in the middle of the

curve here, you see machine learning. That's what we're going to zoom in to. So this was the 2019 magic quadrant for Gardner and using some fancy computer animation. I'll show you how things moved in the 2020 version and you say machine learning really hasn't made a heck of a lot of progress. They're really not too many things that made progress. If you look down here in the trough of disillusionment coated to be out. Delete before Plateau. You see cognitive Computing, which is really a very high-level term for essentially computers being able to think and act of communicate like humans.

So the feeling is there really not going to ever really reach that point. No matter how many nips we can throw at them are megabytes or new types of technology or cooling systems, are quantum Computing, but we want to focus on machine learning. Anyway, so let's drill down. Turns out Garner also do two separate magic quadrant. I mean, I'm sorry. I've cycle just on machine learning. So in this case will look at a couple things that are meaningful. Insecurities Advanced anomaly detection where you see the red arrow pointing. That's really what we're trying to do in security with these tools is

move Beyond Simple signature-based, detection of what's. Now, we're, we're simple signature base rules for intrusion detection, and prevention, and have some tools that are able to say, hey, a bunch of stuff just happened. It looks suspicious. It looks like this. It looks anomalous and it looks like a danger. That's what we're looking for a few others that if you see down here towards the trough, you see python pythons the most popular programming language used in machine learning and artificial intelligence and lock the library functions for all the complicated math. That's needed

to do. Do the preto models and run the hours of sub machine learning as far as sort of a analytics data processing engine. That's why we use the machine learning as well. So this case in 2019 Gardner had them, especially near the trough of disillusionment, which basic and nobody understood at the time and this came out since these are widely used even back in 2019 and it would have made a lot more sense to see them further up the plateau, but really interested in advancing. Anomaly detection. So let's look at the 2021 and see what happened. And what happened. Is it disappeared where it

where? I don't see an omelet detection on there anymore. In fact, I don't even see python. I do see Apache spark moved out to the left, on the plateau where it should be and if you read the text you see on the left they said We don't see anybody even talkin about Advanced anomaly detection anymore. So we dropped it. But that tells you is it hasn't really been tremendously useful for advanced, anomaly detection, just magically finding that stuff among good stuff without also false alarm and go out. And again, we will drill down into it. So that quite a bit as well be adopted and it said yeah

python is also widely adopted so which we just pushed it off the hype cycle. The recognition, the python, it's Parker, really useful tools. I'm going to give you some euros at the end for you could do some more drill down and you'll see Dave holtzer doing his on-screen demo at using a python. I believe you two since Park as well. So that's where things progressed in the height for did. I want to give you an example of some recent height and I got to pick on Microsoft. There was hundreds of vendors. I could have chose. I just thought Microsoft slide captured

everything all in one slice as you know built into windows. Microsoft has lots of things like, Windows Defender that are antiviral type things. And they also sell other products that they do security stuff and find security stuff. So, and they talked about it in this one slide. They used every possible. Buzzword around machine learning and AI that you can have your seat. The very top of the client level client machine. Learning what runs on a Windows PC. They have models, behavior-based detection, algorithms, generics in your ristic, by the way, they, let me give you one bit of wisdom. I

learned over those 14 years at that Garden, whenever I heard a vendor use the h. Words, heuristics are holistic. I knew there was sort of blow and smoke, and I already said eristic meant. You're a six men, not document and holistic, sweat, not existent. Basically, like to talk about holistic, security, and Mystics. And, you know, that really means they're not something. We can mailed it nailed down, very well. So then that's what runs on Windows in the end. That's the, on the PC. That's the important part. Cuz that's where the attackers are getting you think about this solar winds

thing is if we didn't get them, when they got to the client's side, we were too late. Now in the cloud with a client can call out to in the cloud. Microsoft has all kinds of other things, running machine learning metadata base model, sample analysis, bass machine learning destination-based, machine learning. And the big data analytics down there all running out of the cloud doing things. Let me give you an example of using them against the smoke, loader campaign, in Behavior base, but one thing, I'm going to highlight at the end. I'm going to hit the size that the end is very rarely.

