AI in Cybersecurity and Threat Detection Training Course

Module 1: The Role of AI in the Modern Cybersecurity Landscape

• Evolution of cybersecurity: From signature-based detection to behavioral AI
• Understanding the AI/ML pipeline within a Security Operations Center (SOC)
• Overview of defensive AI (detecting threats) vs. offensive AI (crafting exploits)
• Introduction to the cybersecurity data science toolkit: Python, Scikit-learn, and Pandas
• Defining success metrics: Precision, Recall, and the cost of False Positives
• Practical session: Setting up an AI-ready security environment and performing exploratory data analysis on a public breach dataset

Module 2: Data Engineering for Security Telemetry

• Handling high-velocity security data: PCAP files, Syslogs, and NetFlow
• Techniques for cleaning and normalizing heterogeneous security logs
• Feature engineering for cybersecurity: Extracting indicators of compromise (IoCs)
• Dimensionality reduction: Managing large-scale data with PCA and t-SNE
• Labeling strategies: Addressing the lack of ground truth in security datasets
• Practical session: Building a preprocessing pipeline to convert raw PCAP network traffic into a machine-learning-ready feature set

Module 3: Supervised Learning for Malware Analysis and Detection

• Static vs. dynamic analysis features for malware classification
• Implementing Random Forests and Gradient Boosting for malware family detection
• Deep Learning for binary analysis: Using Convolutional Neural Networks (CNNs) on byte-code
• Handling imbalanced classes in malware datasets through SMOTE and cost-sensitive learning
• Evaluating model performance against sophisticated obfuscation techniques
• Practical session: Developing a classification model to distinguish between malicious and benign PE (Portable Executable) files

Module 4: Anomaly Detection in Network Traffic

• Unsupervised learning for detecting "Low and Slow" network intrusions
• Implementing Isolation Forests and One-Class SVMs for unusual flow detection
• Autoencoders for network reconstruction: Identifying deviations from normal baseline behavior
• Clustering techniques for discovering new, unknown attack patterns (Zero-Day detection)
• Real-time stream processing: Applying anomaly detection to live network feeds
• Practical session: Training an Autoencoder to detect unauthorized lateral movement within a simulated corporate network

Module 5: User and Entity Behavior Analytics (UEBA)

• Modeling baseline behavior for users, devices, and service accounts
• Time-series analysis for detecting credential theft and account takeover
• Graph-based analysis: Identifying suspicious relationships in active directory and cloud logs
• Scoring risk: Aggregating multiple behavioral alerts into a single entity risk score
• Correlating physical access logs with digital behavior for holistic security
• Practical session: Building a UEBA model to detect insider threats by identifying deviations in typical file access patterns

Module 6: Natural Language Processing (NLP) for Phishing and Social Engineering

• Sentiment analysis and intent recognition in malicious emails and SMS
• Using Word Embeddings (Word2Vec) and Transformers for URL and domain name analysis
• Identifying "Business Email Compromise" (BEC) through stylistic and linguistic changes
• Building automated classifiers to detect DGA (Domain Generation Algorithms)
• Scaling anti-phishing defenses across enterprise communication platforms
• Practical session: Implementing an NLP-based phishing classifier to detect deceptive language in email headers and body text

Module 7: AI-Driven Automated Incident Response and Orchestration

• Integrating machine learning with SOAR (Security Orchestration, Automation, and Response)
• Automated alert triaging: Using AI to prioritize high-severity incidents
• AI-assisted forensic analysis: Accelerating root cause identification through pattern matching
• Autonomous response: Deploying AI-driven firewall rules and endpoint isolation
• Balancing automation with human-in-the-loop decision making
• Practical session: Designing an automated response workflow that triggers specific containment actions based on AI confidence scores

Module 8: Adversarial Machine Learning and Model Security

• Understanding the vulnerability of AI: Evasion, Poisoning, and Inversion attacks
• Crafting adversarial examples to bypass malware and spam filters
• Defensive distillation and adversarial training: Hardening models against manipulation
• Robustness testing: Evaluating how models perform under deliberate attack
• Securing the AI supply chain: Protecting training data and model weights
• Practical session: Attempting to bypass a pre-trained malware detector using adversarial perturbation techniques

Module 9: Generative AI for Security Operations and Threat Hunting

• Using Large Language Models (LLMs) to interpret complex security logs and documentation
• Automated report generation: Translating technical alerts into executive summaries
• AI-assisted code auditing: Identifying vulnerabilities in source code using LLMs
• Generating synthetic attack data for training and testing security systems
• Enhancing threat hunting queries using natural language interfaces
• Practical session: Leveraging a generative AI assistant to write complex SQL and KQL queries for proactive threat hunting

Module 10: AI Security Governance, Ethics, and Compliance

• Navigating the regulatory landscape: AI Act, NIST AI Risk Management Framework, and GDPR
• Addressing bias and fairness in security algorithms: Preventing discriminatory outcomes
• Ensuring "Explainability": Making AI-driven security decisions transparent for auditors
• Managing the ethics of automated defense and "Hack Back" scenarios
• Building a long-term AI security strategy and roadmap for the organization
• Practical session: Conducting a formal risk assessment on a proposed AI-driven security deployment to ensure compliance and ethical alignment

Requirements:

• Participants should be reasonably proficient in English.
• Applicants must live up to Armstrong Global Institute admission criteria.

Terms and Conditions

1. Discounts: Organizations sponsoring Four Participants will have the 5th attend Free

2. What is catered for by the Course Fees: Fees cater for all requirements for the training – Learning materials, Lunches, Teas, Snacks and Certification. All participants will additionally cater for their travel and accommodation expenses, visa application, insurance, and other personal expenses.

3. Certificate Awarded: Participants are awarded Certificates of Participation at the end of the training.

4. The program content shown here is for guidance purposes only. Our continuous course improvement process may lead to changes in topics and course structure.

5. Approval of Course: Our Programs are NITA Approved. Participating organizations can therefore claim reimbursement on fees paid in accordance with NITA Rules.

Booking for Training

Simply send an email to the Training Officer on training@armstrongglobalinstitute.com and we will send you a registration form. We advise you to book early to avoid missing a seat to this training.

Or call us on +254720272325 / +254725012095 / +254724452588

Payment Options

We provide 3 payment options, choose one for your convenience, and kindly make payments at least 5 days before the Training start date to reserve your seat:

1. Groups of 5 People and Above – Cheque Payments to: Armstrong Global Training & Development Center Limited should be paid in advance, 5 days to the training.

2. Invoice: We can send a bill directly to you or your company.

3. Deposit directly into Bank Account (Account details provided upon request)

Cancellation Policy

1. Payment for all courses includes a registration fee, which is non-refundable, and equals 15% of the total sum of the course fee.

2. Participants may cancel attendance 14 days or more prior to the training commencement date.

3. No refunds will be made 14 days or less before the training commencement date. However, participants who are unable to attend may opt to attend a similar training course at a later date or send a substitute participant provided the participation criteria have been met.

Tailor Made Courses

This training course can also be customized for your institution upon request for a minimum of 5 participants. You can have it conducted at our Training Centre or at a convenient location. For further inquiries, please contact us on Tel: +254720272325 / +254725012095 / +254724452588 or Email training@armstrongglobalinstitute.com

Accommodation and Airport Transfer

Accommodation and Airport Transfer is arranged upon request and at extra cost. For reservations contact the Training Officer on Email: training@armstrongglobalinstitute.com or on Tel: +254720272325 / +254725012095 / +254724452588