![[banner4_terminal_2.png|813]] ``` Practitioner notes on detection engineering, threat hunting, and security history. Written by a security engineer with six years in the field, mostly grounded in things I've actually built or dug into. ``` # 📌 Featured Post ## [Hunting for Shadow AI: Detecting LLM Abuse with Tenable & Splunk](https://d3adair.xyz/blog/research/Hunting+for+Shadow+AI+-+Detecting+LLM+Abuse+with+Tenable+and+Splunk) ![[shadow_ai_blog_header.svg|878]] Employees are adopting AI tools faster than security teams can see them. This post walks through the detection pipeline I built with Tenable and Splunk to surface shadow AI usage across 12,000 endpoints, down to which user installed what. --- # Recent Posts **[Hunting for Shadow AI: Detecting LLM Abuse with Tenable & Splunk](https://d3adair.xyz/blog/research/Hunting+for+Shadow+AI+-+Detecting+LLM+Abuse+with+Tenable+and+Splunk)** Detecting shadow AI usage across the enterprise with Tenable's AI plugin family and Splunk. 🎯 [TARGET LOCKED: Current Threats Targeting the Defense Industrial Base (DiB) – 2025](https://d3adair.xyz/blog/threat_intel/industries/dib_2025) Notable adversaries and threats facing the United States DiB in 2025. [My IT Cert Journey - Tips and Tricks](https://d3adair.xyz/blog/resources/how-to/it_certs_tips_and_tricks) My experiences with each of the different IT certs that I have obtained so far in my journey as a security practitioner. ---