Back

AI and Automation in Cybersecurity

142000,00
Register
₼500
1 day | 8 аcademic hours

Trainings are conducted when forming a group of 7 or more people
Language of the training - English.

Dates:
Online, May 5
Online, July 9
Online, October 8

Please note: the date of the training may change.
✨ Please check the exact dates with the coordinators.
Training objectives
What You Will Gain
Block 1
Block 2
Block 3
Block 4
Block 5

Training objectives

  • Gain an understanding of the landscape, scale, and trends of cyber threats and their impact on business
  • Build a fundamental understanding of automation through simple and accessible examples
  • Study global best practices in information security and SOC
  • Clearly see the potential of AI in SOC responsibilities
  • Understand the necessity and value of integrating AI into processes

What You Will Gain

  • A document with useful links to AI and workflow services
  • A fundamental understanding of the structure and landscape of information security
  • A clear understanding of automation and the ability to apply modern approaches
  • A detailed introduction to AI and its capabilities
  • Practical cases: malware analysis, phishing automation, AI agent integration, prompting
  • Training materials in electronic format
  • Professional recommendations from expert trainers
  • EY Academy of Business certificate

Block 1

Fundamental Concepts of Information Security
Building a common language and conceptual framework

1.1 What information security is today
  • Information security as a service rather than a product
  • Security as a multilayered and multidimensional system
  • A matrix-based approach to security: assets, threats, vulnerabilities, risks
  • The role of a risk-based approach in building protection

1.2 SOC as a key element of the security system
  • What a Security Operations Center is
  • SOC as a centre for monitoring the protection of assets, information, and the company’s digital processes
  • The role of SOC in the overall information security architecture

1.3 SOC responsibilities and areas of accountability
  • SOC engineering: monitoring, event correlation, incident detection
  • Incident Management: detection, analysis, containment, eradication, recovery
  • SOC management: compliance and regulatory requirements, legal and forensics, incident response teams (IRT), security awareness, and interaction with the business
  • Which threats SOC actually protects against, and which it does not

1.4 People, process, technology
  • The three key components of security
  • People: human factor, social engineering, user errors
  • Process: logical errors, lack of procedures, incorrect configuration and control
  • Technology: software and infrastructure vulnerabilities, technical debt

A brief overview of attack entry points
  • Native statistics: the dominance of social engineering, the role of configuration errors, exploitation of vulnerabilities, supply chain attacks

Block 2

The scale of cyber threats in 2025
Why manual processes no longer work

2.1 The modern attack landscape
  • Human vector: social engineering, phishing, pretexting, impersonation
  • Process vector: configuration errors, lack of segmentation, failure to follow procedures, shadow IT
  • Technology vector: vulnerabilities, supply chain attacks, legacy systems

2.2 Distribution of attacks across vectors
  • People vs process vs technology
  • Why most attacks start not with a “hack” but with an error

2.3 Log4Shell as a clear illustration of scale
  • Number of exploitation attempts
  • Exploitation attempts per minute, hour, and day
  • Why one vulnerable component creates a global risk

2.4 The cost of a successful cyberattack
  • Direct losses
  • Indirect losses
  • Average estimates for 2024–2025

2.5 Summary: exponential growth of threats
  • Growth in the number of attacks over recent years
  • How AI has become the main enabler for scaling attacks
  • The shift from isolated attacks to campaign-based attacks

Block 3

AI on the attackers’ side

Level 1 — AI mentor
Learning, prompts, ideas

Level 2 — AI assistant
Generation of texts, emails, attack scenarios

Level 3 — Autonomous AI assistant
Automation of individual attack steps

Level 4 — Autonomous AI
Independent execution of attacks

Level 5 — AI orchestrator

Block 4

Automation as a Solution Path
From manual analysis to scalable protection

4.1 Challenges of traditional manual analysis
  • Alert fatigue
  • Human factor
  • Limited scalability
  • Increasing MTTR

4.2 What automation is
  • Automation as an approach rather than a tool
  • Artificial Intelligence and Automation in Cybersecurity 4
  • Frameworks, roadmaps, guides
  • Automation around us: illustrative examples
  • Interactive session: identifying automation in everyday life

4.3 Generations of automation in SOC
  • Automation in the past: scripts, orchestration, playbooks
  • Automation today: behavioural analysis, workflow
  • Automation tomorrow: agentic AI and dynamic workflows
  • Use case 1: malware analysis by an AI agent and report generation (Python, Cursor AI, LaTeX)
  • Use case 2: dynamic workflow in n8n

Block 5

AI in defence
An assistant, not a replacement

5.1 AI: replacement or augmentation
  • Why AI is not a “magic button”
  • Human-in-the-loop as a key concept

5.2 Maximising the value of AI
  • Prompting as the foundation of effectiveness
  • The structure of a strong prompt

Use case 3
  • Creating effective prompt requests for different tasks

5.3 Preparing for tomorrow
  • Workflow thinking
  • Three ideas for integrating AI into business processes

Interactive session
  • Idea generation by participants

5.4 Closing reflection
  • ChatGPT’s answer to the question:
  • “Why AI will not replace humans”