Web Programming: Past, present, and future

People often ask what is the best way to learn how to program web applications. Is it Angular, React, something else? The problem is that the web has been around a long time, and there are a lot of different technologies to learn. Just a framework isn't enough. This talk walks through the history of the web, introducing each new technology chronologically, deciding whether or not it is worth learning.

Neo4J and GraphQL - A match made in heaven

As many people have discovered, implementing a GraphQL API over a relational database is fraught with peril. An implementation can end up with performance problems in many different ways. First we will take a look at how graph databases differ from relational databases. Then we will show how using. graph database as your underlying store fits the GraphQL model perfectly, and also eliminates a lot of boilerplate code.

1 hour long. Slides and JS/TS demos.

LangChain: A Crash Course

LangChain is a framework and platform for LLM application development. They aim to provide an abstraction that allows your code to easily pivot and mix and match various pre-processors, language models, stores and agent platforms. The library itself is enormous in breadth. We will take a look at which abstractions are provided and how to use them. We will ultimately answer whether their abstractions work, when to use it, and when to not bother.

1 hour long. Some slide intro, mostly jupyter notebook demos.

A Survey of Natural Language Processing

This talk walks through a little history of the field pointing out the major innovations that brought us to this point, before diving into some concrete use cases on a variety of models that can be employed to solve specific problems.

This talk was given at the Azure AI Conference in Las Vegas on Dec 8th 2022.

Threat Modeling the AI Stack: Securing Data and Model Pipelines from Ingestion to Inference

As organizations accelerate AI adoption, the security of data and AI pipelines often lags behind model performance. From poisoned datasets and compromised feature stores to model exfiltration and prompt injection, each stage of the AI lifecycle introduces new, often misunderstood risks. This talk presents a practical framework for threat modeling across modern AI stacks — from raw data ingestion and training pipelines to model deployment and API exposure.

Using real-world examples and case studies, we’ll explore:

Common attack vectors in data and AI workflows

Misconfigurations in MLOps platforms and how attackers exploit them

How traditional threat modeling approaches (e.g., STRIDE) can be extended for AI

Tools and controls to secure pipelines at each stage

Whether you're a security architect, data engineer, or ML practitioner, you’ll leave with actionable strategies to harden AI systems end-to-end — and a threat model template you can apply immediately in your environment.

Co-presented with Ike Ellis

AI for the Security Professional: Real Use Cases, Shadow AI, and Adoption

We’ll explore:
• Where AI and ML already work (e.g., anomaly detection, malware classification, phishing detection)
• Where it fails — and why (e.g., alert triage, contextual reasoning, automation fatigue)
• What red flags to look for in vendor AI tools — and how to ask the right questions
• How to discover which AI tools your employees are using (“Shadow AI”)
• How to build a security policy for AI usage based on model type, API terms of service, and data classification