Production Level Machine Learning & Agentic AI for Cybersecurity - Walid Daboubi - DCSG2026

Name of Training: Production Level Machine Learning & Agentic AI for Cybersecurity
Trainer(s): Walid Daboubi
Dates: April 26-27, 2026
Time: TBD
Venue: Marina Bay Sands
Early Bird Cost (GST included): $3,101 USD / equivalent to $4,000 SGD / Proficiency Exam Add-on $450 SGD

Early bird price valid until February 8, 2026.

Short Summary:

Upon successful completion of this course, students will be able to design and implement end-to-end machine learning systems for cybersecurity applications. They will also learn to integrate agentic AI into these systems to enhance threat detection through automated analysis, recommendations, and remediation actions. The course emphasizes the complementarity between classical machine learning and agentic AI. 

Course Description:

This course provides both the theoretical foundation and hands-on experience needed to apply AI to cybersecurity use cases. It combines traditional machine learning with agentic AI to build efficient detection systems capable of analyzing alerts, recommending solutions, and executing remediation actions. The course also covers how to deploy AI-powered solutions within existing Security Operations Center (SOC) ecosystems.

The first module focuses on the use of traditional machine learning in cybersecurity. Students will learn how to identify relevant use cases, collect and prepare data, train and evaluate models, and select those best suited to specific operational needs.

The second module explores how to augment detections generated by traditional machine learning or other techniques using agentic AI. This includes leveraging agentic systems to perform deep analyses, generate actionable recommendations, and take concrete remediation actions.

Finally, the course will demonstrate how to integrate these components into a unified solution within a SOC tooling stack. This capstone section emphasizes practical DevOps skills, enabling students to deploy and maintain their cybersecurity AI solutions in production environments. 

Course Outline:

	Topic	Description
Day 1	Basics of Machine Learning and Artificial Intelligence	A brief history of machine learning and its current state of the art.
	Use Case Identification	How to identify relevant cybersecurity use cases where applying ML can provide added value.
	Data Collection and Transformation	How to collect raw data, clean it, and encode it into numerical representations suitable for ML algorithms.
	Model Training and Evaluation	Selecting the best-fit model and evaluating it according to operational needs (e.g., minimizing false positives).
	Lunch
	Use Case 1: Building an Anomaly Detection System	Hands-on lab to build an unsupervised learning–based web attack detection tool using application logs.
	Use Case 2: Building a Phishing Email Classifier	Hands-on lab to build a supervised learning model for phishing email detection.
Day 2	Basics of Agentic AI	Introduction to agentic AI principles and key design patterns (e.g., reflection).
	Getting Familiar with Ollama and CrewAI	Using Ollama models as a service and connecting Ollama with CrewAI.
	Hands-On Implementation of an Agentic AI System	Leveraging Ollama and CrewAI to implement an agentic AI system, incorporating the Reflection design pattern.
	Augmenting Use Case 1 with Agentic AI Part 1	Adding agentic AI to the anomaly detection system developed on Day 1.
	Lunch
	Augmenting Use Case 1 with Agentic AI Part 2	Continuing the integration of agentic AI to enhance detection and remediation capabilities.
	Adding an API Layer to Use Case 1	Using FastAPI to deploy the anomaly detection system as a service.
	Putting It All Together	Using Docker and Docker Compose to deploy the complete solution.
	Integration with SOC Ecosystems	Plugging the developed systems into existing SOC tools such as SIEM and SOAR platforms.

 

Difficulty Level:

Intermediate/Advanced

Intermediate Definition - The student has education and some experience in the field and familiarity with the topic being presented. The student has foundational knowledge that the course will leverage to provide practical skills on the topic.

Advanced Definition - The student is expected to have significant practical experience with the tools and technologies that the training will focus on.

Suggested Prerequisites:

• Knowledge of Python will be very useful
• General knowledge of cybersecurity and threat hunting concepts

What Students Should Bring:

Students only have to bring your laptop/virtual machine with a Linux/Mac system.

What the Trainer Will Provide:

Course Github repository.

Trainer(s) Bio:

Walid Daboubi is currently a Lead AI & Data Engineer at Unit8 in Switzerland, where he provides AI leadership for cutting-edge projects. With over 15 years of experience in cybersecurity and artificial intelligence, Walid has contributed to several global organizations across Europe and the United States.

He began his career with internships at Siemens Corporate Research and Apple Inc. (2011–2012), followed by a role as a Cloud R&D Engineer at Dassault Systèmes in Paris (2013–2017), where he focused on cloud security and operations. From 2017 to 2024, he advanced within Richemont International in Geneva, serving as Cybersecurity Data Scientist and later as Head of Group Security Data Analytics. Most recently, he worked as a Senior Cybersecurity Engineer at Banque Cantonale Vaudoise in Lausanne.

An active voice in the AI and cybersecurity community, Walid has presented at international conferences since 2019, promoting the integration of AI into security operations. He contributes to open-source projects, including Webhawk, a tool featured at Black Hat Arsenal and DEFCON Demo Labs, and participates regularly in Capture the Flag (CTF) events earning Honorable and Super Honorable Mentions at the SANS Holiday Hack Challenges in 2019 and 2021.

Proficiency Exam Option:

This course has the option for a proficiency certificate add-on. To earn the proficiency certificate, students will need to have 80% of Use Case 1 running in production level.

Please reach out to training@defcon.org for any questions related to the proficiency exam and certificate option.

Registration Terms and Conditions: 

Trainings are refundable before March 27, 2026, minus a non-refundable processing fee of $250.

Between March 27, 2026 and April 21, 2026 partial refunds will be granted, equal to 50% of the course fee minus a processing fee of $250.

All trainings are non-refundable after April 21, 2026.

Training tickets may be transferred to another student. Please email us at training@defcon.org for specifics.

If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).

Failure to attend the training without prior written notification will be considered a no-show. No refund will be given.

DEF CON Training may share student contact information, including names and emails, with the course instructor(s) to facilitate sharing of pre-work and course instructions. Instructors are required to safeguard this information and provide appropriate protection so that it is kept private. Instructors may not use student information outside the delivery of this course without the permission of the student.

By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.

Several breaks will be included throughout the day. Please note that food is not included.

All courses come with a certificate of completion, contingent upon attendance at all course sessions. Some courses offer an option to upgrade to a certificate of proficiency, which requires an additional purchase and sufficient performance on an end-of-course evaluation.