Overview
Security teams generate more data than analysts can process manually. Signatures and rules catch known threats, but advanced attackers blend into normal traffic, move slowly, and use legitimate tools. Threat hunters need techniques that find what rules miss.
This 32-hour course teaches security professionals to apply machine learning and data science to hunt and identify threats within their organizations. 50% of class time is instructor-led, and 50% is hands-on labs using Jupyter notebooks with real security datasets.
What You Will Learn
- Understand and apply machine learning to identify organizational anomalies
- Create machine learning models specific to your organization’s data and threat profile
- Operationalize ML projects for phishing detection, DGA identification, and SQL injection classification
- Tune models to improve prediction performance and reduce false positives
- Train systems to make detection decisions at scale
Who This Is For
Threat hunters, SOC analysts, and security engineers who want to move beyond signature-based detection. You should be comfortable with basic Python (or have completed GTK Cyber’s Python for Security Analysts course).
Recommended Next Steps
Students who complete this course are prepared for the AI Cyber Bootcamp, which covers advanced topics including generative AI, LLM security, and adversarial AI testing.
Topics covered
- Machine learning fundamentals for threat hunting
- Anomaly detection and identification techniques
- Organization-specific ML model creation
- Phishing detection with ML
- Domain generation algorithm (DGA) detection
- SQL injection detection
- Model tuning to reduce false positives
- Operationalizing ML projects for security