Flocon 2025
Mar 4-6, 2025 • Pittsburgh, Pennsylvania
Situational Awareness: Beyond the Network
FloCon 2025 has been canceled. All registration fees will be refunded.
With the enormous amounts of data from ever-expanding sources, how can we apply the power of scalable analytics to this large-scale data to protect our systems from cyber threats—both internal and external? This year's theme focuses on using these analytics to safeguard organizations and networks.
If you’ve attended FloCon before, welcome back! Network data analysis is still an important part of FloCon. Now you'll have the opportunity to share your work with a wider cross-section of data analysts and security professionals.
Keynote
Michael Buratowski
Senior Director of Cybersecurity Operations for The Home Depot
Mike Buratowski is responsible for the security operations center (SOC), network security operations, threat exposure management, and data protection and encryption for The Home Depot.
Prior to joining The Home Depot, he was a managing director in the cybersecurity practice at EY where he supported several Fortune 100 companies with various cybersecurity efforts. While working for Fidelis Cybersecurity, Mike led all services for the organization. During this time, he led teams that responded to many breaches that were reported in the news.
Before working in the private sector, Mike was employed by General Dynamics where he spent significant time leading large teams at the Defense Cyber Crime Center (DC3) and United States – Computer Emergency Readiness Team (US-CERT). Mike got his start in cybersecurity as a detective conducting computer forensics in the Computer Crimes Unit of the Montgomery County Police in Maryland.
Mike Buratowski is the Senior Director of Cybersecurity Operations for The Home Depot and is the keynote speaker for FloCon 2025
Accepted Speaker Highlights
| Presenter(s) | Topic |
|---|---|
| David McGrew, Cisco | Enterprise Encryption: Good, Bad, and Absent |
| Hafiz Farooq, Saudi Aramco;Muath Al Abas, Saudi Aramco | AI-Powered Multi-Model Vigilance for Threat Detection |
| Lakshmi Adiga, CyLab, Carnegie Mellon University;Brian Singer, CyLab, Carnegie Mellon University | Using LLM-Assisted Autonomous Attackers to Create Labeled Datasets at Scale |
| Alan Savage, DoD Cyber Crime Center | What's Really Going on in My Network, and What Will It Cost Me to Know? |
| Kazunori Kamiya, NTT Security Holdings, NTT Social Informatics Laboratories | Detection and Sharing of C&C Servers based on Network Flow Analysis in Japanese Carriers |
| Blake Anderson, Cisco | Tracking and Correlating Flows Across Your Network for Improved Detections |
| Dan Ruef, Software Engineering Institute, Carnegie Mellon University | Cloud FLow Log Optimizations |
| Robert Moody, The Home Depot | Architecting the Last Line of Defense: Distilling the Threat Landscape to Prioritize CIS Safeguards |
| Angel Kodituwakku, Centripetal Networks, Inc. | Bogon Analysis and Management: A CTI Perspective |
| Steven Dong, Carnegie Mellon University | Tackling Long-Term Network Trace Retention Challenges Using Deep Generative Compression |
| Brennan Lodge | RAGe Against the Machine |
| Shapor Naghibzadeh, Google | Agents for Cybersecurity Operations: Transforming Detection and Response with AI |
| John Althouse, FoxIO | Solving the Internet with JA4+ Network Fingerprinting |
| Milind Srivastava, Carnegie Mellon University | Reducing Cloud Costs for Security Data Analytics by 10x Using Principled Approximation |
| Anmol Agarwal, Aloratech | Rise of the Machines: Adding a Human in the Loop to AI |
| Brian Contos, Sevco Security | Malicious Actors Depend on Your Unknowns. Disappoint Them! |
| Brian G. Rodiles Delgado, The University of Texas at El Paso | Incorporating Dynamic DMZ Towards Resilient OT Infrastructure |
| Jay Matthews, AT&T;Christopher Iverson, AT&T | Pivot Analysis |
Top Three Reasons to Attend FloCon
- Become a better analyst!
Learn about new techniques, tools, and ideas in FloCon training workshops. - Improve your data analysis!
Find out how other organizations explore large datasets and apply what you've learned. - Network!
You'll meet a wide variety of cybersecurity practitioners from industry, government, and academia during social and networking events.
FloCon: Fifteen Years of Data, Defense, Discussion, and Diversity
By Tim Shimeall, November 2019
"FloCon started as a small gathering of government workers, contractors, and academics. The first FloCon, held in the fall of 2004, was by invitation only. By the second year, the conference opened to all who wanted to attend: over 80 government staff, academics, business people, and engineers. From that beginning, the conference developed into a blended mix of practitioners, investigators, implementers, and users."
FloCon 2025 Sponsors
Learn more about past FloCon events below.
