Adam Hoffman, Walmart

Threat hunting is the cybersecurity practice of proactively searching for malicious activity within an environment. With the arrival of newer technologies and techniques such as machine learning (ML), these tools help cybersecurity teams to effectively examine broad areas of data by providing metrics for particular datasets. This paper explores the utility of having multiple ML scores generated by separate models against a sanitized subset of data. Utilizing dashboards of the scores provides different perspectives of the same dataset. A low score in one model may very well be a high score in another. This ability allows threat hunters to approach the data through different perspectives and to raise awareness of unique data points that might have otherwise been ignored. Our findings indicate that the greatest utility this approach offers for threat hunting is not in its summative approach of scoring all the data but in its discriminant ability of comparing the different models scores.

Speaker's Biography
Adam Hoffman is a Technical Expert on the UEBA Cybersecurity team with over 12 combined years at Walmart. He has extensive experience in various facets of data analysis including database management, data visualization using various tools/languages, data engineering, and practical machine learning solutions. Adam is known for having the self-discipline to continuously learn and a passion of applying Data Science methodologies within the Security Operation Center and Incident Response domains. He has made a considerable impact that has enabled faster and more agile responses to threats. Adam has received formal recognition at Walmart for his accomplishments including the Making a Difference Award and the Star Award. He holds a Bachelor of Science degree in Marketing Management from the University of Arkansas.

View More Papers

WIP: Infrared Laser Reflection Attack Against Traffic Sign Recognition...

Takami Sato (University of California, Irvine), Sri Hrushikesh Varma Bhupathiraju (University of Florida), Michael Clifford (Toyota InfoTech Labs), Takeshi Sugawara (The University of Electro-Communications), Qi Alfred Chen (University of California, Irvine), Sara Rampazzi (University of Florida)

Read More

QUICforge: Client-side Request Forgery in QUIC

Yuri Gbur (Technische Universität Berlin), Florian Tschorsch (Technische Universität Berlin)

Read More

SOC Service Areas: Identification, Prioritization, and Implementation

Christopher Rodman, Breanna Kraus, Justin Novak (SEI/CERT)

Read More