Skip to content
View depalmar's full-sized avatar
22 followers · 2 following

Achievements

Achievement: Pull Sharkx3Achievement: StarstruckAchievement: QuickdrawAchievement: Pair Extraordinairex3Achievement: YOLO

Achievements

Achievement: Pull Sharkx3Achievement: StarstruckAchievement: QuickdrawAchievement: Pair Extraordinairex3Achievement: YOLO

Highlights

  • Pro

Block or report depalmar

Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
depalmar/README.md

Raymond DePalma

Security Architect | AI/ML Security Specialist | DFIR Expert Creator of AI for the Win - Teaching security practitioners to build AI-powered tools

LinkedIn

About

13+ years architecting security solutions, responding to major incidents, and building detection capabilities. Experienced across endpoint, cloud, and enterprise security platforms at scale.

Specializing in AI-powered security automation, designing solutions that integrate LLMs, machine learning, and data science to accelerate threat detection, incident response, and threat hunting.

πŸš€ Featured Projects

AI for the Win

50+ hands-on labs teaching security practitioners to build AI/ML tools for threat detection, DFIR, and incident response. From ML basics to production-ready detection systems.

What's included:

  • Docker environment with all dependencies
  • Google Colab notebooks for cloud execution
  • 18 CTF challenges for skill validation
  • Production-ready code examples

Stars Forks

Free for personal learning | Commercial licensing available for corporate training and bootcamps.

AI-Powered Ransomware Intelligence Agent

n8n Claude Ollama

Companion n8n workflow suite for the SANS Ransomware Intelligence Webinar. Polls ransomware.live every 6 hours, runs AI threat analysis, and delivers rich interactive reports β€” automatically.

Three-tier workflow progression:

Level What it does LLM Options
101 Monitor + AI analysis + HTML/Slack report Claude or Ollama (local)
200 + IOC enrichment, YARA rules, historical trending, multi-channel Claude or Ollama (local)
300 + Multi-signal attribution, SIEM integration, IR playbooks, threat sharing Claude Opus β€” Webinar attendees

101 outputs a full dark-themed intelligence brief β€” 8 KPI cards, MITRE ATT&CK mapping, attack lifecycle visualization, Chart.js charts, and group profiles. Runs 100% locally with Ollama or in the cloud with Claude.

Stars

πŸ› οΈ Tech Stack

AI/ML Python LangChain Anthropic Google ADK

Security Platforms Cortex XSIAM Cortex XDR Cortex XSOAR Splunk ES InsightConnect Microsoft Sentinel Chronicle CrowdStrike Elastic

Adversary Emulation MITRE Caldera AttackIQ SafeBreach

πŸ“œ Certifications

GPEN GCIH

πŸ’‘ Current Focus

  • Multi-agent systems for automated incident response
  • LLM-powered threat hunting and detection engineering
  • Building open-source security tooling
  • Teaching practitioners to integrate AI into security operations

"ML scales detection, LLMs accelerate analysis, humans drive decisions."

Pinned Loading

  1. ai_for_the_win ai_for_the_win Public

    Build AI-powered security tools. 50+ hands-on labs covering ML, LLMs, RAG, threat detection, DFIR, and red teaming. Includes Colab notebooks, Docker environment, and CTF challenges.

    Python 126 18

  2. AI-Powered-Ransomware-Intelligence-Agent AI-Powered-Ransomware-Intelligence-Agent Public

    Automated n8n workflow for ransomware threat monitoring using ransomware.live API and Claude AI β€” companion to the SANS Ransomware Intelligence webinar

    Python 17