π― Sr. Product Manager, Agentic Security β Elastic
π AI-Powered SOC, Threat Detection, and Security Operations
π§ Building intelligent security systems that help analysts focus on what matters
I'm a Product Manager focused on applying AI to security operations at scale. I currently lead product for Elastic's AI SOC Engine (EASE) and Attack Discovery β capabilities that use large language models to help security teams cut through alert noise, discover real attacks, and accelerate investigation.
Before Elastic, I built security platforms at Malwarebytes (ThreatDown) and Graylog β spanning EDR, MDR, SIEM, and security data pipelines across MSP and enterprise environments.
As a PM, I:
- Define AI-powered security capabilities that augment SOC analysts rather than replace them
- Translate complex detection and investigation workflows into simple, trustworthy AI experiences
- Partner with engineering, UX, and research to ship LLM-powered features at production scale
- Balance detection accuracy, analyst trust, and system performance
Product owner for EASE β an AI-powered security operations platform built on Elastic Security Serverless.
- Ingests alerts from third-party SIEMs (Splunk, Microsoft Sentinel, Google SecOps, CrowdStrike, SentinelOne) via agentless integrations
- Automatically promotes third-party alerts into Elastic Security alerts for unified lifecycle management
- Provides AI-powered alert triage and investigation alongside LLM-driven Attack Discovery
- Deployed and delivering value within minutes β designed for SOC teams augmenting existing SIEM investments
Product owner for Attack Discovery β an LLM-powered feature that analyzes security alerts to surface real attacks.
- Identifies attack chains across multiple alerts, mapping relationships to users, hosts, and MITRE ATT&CK techniques
- Scheduled analysis with customizable alert filters (KQL queries, time ranges, alert count)
- Notifications via Slack, Teams, PagerDuty, and email when new attacks are discovered
- Public API for programmatic access and integration into existing SOC workflows
- Works alongside Elastic's AI Assistant (Agent Builder) for deeper conversational investigation
Owned core endpoint security platform capabilities protecting 2M+ endpoints across 60,000+ businesses:
- AI-Assisted Investigation β AI-generated detection summaries and secure script analysis for MDR workflows
- Centralized Audit Logging β Exportable, compliance-ready logs supporting CIS, ISO, and PCI frameworks
- Active Directory / Entra ID Sync β Native directory synchronization expanding identity visibility across endpoint security
- RBAC & Identity β Permission-driven access patterns for MSP and enterprise environments
Helped build the Graylog SIEM platform from 0β1:
- Owned ingestion and export strategies across syslog, JSON, and API-based pipelines
- Built and scaled 50+ integrations including CrowdStrike, Palo Alto, and Okta
- Expanded the platform's data model and integration ecosystem