See the hype around machine learning talking about false positives. Very good at sexy. Look, we look for this type of thing. The model found it, every single time. We never missed it will. How many times did the model? Declares some good behavior, good events to be the malicious ones. That. That's a very important number to ask any vendor, that's hyping up this type of technology in their products. So that's the sort of a quick tour to the highest level and you know, insecurities I've worked in cryptography for many years and hearing Wall Street called blockchain crypto. Stock about

crypto is just don't understand what you're talking about there. Just hyping something up and then they're sort of distorting things. Same thing with when people think about machine learning and AI, is the software that just fine. You just throwed at it and it tells you what's in there in those magical examples and when the business domain of how it found the people, but I meant buy beer and diapers at 2 in the morning. In the, in the grocery store Will turns out, somebody asked the software, what do men buy at the same time when they're in the grocery store at 2 in the morning, which is

often either where they were sent out to get diapers or or felt they needed a beer when we start looking at those things like that. The business domain, or the cybersecurity to Maine, where the success stories and use of the technology is, it's really in observing and being able to inject Domain expertise into the software in a variety of ways. Expert systems, trying to copy with the expert does k space reasonings. An example. I've seen for many years. It's really effective though. The case of getting, for example, the case of a power companies, needing to maintain their power lines,

but one of the most common reasons they come down or our trees falling on the wires or falling across the wires through. The storms are simply due to lack of Trinity and being able to use very simple techniques to determine when a storm is going to hit in which way it's going to travel or how long it's been. Since the last timer for ticular run has the trees trimmed and how quickly they grew in the last. Those are simple case face reasoning tools that can really be implemented in software. Well to help get the repair crews out in advance, then shorten the time down or eliminate. I'm down

by trimming the trees before they fall in the wires better, things like fuzzy logic. I never really understood that one that I remember. Windshield wipers are supposed to have fuzzy logic so that I Need to turn on slow, fast-medium. They would somehow figure out how much water is on the windshield, but that always seem to go away but things like micro-targeting, which is what we saw. The Russians duel against the United States and Facebook. And so, on around the 2016, election are very good examples of taking domain expertise, somebody who figured out, how do we

attack, small places and and call Gabe great leverage out of that, then use automated ways to get the right message to the right. That was the wrong message to the right person to cause things to happen is a very important use of the creative, the very last of the views of these Technologies. And again, it required that domain expertise. It was not just the computer spring out messages. Another thing. I left the size again at the end. I think it's important to get across that cios and Co the board of directors. Just because computers can beat us at games, like chess or Jeopardy, or go.

Doesn't really translate very well to the cybersecurity world. A chessboard is a fixed dementia. The pieces can only do certain things. So, what's what's that thing called? The Horse, the night. The night can only move in that L-shaped Direction, most times every now, and then he can Castle. But the night can't say I'm going to jump off the end of the board of pop-up to the bottom. And the bishop can say I'm tired of going to haggle and there goes straight across. And I'm going to just knock everything out of my way to hackers, can do that to us in cyber. There are not

boundaries on, the problem is a long history of all that. So in the complexities of software, but eating human beings, the games is not really translate necessarily into beating hackers that their game because it's not a game. It's a craft for them. And again, there are no boundaries. There's very few rules. So let's look at some of the successful uses and try to draw out how we can use this technology. Festival in cybersecurity, so the business uses where we saw a lot of this, for some businesses, collect lots of data, they want to optimize their sales and marketing. Resources are

their product development resources to make the best decisions. But here's a typical marketing example, where the top of this funnel, I had a bunch of names from databases or subscriptions or whatever possible people to sell their product to and then they started disabled if we called every one of those names, even with some cheap college, kid working on the weekends for pennies. We waste a lot of money. How do we say zero in on the ones most likely to be receptive to buy more product? And so then they use some factors that determine if a person's engage. They visited the Boost clicked on

