Skip to content
View depalmar's full-sized avatar
24 followers · 3 following

Achievements

Achievement: Starstruckx2Achievement: Pull Sharkx3Achievement: QuickdrawAchievement: Pair Extraordinairex3Achievement: YOLO

Achievements

Achievement: Starstruckx2Achievement: Pull Sharkx3Achievement: QuickdrawAchievement: Pair Extraordinairex3Achievement: YOLO

Highlights

  • Pro

Block or report depalmar

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
depalmar/README.md

Raymond DePalma

Principal DFIR Technical Architect at Unit 42 (Palo Alto Networks)
Threat Intelligence • DFIR • Detection Engineering • Applied AI for Security

13+ years across incident response, threat hunting, intrusion analysis, and detection engineering—from holding a DoD Top Secret clearance at MIT Lincoln Laboratory to leading critical breach and zero-day investigations at Unit 42. I build production Python tooling, data pipelines, and multi-agent/LLM systems that turn raw telemetry into attributed intelligence.

🛠️ Core Toolbox

  • Languages & Frameworks: Python, XQL, SQL, Google ADK, LangChain/LangGraph
  • Detection & Analytics: Sigma, YARA, Suricata, SIEM/XDR Query Languages
  • AI & LLM Security: MCP (Model Context Protocol), OWASP LLM Top 10, MITRE ATLAS

🛡️ What I Work On

  • Adversary Tracking: Investigating nation-state and advanced criminal infrastructure (APT, ransomware/RaaS, DPRK insider threat operations, and zero-day exploitation).
  • Threat Intel Automation: Architecting data pipelines and autonomous AI agents to accelerate collection, enrichment, and triaging.
  • Defending AI Infrastructure: Developing practical, production-grade detection rulesets to secure LLM applications and model supply chains.

🚀 Open Source Projects

  • 🌟 ai_for_the_win - An open-source training program featuring 50+ hands-on labs and CTF challenges covering ML, LLMs, RAG, threat detection, DFIR, and red teaming.
  • 🤖 AI-Powered-Ransomware-Intelligence-Agent - An automated n8n + Claude pipeline designed to ingest leak-site data and convert it into structured, MITRE ATT&CK-mapped cyber threat intelligence.
  • 🧰 ai-dfir-toolkit - A vendor-neutral repository of Sigma, YARA, and Suricata rules deployed to detect prompt injection, model supply-chain vulnerabilities, and attacks targeting AI infrastructure.

🎙️ Speaking & Community

  • SANS "Stay Ahead of Ransomware" Series | Featured Speaker alongside Ryan Chapman and Mari DeGrazia
    • "The AI Arms Race: When Both Sides Have Copilots"
    • "Building an AI-Powered Ransomware Intelligence Agent"

🔗 Connect With Me

  • LinkedIn Profile
  • DM me to collaborate on securing frontier models, automating DFIR workflows, or swapping notes on adversary infrastructure analysis.

Pinned Loading

  1. ai_for_the_win ai_for_the_win Public

    Build AI-powered security tools. 50+ hands-on labs covering ML, LLMs, RAG, threat detection, DFIR, and red teaming. Includes Colab notebooks, Docker environment, and CTF challenges.

    Python 149 23

  2. AI-Powered-Ransomware-Intelligence-Agent AI-Powered-Ransomware-Intelligence-Agent Public

    Automated n8n workflow for ransomware threat monitoring using ransomware.live API and Claude AI — companion to the SANS Ransomware Intelligence webinar

    Python 22

  3. ai-dfir-toolkit ai-dfir-toolkit Public

    A vendor-neutral collection of Sigma, YARA, and Suricata rules for detecting compromise of LLM applications, MCP servers, ML supply chains, AI infrastructure, AI-powered insider threats, and RAG/ve…

    YARA 14 1