Selection and management of artificial intelligence security applications #254020

Upon completion of this course, participants will be able to:

• Evaluate AI Security Solutions: Critically assess the capabilities, claims, and underlying technology of AI-powered security applications across various categories (e.g., threat detection, fraud prevention, vulnerability management).

• Understand the AI Threat Landscape: Identify how attackers use AI (e.g., AI-powered malware, deepfakes for social engineering, adversarial attacks) to justify and guide AI security investments.

• Manage the AI Security Lifecycle: Develop processes for the ongoing management, monitoring, and tuning of AI security tools to maintain efficacy and reduce false positives/negatives.

• Integrate AI into Security Architecture: Design a strategy for seamlessly integrating new AI tools with existing security infrastructure (SOAR, SIEM, etc.) for a cohesive defense posture.

• Mitigate AI-Specific Risks: Address unique risks such as model poisoning, data bias, algorithmic transparency, and supply chain vulnerabilities in AI security products.

• Build a Business Case and ROI Model: Calculate and articulate the value and return on investment of proposed AI security applications to executive leadership.

This course is designed for professionals responsible for securing organizational assets and making technology investment decisions:

• Chief Information Security Officers (CISOs) & Deputy CISOs

• Security Architects & Engineers

• SOC Managers & Analysts

• IT Risk and Compliance Managers

• Security Operations Center (SOC) Team Members

• Network Security Specialists

• IT Directors & Heads of Infrastructure

• Cybersecurity Consultants & Auditors

• Procurement Professionals specializing in security technology

• Pre-assessment
• Live group instruction
• Use of real-world examples, case studies and exercises
• Interactive participation and discussion
• Power point presentation, LCD and flip chart
• Group activities and tests
• Each participant receives a binder containing a copy of the presentation
• slides and handouts
• Post-assessment

Day 1: Foundations of AI in Cybersecurity

• AM: The New Arms Race: AI vs. AI in Cybersecurity

  • How attackers are using AI: automated exploits, intelligent phishing, deepfakes, and evasion techniques.

  • How defenders use AI: threat hunting, anomaly detection, automated response (SOAR), and behavioral analytics.

  • Key AI Concepts for Security Pros: Supervised vs. Unsupervised Learning, NLP, and Graph Analysis in a security context.

• PM: The AI Security Application Landscape

  • Mapping the vendor ecosystem: AI in EDR, XDR, SIEM, NDR, Fraud Detection, and Cloud Security Posture Management (CSPM).

  • Understanding the “AI” in the product: from marketing buzzwords to genuine machine learning capabilities.

  • Workshop: Deconstructing vendor datasheets and whitepapers.

Day 2: The Selection Process: Evaluating and Procuring AI Tools

• AM: Defining Requirements and Building a Shortlist

  • Aligning AI tool selection with organizational risk profile and security strategy.

  • Developing a weighted evaluation criteria framework: accuracy, performance, integration capabilities, cost, and vendor viability.

  • Creating a proof-of-concept (PoC) test plan that rigorously evaluates AI claims.

• PM: Technical Deep Dive and PoC Execution

  • Key questions to ask vendors about data sources, model training, false positive rates, and update cycles.

  • Hands-on PoC testing: simulating attack patterns and evaluating detection and response efficacy.

  • Case Study: Evaluating two competing AI-powered intrusion detection systems.

Day 3: Implementation and Integration

• AM: Architecting for AI

  • Integration strategies: Connecting AI applications to existing SIEM, SOAR, and ticketing systems.

  • Data pipeline requirements: Ensuring clean, relevant, and sufficient data feeds for AI tools.

  • Managing the handoff: from AI-driven alerting to human investigation and response.

• PM: Change Management and Tuning

  • Upskilling the SOC: Training analysts to work with AI-generated insights and alerts.

  • The continuous tuning cycle: Calibrating models to your environment and reducing noise.

  • Workshop: Tuning an AI-based alert system to minimize false positives without missing true threats.

Day 4: Managing Risks and Ensuring Governance

• AM: The Risks of Your AI Security Tools

  • Adversarial AI: Understanding and defending against model poisoning, evasion attacks, and data manipulation aimed at your defenses.

  • Ensuring Explainability: Moving from “black box” to “glass box” – why did the AI flag this event?

  • Addressing Bias: Ensuring your AI security tools don’t create blind spots or target specific groups.

• PM: Governance, Compliance, and Ethics

  • Establishing AI governance frameworks for security: accountability, oversight, and review processes.

  • Compliance considerations (GDPR, EU AI Act): How using AI for security monitoring intersects with privacy regulations.

  • Group Discussion: Developing an acceptable use policy for AI security monitoring.

Day 5: Strategy, ROI, and the Future

• AM: Measuring Success and Building the Business Case

  • Defining KPIs for AI security tools: Mean Time to Detect (MTTD), Mean Time to Respond (MTTR), alert fatigue reduction, and workload deflection.

  • Calculating ROI: Quantifying efficiency gains, risk reduction, and cost savings.

  • Communicating value to the board and other non-technical stakeholders.

• PM: Capstone Project and Future Trends

  • Capstone Exercise: Teams are given a scenario and budget to select an AI security portfolio, justifying their choices based on organizational need, integration, and risk.

  • Future Trends: Generative AI in security, autonomous response, and the evolving AI threat landscape.

  • Course Wrap-Up: Developing a personal strategic action plan for AI security adoption.