The Advanced Persistent Talent series profiles ThreatConnect employees and explores how their work impacts products and offerings, how they got here, and their views on the industry at large. Want to know more about a particular team? Let us know!

As a seasoned marketer in the cybersecurity space, Dan Cole has heard all of the old product narratives before — from “attackers are outpacing security teams faster than ever” to “alert fatigue is overwhelming analysts.” In an industry where the work is both complex and, to some, a little dry, it can be tricky to come up with new, flashy ways to tell a brand story. That’s why Cole always starts with what matters most: helping analysts do work with real impact.

“We’re really trying to help these analysts prioritize work that actually helps them feel like they are making a difference,” Cole says. Sometimes that means explaining ways to use tools like ThreatConnect’s Risk Quantifier to attach real dollar figures to the results threat intelligence provides. And other times, it means finding new ways to share best practices — like, say, by comparing them to Star Wars. 

Whatever he might be working on, Cole wants to make sure ThreatConnect’s products solve the biggest real-world problems facing clients. And as for when he’s outside of work? You’ll probably find him outside photographing and, sometimes, rescuing wild foxes.

The following conversation has been edited for clarity and length.

How did you get into threat intelligence, and what does your role look like day to day?

Dan Cole: I was a product manager for almost 15 years in a variety of industries, but then I was hired at ThreatConnect 10 years ago as part of their series B to lead and build out their product management team. I’ve kind of shifted roles since then, but it involves spending a lot of time with customers to understand their pain points, understand where they’re running into roadblocks, and make sure that our roadmap is prioritized to remove those roadblocks. Since then my role has shifted to help educate the market on some of the best ways to remove those roadblocks – ideally with our products!

Pretty much everything I learned about threat intelligence, I learned from our customers and the challenges that they are actively facing every single day.

What is the most challenging part of your job?

The most challenging part of my job is ensuring that what we are doing helps people feel like they matter. We all want to feel like the work we’re doing is making some kind of impact and moving some kind of needle. Like it’s not just busy work that’s going to end up in the trash. 

Every vendor talks about alert fatigue and how overwhelming it can be. Studies clearly show the impact that those sorts of things have on the emotional well being of these analysts. But our goal isn’t just to help analysts feel less overwhelmed. We’re really trying to help these analysts prioritize work that actually helps them feel like they are making a difference.

I saw you’ve used Star Wars as an analogy for the threat gap in a webinar before. What gave you the idea to do that?

We want to stand out in the industry and make things a little fun. Considering the toll that this work takes on the mental health of these analysts, if we can give them a break with something a little entertaining, great. It’s better than another dry corporate webinar where someone is just pitching their product. It’s about evangelizing not just our products, but the different approaches to cyber defense that can make analysts more effective in their roles.

You’ve also written about how cybersecurity professionals can use AI as a teammate. How would you describe the potential and the risks associated with AI? 

The way one customer put it to me was that AI is kind of the world’s smartest intern. I might trust an intern to do research, but I’m not going to let them push the big red button or handle something that might blow up our security stack. 

One big risk is that AI can be a black box; you might not be able to really understand how it reached its conclusion. It’s very easy to add an LLM to an existing security product, but it can be hard to know if the underlying data that that LLM uses is any good. But at ThreatConnect, we have the DNA of being a data company. We have billions of records and 1.2 million different sources of data. So the LLMs that we put on top of our products have access to data that is vetted and high fidelity and reliable, and we can be transparent and provide receipts. So when you hire that “intern,” you can trust the data that they are running out to gather is solid.

That would make a huge difference. And how do you spend your time outside of ThreatConnect?

I am an amateur wildlife photographer. I also do wildlife rescue, including volunteering at a rescue focused on saving foxes from fur farms. I enjoy all things food — from gardening, to actually growing the food, to cooking, to actually making the food, to going out to restaurants to enjoy food without having to do dishes. I also love backpacking and being outdoors.

Which rescue organization do you work with, and what’s that like as a hobby? 

It’s called the Wildlife Rescue League. I also work with Save a Fox out of Minnesota. And it’s not easy. When wild animals are injured or sick, they don’t want to be trapped. But we have an entire network of rescuers, transporters, vets, and rehabilitators. 

Just this past Sunday, I picked up a raccoon that had pneumonia, put him in the back of my car, and drove him to a rehabilitator where he’s going to get some antibiotics, get some rest, and eventually be released back into the wild.

What other types of animals have you rescued?

Foxes are my favorite, but I’ve also gotten to release a one-eyed owl back into the wild. I’ve done turkey vultures, which are super cool. And one time, I had a red shouldered hawk, which spent the entire car ride screaming at the top of its lungs. It was still super fun.

Do you have some sort of enclosure in your backseat to transport these animals?

Sometimes it’s just a cardboard box, and sometimes a cage. Luckily, I’ve never had an escapee, but it has happened to others.

I’d wondered about that. Why are foxes your favorite?

Gosh, I’m trying to think of a way to loop them back to the theme of threat intelligence. 

