Black Hat Europe 2025: Threat Hunting With Agentic AI
Working at the Black Hat Network Operations Center (NOC) as a data scientist makes me a bit of an outlier (pun intended) among network engineers and hard-core threat hunters.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Black Hat Europe 2025: Lessons from the NOC
With the holiday season all wrapped up (pun definitely intended), I finally have time to sit down and digest what we saw in the network traffic at Black Hat Europe 2025 while working alongside the other Network Operations Center (NOC) partners: Arista, Cisco, Jamf, and Palo Alto Networks. As usual, there is a mix of the expected, a dash of the unexpected, and some lessons for newcomers and greybeards alike. Let’s get into it.
Episode 9 - Federal Cyber Defense: Legacy Debt, Cloud Shifts, and Network Truth
Richard Bejtlich sits down with Jean Schaffer, Corelight’s Federal CTO, to discuss the unique hurdles facing government agencies in an era of escalating state-sponsored threats. Jean highlights the persistent challenge of legacy IT infrastructure and the "technical debt" that complicates modernization efforts across the Department of Defense, the intelligence community, and the civilian sector. The conversation explores the strategic shift toward cloud adoption as a means to decommission vulnerable on-premise hardware and the evolving "whole of nation" defense strategy that requires deeper public-private partnerships.
Corelight at SC25: A laboratory for securing the fastest conference network
I’ve worked as a threat hunter in several Black Hat Security Conference Network Operations Centers (NOCs) across the globe. So I didn’t expect to be surprised by much when signing on to be a part of the NOC for SCinet—a conference that has the “fastest conference network in the world.” And yet I was surprised by just how diverse the SCinet NOC team was, how collaborative the environment was, and how much we were able to achieve with automation in such a short amount of time.
Episode 8 - Enterprise Nervous System: Using Network Signal to Direct Business Strategy
In this episode of Corelight Defenders, I’m joined by Bernard Brantley, Chief Information Security Officer at Corelight, as we delve into the concept of the enterprise nervous system. Bernard shares insights from his extensive experience in network analysis, explaining how organizations can leverage their network traffic data to enhance security and drive business outcomes. We discuss the importance of understanding the interdependencies between assets, processes, and goals, and how security teams can position themselves as integral to business success rather than just risk mitigators.