SecDSM Monthly Meeting
Details
Time: 7:00PM
Speaker: Drey Zhuk
Title: Beyond the Fluff: Building a Security Agent That Actually Works
There's a massive influx of hype around AI agents for security and investigations - most of it is fluff. Chatbots that look impressive in a demo but fall apart the moment they hit a real investigation because they lack context, consistency, and grounding in ground truth.
This talk walks through what it actually takes to build an AI agent that works for threat hunting and security investigations. Not a conversational assistant - an Investigation Operating System.
We'll cover the architecture that delivered real results:
1. The Knowledge Layer (Institutional Memory) - feeding each investigation back into a knowledge database of entities, indicators, historical patterns, and analyst corrections so the agent never starts cold.
2. Data Mapping & Orchestration - teaching the agent where evidence actually lives and which schemas matter, so the model acts as an orchestrator across identity, infrastructure, billing, and usage signals - not just a summarizer.
3. Deterministic Data First, AI Second - using structured telemetry, parsers, and repeatable queries as the factual foundation, with the AI layer reasoning over evidence rather than being asked to 'believe' anything. This is the key to avoiding the hallucination trap.
4. Encoded Tradecraft - encoding investigative methodology (pivot-chain analysis, entity relationship mapping, timeline reconstruction) into repeatable workflows that another analyst can inspect, reproduce, and challenge.
5. Parallelism - fanning out across multiple angles simultaneously, merging results, and launching follow-up pivots instantly to compress multi-hour manual loops.
Attendees will walk away with a concrete framework for moving past 'shiny UI over a basic prompt' and toward AI systems that are reliable investigation partners - with context, constraints, and a repeatable process.
Drey is a Senior AI Security Researcher with a background in threat intelligence and security investigations. Originally from Washington state, moved to Iowa on accident and have spent the last three years in this amazing place.
Hosted by: SecDSM
About SecDSM: a monthly meetup group to network with other InfoSec pros and listen to short tech talks presented by your fellow members (or give a presentation yourself!) while enjoying some beer/drinks/food. No vendors, no sales pitches, no BS. The idea is to provide you actionable knowledge for you to take back to your $dayjob while building a top tier InfoSec community in the Des Moines area. If you have the desire to learn about real world InfoSec scenarios - get out of your comfort zone - and join us in a relaxed vendor free environment. No registration is required.
