On This Page

Applied Machine Learning for Identity and Access Management

Aaron Turner & Raffael Marty | August 4-5 & August 6-7


IAM is one of the most-important security controls that must be relied on now more than ever with the advent of cloud computing and other distributed 'as a service' platforms. IAM systems also create massive amounts of log and telemetry data, sometimes overwhelming security teams with its sheer volume. Aaron Turner and Raffael Marty have designed a 2-day, vendor-agnostic training course to provide participants with hands-on instruction for how to deal with these massive amounts of data. Using the latest approaches in ML processing and deisng, the course will give real-world examples of how to capture the maximum amount of data for analysis, then sort through it in efficient ways to find real security problems and avoid false positives. hands-on training session which will provide participants with an in-depth look at how to use the latest in Big Data processing tools to solve real-world problems around monitoring the integrity of IAM systems. ML processing theory & design instruction will be followed by hands-on labs to apply lessons learned to IAM log files, followed by instruction on the latest IAM architectures and tools that can design even the toughest cloud security problems. The final project will be a CTF exercise where each team must both defend IAM systems while simultaneously attacking their opponent's IAM infrastructure and dependent systems.

Who Should Take this Course

Security operations professionals, IAM architects and operations staff, ML architects and operations staff

Student Requirements

Experience with IAM platforms (legacy is fine, but must understand basic IAM provisioning steps), some familiarity with ML approaches and tools.

What Students Should Bring

Personal workstation to run AWS-based VMs

What Students Will Be Provided With

E-book and associated presentation materials


Aaron Turner is a multi-decade veteran of the InfoSec community with significant experience in the fields of identity and access management, mobile device security, embedded system vulnerabilities, IoT security and international cybersecurity risk management. Starting as an independent penetration tester in the early 1990's, he went on to work at Microsoft in the days before the company had formal security teams. During the massive worm attacks of the early 2000's, Aaron helped found many of the Microsoft Security teams, start security programs and eventually was responsible for all interactions between Microsoft and its customers' CISOs. In 2006, he was invited to participate in a new research project at the Idaho National Lab, funded by DHS, DOE and DOD, to investigate how the system vulnerabilities in commodity software and hardware impact critical infrastructure such as the national power grid, cellular communications networks and other utilities. While at INL, Aaron co-invented a contactless payment technology which he later spun-out of the INL in 2008 as a venture-backed company called RFinity, with that technology eventually licensed on to others. In 2010, Aaron founded IntegriCell to focus on cellular network vulnerability research and established a management consulting practice that delivered unique vulnerability intelligence to customers. Aaron founded Terreo in 2014 as an Internet of Things security product development company, and patented a series of inventions which captured radio frequency transmissions from IoT devices. In 2015, Verifone acquired Terreo and made Aaron the VP of Security Products R&D with a focus of applying the Terreo technologies to helping manage the risks posed by credit card skimmers. In 2017, he left Verifone and refocused his efforts on his IntegriCell research, specifically around applying Machine Learning to the massive data sets created by mobile and IoT devices. Aaron has testified before congress to help set policy for US critical infrastructure protection. He holds a B.A. in Spanish Linguistics from B.Y.U. and attended the SMU School of Law. Outside of work Aaron enjoys culinary arts, travel with his wife and 3 daughters, and rebuilding vintage VW buses.

Raffael Marty is vice president of security analytics at Sophos, and is responsible for all strategic efforts around security analytics for the company and its products. He is based in San Francisco. Marty is one of the world's most recognized authorities on security data analytics, big data and visualization. His team at Sophos spans these domains to help build products that provide Internet security solutions to Sophos' vast global customer base. Previously, Marty launched pixlcloud, a visual analytics platform, and Loggly, a cloud-based log management solution. With a track record at companies including IBM Research, ArcSight, and Splunk, he is thoroughly familiar with established practices and emerging trends in the big data and security analytics space. Marty is the author of Applied Security Visualization and a frequent speaker at academic and industry events. Zen meditation has become an important part of Raffy's life, sometimes leading to insights not in data but in life