Adam Hoffman, Walmart

Threat hunting is the cybersecurity practice of proactively searching for malicious activity within an environment. With the arrival of newer technologies and techniques such as machine learning (ML), these tools help cybersecurity teams to effectively examine broad areas of data by providing metrics for particular datasets. This paper explores the utility of having multiple ML scores generated by separate models against a sanitized subset of data. Utilizing dashboards of the scores provides different perspectives of the same dataset. A low score in one model may very well be a high score in another. This ability allows threat hunters to approach the data through different perspectives and to raise awareness of unique data points that might have otherwise been ignored. Our findings indicate that the greatest utility this approach offers for threat hunting is not in its summative approach of scoring all the data but in its discriminant ability of comparing the different models scores.

Speaker's Biography
Adam Hoffman is a Technical Expert on the UEBA Cybersecurity team with over 12 combined years at Walmart. He has extensive experience in various facets of data analysis including database management, data visualization using various tools/languages, data engineering, and practical machine learning solutions. Adam is known for having the self-discipline to continuously learn and a passion of applying Data Science methodologies within the Security Operation Center and Incident Response domains. He has made a considerable impact that has enabled faster and more agile responses to threats. Adam has received formal recognition at Walmart for his accomplishments including the Making a Difference Award and the Star Award. He holds a Bachelor of Science degree in Marketing Management from the University of Arkansas.

View More Papers

Assessing the Impact of Interface Vulnerabilities in Compartmentalized Software

Hugo Lefeuvre (The University of Manchester), Vlad-Andrei Bădoiu (University Politehnica of Bucharest), Yi Chen (Rice University), Felipe Huici (Unikraft.io), Nathan Dautenhahn (Rice University), Pierre Olivier (The University of Manchester)

Read More

DiffCSP: Finding Browser Bugs in Content Security Policy Enforcement...

Seongil Wi (KAIST), Trung Tin Nguyen (CISPA Helmholtz Center for Information Security, Saarland University), Jihwan Kim (KAIST), Ben Stock (CISPA Helmholtz Center for Information Security), Sooel Son (KAIST)

Read More

FCGAT: Interpretable Malware Classification Method using Function Call Graph...

Minami Someya (Institute of Information Security), Yuhei Otsubo (National Police Academy), Akira Otsuka (Institute of Information Security)

Read More

OBI: a multi-path oblivious RAM for forward-and-backward-secure searchable encryption

Zhiqiang Wu (Changsha University of Science and Technology), Rui Li (Dongguan University of Technology)

Read More