something on the website. Pretended to listen in a webinar while they really wanted that read their email and that got to the engage level in marketing qualified took those names and figure out which ones demographically geographically, meet the profile or had good digital body language are often seen on social media has an ending forums related to the the product and so on. And that essentially comes down to a sales qualified lead. When we take scarce, scarce Human Resources inside sales folks, are Durex else. Posted them on the people and talk them into at least trying our product,

may be buying it. We get them on the pipeline and We went. So what we did is turn a bunch of names into Revenue at the bottom. Another computer software used to do this was critical but it wasn't simply for names at the bottom and orders at the top and orders Fallout the bottom. We used a lot of hard to learn marketing lessons from Smart, marketing and sales people over the years to implement this, in this funnel that made this happen. And that's sort of, this is the most successful example in these same needs to do this. Good data labeling, the data gauge people. These are

these are from this geography. These are this age range. These are this sex, is this language labeling, the day to see the quality of the date is key. So similar, most of the success stories have been really smart security. People being able to implement some of the ways, they do things and software or really smart software, people being observed. What really smart security people do, what we call the security unicorns and be able to give them. Tool to make the letter security unicorns, focus on the really high value problems and then pass on some

of that expertise in the bottles in the algorithm. So the others can be used to prioritize events indicate candidate events that more Junior analyst can't respond to it. And by the end of the day, we're hoping that by ordering the events in the most likely to be dangerous. We'll get to all the important one. That's the name of the game, within the bounds of our resources. Can we hit all the important things if you think of the solar wind things, again, if there was, it will finding out the indicators of once. The compromise solarwinds software started to be used for the attacks. If we

do more quickly detected, those indicators, and I'm just thinking how much less damage that would have occurred. So I can't emphasize enough. The quality of the response of the action is so tightly related to the quality of the data not simply. Let's throw every syslog. We have added or every piece of data, we can find out. It must still standing strong. Will tell you that, yeah, I'm good. More data is important but the right date is most important and the quality of that date of the accuracy of the date of the time limits, the freshness of it and so on and so is so important. It's

going to garbage in garbage out that law does not change just cuz we have really fast computers in Python. It's parked to throw at the data in most of the many years. I've worked in Internet Security. That the problem you see a pier is what we've been dealing with. We've got a lot of data at the top of this funnel, lot of raw Tech data hitting firewalls are routers logs and Sim event starting to pile out. And we're trying to get that down to the bottom which of the ones we have to initiate action quickly against, that's really afford to be keeping these metrics bosun. What's our status of

prevention and detection, but also how quickly we are moving. And actually listen Ford. What quantity of things we see want to keep track of quantity so we can convince management. We're doing something now, but really how fast we move in Internet Security and how accurate are actions are as real. So we take that same Final Approach and we look at the uses for a i m l we want to add more data to make sure that's clean and relevant data at 5 at the main expertise and go through all the steps at the bottom line. We want to move faster. I'm going to have less Mission impact from two. Vectors

one. For the bad guys, going to reduce the impact, the bad guys have on the business for the mission, but also reduce the impact from the security measures. Whether is false positives than really disruptive or simply disruptions. As we clean systems up or as we shut things down or disconnect when we starts, when were you are required to investigate our wine faster and in helping the business, not hurting the business. So, let's stroll down a little bit. You'll see her again. Dave, holtzer, a present, some of these things, but in there, different types of machine learning clustering, has

been very useful. So this ability to use on supervisor Automated machine learning tools to say. You look at this graph, this blob of events that they're all related. This Bob over here is also a relay I quickly saying sampling a few of those. Wobbly can tell anything that falls in this blob, is probably going to be bad. Anything that falls in this probably better drill down into cuz that may be a normal or privileged user doing something that appears dangerous. So does supervised learning or we take, here's a set of inputs, instead of output has been really useful or classified things. This

is malware or not malware, spam or not. This is ransomware trying to encrypt things or this is a breach trying to expose straight things. Now, when you take these two types of techniques and certain blobs, they lend themselves to being better fed to start in engines that are focused on certain events are classified. As certain events, commonly using both techniques together we can we can get cyber security. So they did one that's been used for years. This is nothing new to the semantics of McAfee Transit doing this for years in their labs. And now in the cloud is basically saying here's

