Weekly technical deep-dives exploring the intersection of artificial intelligence and cybersecurity
This repository contains technical research and working code that supports my LinkedIn thought leadership series on AI-enhanced cybersecurity. Each week, I explore practical applications of AI in security operations through hands-on experiments and tool development.
Important Note: All research is conducted under the fictional "Cooper Cyber Coffee" company - a narrative framework I created to explore real security scenarios in a realistic business context. Think of it as a cybersecurity sandbox where I can test ideas, build tools, and demonstrate concepts without involving actual organizations.
Cooper Cyber Coffee is a fictional specialty coffee company I use as a backdrop for security research. Named after FBI Special Agent Dale Cooper (Twin Peaks) - famous for his methodical investigative approach and coffee obsession - it provides a consistent narrative framework for exploring enterprise security challenges.
Why use a fictional company?
- Test real security tools against realistic business scenarios
- Demonstrate enterprise security concepts without exposing actual company data
- Create relatable content that security professionals can map to their own environments
- Build a consistent narrative that makes technical concepts more accessible
My weekly experiments explore:
- AI-Enhanced Threat Intelligence: Using LLMs to accelerate threat analysis
- Security Tool Automation: Building MCP servers and automation frameworks
- Adversarial AI: Understanding how threat actors weaponize AI capabilities
- Detection Engineering: Creating AI-powered detection rules and methodologies
- Risk Assessment: Quantifying AI-related security risks for enterprises
LinkedIn_Content/
├── YY.WWW-[title]/ # Year.Week format (e.g., 25.001)
│ ├── README.md # LinkedIn post content
│ ├── technical/ # Deep dive analysis
│ └── code/ # Working implementations
- Week 1 (2025): LAMEHUG Analysis - Analyzing AI-enhanced human trafficking operations and their implications for enterprise security
- Week 3 (2025): STIX Extraction Challenge - Testing LLMs' ability to extract valid STIX objects from PDF threat reports
- Upcoming: OpenCTI MCP Server - Building production-ready threat intelligence automation
Every experiment follows these principles:
- Practical Over Theoretical: All code is tested and functional
- Enterprise-Focused: Solutions that scale to real-world environments
- Tool-Agnostic: Demonstrations work with open-source and commercial tools
- Reproducible: Complete documentation so others can replicate results
I'm Matthew Hopkins, a Senior Staff Cyber Intelligence Analyst with 8+ years defending Fortune 500 companies from sophisticated threats. I co-lead the National Defense ISAC AI Working Group and specialize in the intersection of artificial intelligence and threat intelligence.
This repository represents my personal research into how AI is transforming cybersecurity - both as a defensive tool and as a weapon in adversaries' arsenals.
- This is personal research conducted on my own time and equipment
- Views expressed are my own and don't represent my employer
- Cooper Cyber Coffee is entirely fictional - any resemblance to real companies is coincidental
- No actual threat intelligence or proprietary information is shared
- This is educational content, not professional services or consulting
LinkedIn: Matthew Hopkins
Focus: AI Governance & Threat Intelligence Leadership
Note: This is a research portfolio. I'm not offering consulting services or professional engagements through this repository.
MIT License - See individual project folders for specific licensing on tools and code.
"The owls are not what they seem" - especially when they're AI-powered threat actors.