David Wolf · Portfolio Use Case
A paid consulting engagement using LLM-assisted attack trees, MITRE ATT&CK mapping, ServiceNow asset inventory, enterprise architecture context, synthetic logs, and Splunk SPL detections.
Delivered a two-month consulting engagement for UNUM that used LLM-assisted attack-tree and attack-story generation, MITRE ATT&CK mapping, ServiceNow asset inventory, data-center and campus architecture context, CISO risk framing, Zero Trust tagging, synthetic log generation, and Splunk SPL detection engineering to create realistic enterprise attack scenarios and testable detection logic.
Client
UNUM
Engagement Type
Paid consulting engagement
Period
2025; two-month engagement
Role
AI Security / Detection Engineering Consultant
Focus Areas
LLM-Assisted Security Engineering, Attack Trees, Attack Stories
The Context
This was a primary paid consulting engagement. The project combined AI-assisted security analysis with enterprise detection engineering, using UNUM-specific infrastructure context, ServiceNow asset inventory, data-center and campus architecture, control group mapping, MITRE ATT&CK alignment, Zero Trust tagging, Splunk SPL query development, and realistic synthetic data/log generation.
The Challenge
The core challenge was converting enterprise-specific architecture and asset context into attack scenarios that were realistic enough to matter, structured enough to map to controls, and concrete enough to become detections. The work needed to avoid generic cyber storytelling and instead produce scenarios tied to actual infrastructure, services, impact paths, controls, telemetry, and SIEM validation.
What I Did
The Outcome
Delivered an innovative AI-assisted detection engineering engagement for a major insurance enterprise.
Scenarios
To MITRE ATT&CK and control groups
ServiceNow
Asset inventory and enterprise architecture context
Splunk
SPL queries for detection engineering
Realistic
Synthetic logs and data for testing
Key Deliverables
Client
UNUM
Engagement Type
Paid consulting engagement
Period
2025; two-month engagement
Role
AI Security / Detection Engineering Consultant
Focus Areas
LLM-Assisted Security Engineering, Attack Trees, Attack Stories
The Context
This was a primary paid consulting engagement. The project combined AI-assisted security analysis with enterprise detection engineering, using UNUM-specific infrastructure context, ServiceNow asset inventory, data-center and campus architecture, control group mapping, MITRE ATT&CK alignment, Zero Trust tagging, Splunk SPL query development, and realistic synthetic data/log generation.
The Challenge
The core challenge was converting enterprise-specific architecture and asset context into attack scenarios that were realistic enough to matter, structured enough to map to controls, and concrete enough to become detections. The work needed to avoid generic cyber storytelling and instead produce scenarios tied to actual infrastructure, services, impact paths, controls, telemetry, and SIEM validation.
What I Did
The Outcome
Delivered an innovative AI-assisted detection engineering engagement for a major insurance enterprise.
Scenarios
To MITRE ATT&CK and control groups
ServiceNow
Asset inventory and enterprise architecture context
Splunk
SPL queries for detection engineering
Realistic
Synthetic logs and data for testing
Key Deliverables
At a Glance
Focus Areas
Tools & Technologies
Public-Safe Caveat
Based on user-provided project context. Intentionally omits sensitive UNUM architecture, ServiceNow asset details, specific services, internal systems, SPL queries, synthetic log schemas, control mappings, and private deliverables.
David Wolf
AI Security · Product Security · Security Leadership
Based on analyzed public signals, not proof of any individual's or company's internal state.