a bunch of good files and now here's a bunch of bad files. And so for the good files York, Teachers and as we feed your bad files to look at their features and we have a model that spits out at the end. You're the last thing you said to me, looks more like a bad father. We could follow the last one. You said meet me? Looks more like a good father to bed. I'm so with the more data we can feed it to make that those features more meaningful or more specific, the better, the accuracy can get in the smart of the techniques of models that are used in the faster. Things can be done. We can be

more accurate more timely as well. Then sewing malware detection, you know, quite often you you'll see this listen to some extent. Signatures brought up to the next level and when you think about it, Now a little more esoteric use is this an example from antero's, who's the supply chain security company and their whole goal is to sell you a software and services where you look at all your supply chain providers and determine what risk level you have for them. And one thing they've been doing with machine learning is usually natural language processing models and they feed them in news

articles from ATI fees from RSS from websites in the news articles about companies, in the models extract, which company what type of events and they do that cluster and classifying. We just talked about straight basically identify which company or companies is involved. And then they linked them to risk of events that come out of, in Terris analyst, things about Resident. Tell you, we'll wait a minute. We just obviously solarwinds is now judge this highly risky, cuz it's been in the news, but if you think about a company that went bankrupt or a company that had a

breach. Well, if it turned out that seven other companies, use that company. Or I just hired, somebody from that company, these type of techniques makes a year supply chain part. It wasn't directly breached, but they either are using suppliers of a Reacher. They've been hiring people who either had bad luck or maybe evil. So this an example of using natural language processing and news feeds to try to highlight a cybersecurity risk in a supply chain. That's kind of cool. Now there's lots of tool kits out there to build build your own examples and play with these in an in a number of

different ways. Spineless side, kitten tensorflow up there with your to you can play with in the Microsoft Azure. 100 has a great example here in this tool called clear-cut, you see is GitHub repository there that would he put together is essentially a model train engine where you can feed it into HTTP records, HGTV traffic records and it'll tell you if it sees anything that looks like command-and-control traffic which would tell you that something on the inside got compromised and is talking out to the command and control center to download the next stage or start the ex will trade and

so on. And he's been adding to that over the years. You'll see many of the things he's done there and in others will also find lots of lovers. I mention python for all the sort of basic tools, you need to do a lot of the big data processing functions in the math. That's Implement these Larry, this is Dave holsters GitHub page and you'll hear from Dave. But in the next session, I keep popping up. The thing you did. If you see the check your your pulse secure there. So the pulse secure, VPN appliances and software have had a bunch of vulnerabilities and post secure, put out patches these

date back to Mid 29th, 2019. Mid 2019. People have been very slow. Especially government agencies to patch. These so many VPN servers running pulse secure software have been compromised and they put together a tool that looks at the log files that come from pull secure until you see. This looks like it might have been compromised the way this thing is behaving the way it stalking the way it's accepting connections. This may very well have been compromised. What's an example of a specific High, criticality vulnerability like in both secure and using

these techniques to not just look for signatures, you know, sort of simple ideas signatures of meeting attackers against it. But looking at the behavior of Inputs and outputs that server via the log events and the determining that something may have gone wrong. One last example instead of pointing out where the human expertise is needed and games a company that did a lot of machine learning and endpoint detection and response till they were acquired by elastic, big data search engine company that's widely used and this is an example of one of their Cool Tools that from their

machine learning module. That essentially the true lots of events at it and classified things a certain way. If you look under the view by you see the job ID, I think of those processes running and you can quickly zoom into the series of red things. You see on the sort of middle middle right there. And the demo status code rate is coded red. And if you look down at the bottom, you can see the severity threshold warning and time February 1st, 2017 severity 99 and it says nginx access Source, IP High Council, this is saying some codepath was executed way

