In today’s security landscape, the effectiveness of a cyber leader is defined not just by technical expertise but by their ability to support, empower, and protect their teams. By prioritizing a people first approach, these leaders create an environment where teams can focus on proactive defense, free from the hindrances Read more
Introduction Accurate, structured incident data is essential for effective analysis, reporting, and response. VERIS (Vocabulary for Event Recording and Incident Sharing) provides a standardized approach to categorize security incidents, improving insights and facilitating data sharing. By utilizing VERIS, organizations can leverage it in ServiceNow to gain both strategic and tactical Read more
Introduction KPIs are essential to aligning engineering team efforts with security goals and business objectives. In a metric driven security engineering environment, KPIs should be clear, actionable, and directly tied to team performance and productivity. The Role of KPIs in Security Engineering Core KPIs for Security Engineering Teams KPIs for Read more
Now that we’ve trained, evaluated, and fine-tuned the Transformer model, the next step is to deploy the model so it can be used in real time applications. In this post, we’ll cover: By the end of this post, you’ll be able to deploy a Transformer model and interact with it Read more
Cribl’s pipeline capabilities make it a powerful tool for processing and enriching logs. In this post, we’ll explore how to apply advanced modifications to Zeek logs in Cribl. Each modification needs to be placed in individual Eval function blocks within your pipeline to avoid errors and ensure smooth processing. In Read more
In the previous post, we discussed training the Transformer model, monitoring loss, and ensuring the model improves over time. Now, it’s time to take a step forward: evaluating the model’s performance and fine tuning it to make it more efficient and accurate. In this post, we’ll focus on: Evaluating the Read more
In the previous two posts, we built the basic and scalable versions of the Transformer model. Now, it’s time to move on to the next critical step of training the model. In this post, we’ll focus on: By the end of this post, you’ll have a Transformer model that can Read more
In the previous post, we learned about the basics of Transformer models and how they’re used to process language. Now, let’s go a bit deeper and look at how to build each important part of a Transformer. By the end of this post, we’ll have a full, working Transformer model Read more
In 2017, the AI landscape for language understanding changed dramatically when Google Brain researchers introduced a groundbreaking algorithm called the “Transformer” in their paper “Attention is All You Need.” Before this, AI models could only process one word at a time, often resulting in awkward, incomplete language. The Transformer’s self-attention Read more
Passkeys offer a passwordless and more secure way to authenticate to AWS accounts, reducing risks associated with credential-based attacks like phishing and password stuffing. Passkeys rely on cryptographic keys linked to users’ devices, making traditional passwords obsolete. This guide outlines the setup for passkeys in AWS IAM. What Are Passkeys? Read more
Identity and Access Management (IAM) is a critical cybersecurity frameworks which ensures that the right individuals and systems have appropriate access to an organization’s resources. In this post, I will break down IAM’s core concepts, explain its critical components, and provide technical examples of implementation. What is IAM? IAM refers Read more
Machine learning offers powerful tools for detecting anomalies in network traffic. This post includes technical details, sample logs, and Linux-based scripts to help you get started with anomaly detection using machine learning techniques. 1. Supervised Learning with Decision Trees Objective: Detect DDoS attacks by classifying normal vs. abnormal traffic using Read more