A couple weeks ago I visited a "Security Automation" Workshop in Dublin. It was pretty chill and fun experience and was a welcome change to the ongoing heatwave during that week (we had chill 20 to 27°C in Dublin, whereas at home it was more like 35 to 38°C).

Overall it was a fun new insight for me and the first useful use of AI I have seen in a while. We learned to automate a "simple" SOC task: Analyzing alerts, enriching them with info (like IP and location of request origin) and classification.

Overview

Criteria Rating Desc
Vibe 4/5 I was a very lovely event with a cozy & professional vibe. Not too corporate or business like, even tho it was basically a "product showcase". But I guess being organized by the WiCyS attracts a certain demographic that I vibe with better than the usual tech/hacking conferences.
Talks N/A There were no talks. Just a workshop with an introduction.
Location 4/5 It was right in the center of Dublin and not too far from my hotel. Got to see a nice bridge on my way there.
Premises 2/5 It seemed like the room was more suited towards a talk than a workshop cuz there were no tables, just seats placed for an audience looking onto the podium. Also didn't seem really accessible (no elevators).
Schedule 5/5 It was perfectly timed in the evening (after "normal working hours") around 6 PM to 8:30/9 PM. Which allowed me to sleep on my normal/usual schedule and then even go back to my hotel and get ready for going out.
CTF N/A There was no CTF
CTF Team N/A No CTF Team but the people attending were lovely.
Food 3/5 There was a selection of FREE vegan donuts, coffee and tea.
Workshops 3/5 The workshop was fun, the speaker/coach was nice to listen to, showed the steps comprehensively and I was able to follow along (and sometimes skip) thanks to the additional, written tutorial/workshop on their website. It did seem to be a mix between a product showcase and a workshop but I enjoyed it nevertheless.

The Arrival - 21st To 22nd June 2026

I Arrived on Sunday, checked into my hotel and then went out to meet a friend of mine in Dublin. We enjoyed a cozy evening together, had some Pizza and walked through the city by night.

However I forgot some important essentials like accessories (chains, earring hoops, rings, etc...), warm clothes (had no sweatshirt with me) and black lipstick. So on Monday I spent walking around the city, exploring and trying to get a "replacement" for the stuff I forgot at home.

There were a bunch of vegan friendly or even entirely vegan restaurants which was very convenient for me.

In the evening I visited the George and danced with a person I met there.

A hotel with a dope mural near the place of the workshop

The Workshop - 23rd June 2026

On Tuesday I explored a different part of the city, finding some murals and graffiti, before going to the workshop in the evening.

During the workshop we were introduced to Tines, an automation platform catered for Security Professionals. Imagine n8n but easier for non-coders or non-Linux users. And hosted in the cloud.

Tines

This article isn't sponsored in any way and during the workshop I was wondering what the benefit over something like n8n is. And someone even asked the question. The answer is, that it is maintained by the company (Tines) and also all the automation tasks/features/functions so they are "secure". It seemed pretty intuitive and well designed with a cute UI.

But what I disliked is that it is entirely in the cloud. Everything you do runs on the tines platform (hosted on AWS), which is less than ideal for security if u wanna keep your data local/not in the cloud.

There is a self-hostable version, but it requires the enterprise license.

Same for AI. You can use/bring your own models and tokens, but if you wanna connect to local LLMs (like ollama or something like that) you need the paid version.

The Workflow

We created a workflow were tines would digest a bunch of alerts and enrich them. We used pre-made building blocks (the ones maintained by tines) that you could parameterize.

With one block we fetched the alerts, with another we reduced the duplicates, then we enriched them with data about the IPs provided. At one point we used an LLM inside tines to create a piece of code to generate a JSON that we can later evaluate. Which was pretty cool.

Instead of calling the LLM every time we run the workflow, we just let it create a code to do the job and run that instead -> can save us some tokens.

In the last couple of steps we let an LLM give suggestions on the criticality based on the data provided and then send an E-Mail with the information to an "analyst" for further inspection.

Conclusion

All in all it was pretty cool and I enjoyed it very much. Like I said, the app is cool, but I dislike the "no local hosting without paying" business model. I like the general idea of automating the SOC processes, detecting phishing etc. So much in fact, that I added those services to my companies portfolio of services :D

PS: I had the weirdest experience at the airport, where we basically walked from the gate to the parking/taxing location of the plane after/during boarding. Never had this experience before.

Previous Post