Current threat detection technologies lack the ability to present an accurate and complete picture of how threats are executed and fail to put together the multi contextual relationship of exploit chain indicators. A combination of behavioral and machine learning technologies can provide a more effective and complete assessment and prevention of threats in organizations relying on dispersed, static single indicator technologies. This approach also makes use of current static and single threat indicator technologies using Big Data computational models.
Rod Soto has over 15 years of experience in information technology and security. Currently working as a Security Researcher at Splunk User Behavioral Analytics. He has spoken at ISSA, ISC2, OWASP, DEFCON, Hackmiami, Bsides and also been featured in Rolling Stone Magazine, Pentest Magazine, Univision and CNN. Rod Soto was the winner of the 2012 BlackHat Las vegas CTF competition and is the founder and lead developer of the Kommand && KonTroll competitive hacking Tournament series.
I love working on behavior based prediction problems and artificial intelligence so some of my favorite themes to talk about are: Covert channel detection (especially encrypted), probabilistic identity resolution, behavior based intrusion detection and machine learning for security . Behavioral intrusion detection is a really interesting topic because it highlights the limitations of machine learning as an algorithmic solution to a challenging pattern recognition problem: how to detect changing attacker tactics over time. The first con I attend was Defcon 8 and since then I have been passionate about security research in different forums at the grassroots level. My formal background started with studying mathematics in college and I received a BS from University California, Riverside and an MS and PhD from Purdue University. Most recently I joined Splunk as a senior data scientist through the acquisition of Caspida. I have presented or co-presented at various security conferences including DEFCON and Torcon and Blackhat to name a few.