more frequently than normal. You should drill down on this. Simple threshold alert, but you look at all the date on the screen. And what you would need to do to really understand what's going on. Just using many of these machine-learning products requires skill, if nothing else skill and knowledge of that tool. But in reality skill and knowledge of the basic concepts of machine learning and of information security. In general, to understand to be able to use the tools in a meaningful way to keep that in mind staff training, and domain expertise, is what underlies all successful

uses. These tools can be Force multipliers. But if your force is close to zero, do you can't multiplied, all that much and really keep, none of these schools fully automate anything. If you're not already doing something, you can't automated. You cannot automate. What? You don't already know how to do the quality of the date is really key that noisiness to the data. You can't just say let's feed the computer a bunch of noise and it'll find a signal. You have to feed it. Something that has a signal in it somewhere or all is going to come back out as noise. Then again. I can't. Precise

enough. This part about, should I do a lot of board of directors briefings and I try to make sure this is well-known cuz there's this assumption, that the fact that your puters want to chess in Jeopardy, which I think really blew a lot of board of director types means a lot more than it really does in cyber security. And again, I hit this several times, false positives of the traditional killer of security advances. All it takes is one false positive when we shut the database down or disconnect from the internet, her or blow the ability to meet the numbers for the quarter, and we've just

pushed the security program back years. So false negative missing a taxi was bad, but quite often a false positive can actually be more dangerous than a false negative. Always ask about false positive rates that when you're evaluating products claiming to use machine learning and AI or something, a deep learning. The bottom line is, unfortunately, there's still no such thing as a free lunch. As we all know, the Triad of first having people smart people, skilled people who can work together and develop and document useful and and and adaptable processes to try to get ahead of the bad guys, or

at least keep even with the bad guys. And then Implement some of those are all of those as much as possible. Those technical those processes using technology that can sort of be a force multiplier for the scarce. Number of humans, those three things together. What underlie, the every success story we've ever had in cybersecurity program where we highlight sort of these and you never just finally have it. Just bought this cool and everything got better or we just hired Sally and everything got better. It's always a mix of all three of these that the all the suddenly on a moment

comes up and were able to demonstrate the management electus on the news who got hit by this way, to get it by this cuz he was what we were doing. So I wanted to leave you with some resources. There's a science reading room. You can see all the white papers and things we can't in Publishing Clearing from the soonest to take our masters class would make them all do Master's papers on on meeting. So we get to publish them and help the rest of the world out. There is a link to a Dave Hold posters practical machine learning YouTube video to go to watch or a

very cool YouTube videos. Well, I think it's actually presentation,, right? That he did it in 2019 on cybersecurity machine language, use cases and he'll give you a little repeat of some of what I did then do some really cool, chill down. I just wanted to close with a cool program is invested in a cyber start over the years and it's culminated in rolling out across many states. Now, getting high school, kids free access to Sam's online training. And if they can succeed in games and take the training and pass the courses, they can

win scholarships at colleges and community colleges in community, colleges to get a bad apply bachelor's degree in cybersecurity, do for your kids, your brother, your sis. Your nieces nephews. Your neighbor's kid's your grandkids. If you're old like some people are out there referring to. This program is really cool. And it's something we're investing in to just try to get more people into this industry and help Advance the state of the people. So we can take more Advantage. Is it to us like machine learning? Thanks and enjoy the rest of the program.

Cackle comments for the website

Buy this talk

Access to the talk “AI/Machine Learning: What is Actually Working in Cybersecurity?”
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free

Ticket

Get access to all videos “RSAC 365 Virtual Summit”
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Ticket

Similar talks

Tomasz Bania
Cyber Defense Manager at Dolby
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Jason Rivera
Director, Strategic Threat Advisory Group at CrowdStrike
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Behnam Dayanim
partner, chair of Advertising, Gaming & Promotions and co-chair of Privacy & Cybersecurity practices at Paul Hastings LLP
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free

Buy this video

Video
Access to the talk “AI/Machine Learning: What is Actually Working in Cybersecurity?”
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free

Conference Cast

With ConferenceCast.tv, you get access to our library of the world's best conference talks.

Conference Cast
843 conferences
34172 speakers
12918 hours of content