FloCon 2023
Santa Fe, NM | Jan 9-12, 2023
We now collect enormous amounts of data from our systems. How can we apply the power of scalable analytics to this large-scale data to protect our systems from cyber threats—both internal and external? FloCon 2023’s theme, Situational Awareness: Beyond the Network, focuses on using these analytics to safeguard organizations and networks.
Browse 2023 PresentationsFloCon 2022
Online | Jan 11-13, 2022
These presentations were given virtually at FloCon 2022, an annual conference that focuses on applying any and all collected data to defend enterprise networks. This year's theme of Using Data to Defend remains critical given the security challenges of remotely supporting customers, vendors, and employees.
Browse 2022 PresentationsFloCon 2021
Online | Jan 12-15, 2021
Video recordings of presentations and courses from FloCon 2021 conference.
Browse 2021 PresentationsFloCon 2020
Savannah, GA | Jan 6-9, 2020
These presentations were given at FloCon 2020, an annual conference that focuses on data-driven network security. Speakers from industry, government, and academia presented talks on how to apply “big data” analysis techniques to solve difficult security problems.
Browse 2020 PresentationsFloCon 2019
New Orleans, LA | Jan 7-10, 2019
FloCon explores advanced, cutting-edge "big daya" analytics in support of security operations.
Browse 2019 PresentationsFloCon 2019
Tucson, AZ | Jan 8, 2018
Flocon 2018 expanded its focus to present sessions on applying analytics to ANY large-scale dataset to enhance security (not just network flow data).
Browse 2018 PresentationsFloCon 2017
Jan 9-12, 2017
At FloCon 2017, attendees discussed the analysis of large volumes of traffic and the next generation of flow-based analysis techniques.
Browse 2017 PresentationsFloCon 2016
Daytona Beach, FL | Jan 11-14, 2016
FloCon 2016, showcased next-generation analytic techniques and was geared toward operational analysts, tool developers, researchers, and others interested in applying the latest analytics against large volumes of traffic.
Browse 2016 presentationsFloCon 2015
Portland, Oregon | Jan 12-15, 2015
At FloCon 2015, attendees discussed the art of network analysis and how to make it more formal, rigorous, reliable, well-grounded, and repeatable. VIEW VIDEOS
Browse 2015 PresentationsFloCon 2014
Charleston, South Carolina | Jan 13-16, 2014
FloCon 2014 provided a forum for operational network analysts, tool developers, researchers, and other parties interested in the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.
Browse 2014 PresentationsFloCon 2013
Albuquerque, New Mexico | Jan 7-10, 2013
This year, organizers and participants focused on the challenges of "Analysis at Scale” and discussed how to refine "big data" into knowledge, design methods for aggregated analyses at the network edge, and build systems for monitoring thousands or millions of assets at once.
Browse 2013 PresentationsFloCon 2012
Austin, Texas | Jan 9-12, 2012
At FloCon 2012, participants focused on the progression of analytics from ideas, to prototypes, to tools. Attendees discussed topics such as incident case studies that sparked new ideas, how flow data can help refine a static signature, and how to identify the costs and benefits of implementing a technique at the large-scale network level versus host level.
Browse 2012 PresentationsFloCon 2011
Salt Lake City, Utah | Jan 10-13, 2011
This year, participants explored a wide range of topics and discussed dark space, how many web servers are actually operating, spam, and how DNS servers area susceptible to cache poisoning.
Browse 2011 PresentationsFloCon 2010
New Orleans, Louisiana | Jan 11-14, 2010
FloCon 2010 focused on flow data analysis within the context of other data sources. Presentations emphasized techniques for analyzing flow data, integrating flow data with network data sets, and engineering support for flow analysis and integration.
Browse 2010 PresentationsFloCon 2009
Scottsdale, Arizona | Jan 12-15, 2009
At FloCon 2009, presenters discussed topics dealing with flow for network forensics, network inventory, and incident response.
Browse 2009 PresentationsFloCon 2008
Savannah, Georgia | Jan 7-10, 2008
At FloCon this year, attendees described useful experiences in flow analysis and presented innovative solutions in security analysis.
Browse 2008 PresentationsFloCon 2006
Vancouver, Washington | Oct 9-12, 2006
This FloCon conference included 12 papers and 13 presentations given by experts in the field of flow analysis. Discussions covered topics such as flow processing, flow measurement, network traffic, and analysis methods.
Browse 2006 PresentationsFloCon 2005
Pittsburgh, Pennsylvania | Sep 20-22, 2005
At FloCon 2005, conference participants gathered to discuss flow and network security analysis and ways to improve these technologies.
Browse 2005 PresentationsFloCon 2004
Crystal City, Virginia | Jul 22, 2005
At the first FloCon in 2004, attendees gave talks on analysis, infrastructure, and data sharing. Topics covered included scanning very large networks, standardization efforts to support data exchange, security at line speed with netflows, and AirCERT.
Browse 2004 Presentations