Sign up for our free Infosec: Age of AI Summit August 14 Register Here

Workshop: Hunting Shadow AI

Course Authored by .

Shadow AI is the AI your coworkers use without asking.

In this four-hour, hands-on workshop, you find it, sort it, and decide what to do about it.

Course Length: 4 Hours

Includes a Certificate of Completion



Next scheduled date: September 25th, 2026 @ 12:00 PM ET

Description

Shadow AI is the AI your coworkers use without asking.

In this four-hour, hands-on workshop, you find it, sort it, and decide what to do about it.

You’ll work a real log file from a fictional mid-size firm. You’ll spot the AI traffic in the noise. You’ll sort each finding into “shadow,” “sanctioned,” or “unclear.” You’ll score it and pick the top three to escalate, writing a two-sentence note for each.

Walk out with a step-by-step playbook you can run on your own org next week. Students also get a free PDF copy of Gears Don’t Guess: The Executive’s Practical Guide to Thriving in the Face of AI Hype and Risk (soon to be published).

Who Should Take This Workshop

The in-house go-to person on AI risk or the person who wants to be.

Job titles vary: cybersecurity analyst, information security officer, GRC analyst, IT director, internal auditor, privacy officer, team lead. The pattern is the same: hands on the work, eyes on the boss’s calendar, and a need for tools you can use Monday morning.

This is for the practitioner who briefs the boss.

What You’ll Learn

By the end of the workshop, you will be able to:

• Spot shadow AI in your own org using three clear signal sources.

• Sort findings into shadow, sanctioned, or unclear without overthinking it.

• Score each finding on a simple risk rubric.

• Pick the top three to escalate.

• Explain each call to your boss in two sentences.

• Hand a written action plan to your boss the day you leave class.

  • System Requirements
    • A laptop with a web browser.
    • A way to open and filter a CSV of about 5,000 rows. Any one of these works:
    • Excel, Google Sheets, or Numbers using column filters.
    • grep or awk on the command line.
    • Python (pandas optional, plain stdlib is enough).
    • ChatGPT, Claude, Gemini, Copilot, or any other generative AI tool your employer has approved.
    • You will pick one of these lanes and stay in it. The student packet has worked examples in all four, so you can compare notes with a partner who chose a different tool. Manual scanning will not fit inside the work block; the lab is sized to make that obvious.

Syllabus

Four hours, split into four blocks. Breaks built into the agenda.

Block 1 (45 min): Frame the problem

What shadow AI is. Why it grows inside firms of every size. The three signal sources that catch it in everyday log feeds: DNS, web proxy, and SaaS audit events.

Block 2 (45 min): Walk through one finding end to end

The instructor pulls one planted item from the data and works it on screen. Spot it, classify it, score it, and write the note. You see the full loop before you run it yourself.

Block 3 (90 min): Hunt the logs

Paired work. You pull AI traffic from the noise. You sort each finding into shadow, sanctioned, or unclear. You score each one on the rubric.

Block 4 (60 min): Trade, debrief, take home

Pairs swap top-three lists and try to poke a hole in each other’s calls. The instructor walks through three planted cases on screen and the right answer for each. You leave with a one-page playbook to run in your own org.

FAQ

VM/Lab/Student Requirements

No VM. No special platform.

The lab runs against a CSV of about 5,000 log lines you download before class. The file mixes three event types: DNS queries, web proxy events, and SaaS audit events. Roughly 40 AI-related items are planted in the noise.

The dataset size is deliberate. Manual scanning will not fit inside the work block. You will use a filter: Excel’s column filter, grep, awk, Python, or an AI assistant. The cheat sheet of known AI domains is the load-bearing reference.

Your student packet includes:

• A one-page briefing on the fictional company.

• Their written AI use policy.

• Their approved-tools list (sanctioned, pilot, prohibited, under review).

• A cheat sheet of known AI service domains plus red herrings.

• A blank scorecard with dropdowns and a built-in risk rubric.

• Worked-example snippets in grep, awk, Python, and spreadsheet form.

You work in pairs. The instructor sets the pace and runs the debrief.

Pre Requisites

You should be able to:

• Open a CSV file and read a row.

• Search inside a file (Ctrl-F counts).

• Trade ideas out loud with a partner.

About the Instructor

Pixel splash background
Bio

Kip Boyle is a husband, dad, small business owner, and experienced cybersecurity hiring manager. Over the years, Kip has built many InfoSec teams in a variety of settings including as a captain on active duty in the US Air Force, as the CISO of PEMCO Insurance in Seattle, and vCISO in his own company, Cyber Risk Opportunities LLC. Kip is a primary author and leader of the open source “Cybersecurity Hiring Manager Handbook”. He’s also the co-host of The Cyber Risk Management Podcast and the co-host of the Your Cyber Path Podcast.

Register for Upcoming

Workshop: Hunting Shadow AI

Live Training Kip Boyle

  • Certificate of completion
  • 6 months class recording access via Discord

For tuition assistance with this course please send an email to: [email protected] 

$25
September 25, 2026 12:00 pm - 4:00 pm ET
Shopping Cart

No products in the cart.