If you could do that, it would be great for this article!

I’ll start a sentence, and eventually I’ll find my way there. First of all, they’re beautiful. They are misunderstood. And just like I like to stand up for the intelligence analysts, I’m a fan of the underdog. I want to stand up for the little guy. But foxes are extremely clever. They’re this perfect mix of curiosity and bravery and caution, and they’re very adaptable.

When I think about threat intelligence and cybersecurity, I do think good analysts also have a healthy mix of curiosity, bravery and caution. You want to be bold, because the attackers certainly are, but you also want to be cautious and not make mistakes when you’re taking a blocking action or promoting a new strategy. And certainly, you have to be extremely clever and extremely adaptable. For example, as adversaries start leveraging AI more and more, we need to adapt the way we do cyber defense so that we can stay ahead of those threats.

Nicely done with that metaphor. And has wildlife rescue also made you better at wildlife photography?

Yeah, 100%. Foxes, especially, have such varied personalities. You can just tell they let the intrusive thoughts win. Now that I’ve gotten to know their personalities, it’s helped me not only work with them but also figure out what I want to bring out in my photos. If I’ve got a fox that is particularly spicy, I want to find an opportunity to showcase that.

The post Why ThreatConnect’s VP of Product Marketing Spends His Off Hours Rescuing Wild Foxes appeared first on ThreatConnect.

The Advanced Persistent Talent series profiles ThreatConnect employees and explores how their work impacts products and offerings, how they got here, and their views on the industry at large. Want to know more about a particular team? Let us know!

Angel Salcedo radiates energy even through a computer screen. The warmth in his smile and the confidence in his voice help explain why he thrives as a customer success engineer: he  knows that the work begins with careful, empathetic communication. 

“Customer success is not about knowing all the answers,” Salcedo says. “It’s about starting a dialogue where everyone’s expertise carries equal weight. That’s how you problem-solve in a field that’s always changing.”

“In tech, what was yesterday is not today, and what’s today is not tomorrow,” Salcedo says. “The more we allow that opportunity to be collaborative rather than feeling we have to know it all, the more we can deliver.” Read on to learn how he helps ThreatConnect clients reach their goals.

The following conversation has been edited for clarity and length.

How did you get into threat intelligence?

Angel Salcedo: It’s a funny story. I graduated with my master’s in information technology from Kennesaw State University in 2019. I held a few jobs after graduation before I found myself in a Tier 2 developer role during the pandemic. My interest in technology and systems continued to grow. I found myself constantly asking questions, questioning solutions, and ultimately became curious about other roles in information technology.

I stayed at that company until 2022, when I landed a role as a cybersecurity analyst. I then had the opportunity to coordinate with a recruiter at ThreatConnect. The recruiter I met with was not only welcoming but also made me feel like ThreatConnect could be my place to grow tremendously. My first round interview felt fate-fueled. It was an interview where the interviewer and interviewee just clicked. I answered the questions confidently while expressing my curiosity and desire to grow. It was welcomed, and I was told I would grow tremendously. That is still true to this day. 

What does your role look like day to day?

Threat intel is, in and of itself, a beast with many facets and complexities that can be challenging for our clients to understand when they first work within ThreatConnect. I work as a conduit to successfully deploy automations, develop workflows, and create visualizations that help leadership understand the actions to take to improve their businesses’ security posture. I tackle meetings, work with different organizations and people, and constantly ask, “What are ways we can further mature your cybersecurity program? What’s our next big mountain to climb?”

What is either the most challenging or maybe interesting part of your job?

I like to say I’m a jack-of-all-trades because of the vast number of tools ThreatConnect integrates with. My engineering colleagues and I are like puzzle pieces that come together to form a really great picture. We all bring different skills and different tools that work together to develop a successful threat intelligence program. Not only do I feel like a whiz at ThreatConnect, but, thanks to what my colleagues with expertise in other areas have taught me, I also feel pretty sharp when it comes to different tools that integrate with ThreatConnect. 

How do you set customers up for success with these tools?

It’s about putting your hand out and saying that we’re going to do this together. That’s the beauty of customer success: you’re not alone, and I’m not alone. We’re going to get to the other side together. I love working through that dialogue and letting them know, “Hey, your idea is just as important as my idea, and our ideas together are going to get us where we want to go.” It’s an opportunity for us to learn from each other, and that’s just as important as being the one who knows all the answers, because new things pop up every day. 

In tech, what was yesterday is not today, and what’s today is not tomorrow. The more we allow that opportunity to be collaborative rather than feeling we have to know it all, the more we can deliver.

What’s been the most interesting thing you’ve worked on this past year?

In 2024, ThreatConnect acquired Polarity, so one thing I’ve been able to do is connect that tool to ThreatConnect more cohesively. Previously, Polarity interacted with ThreatConnect to gather intel and present it from Polarity’s perspective. This year, I worked with some of the engineers and developers on the Polarity side to get a successful integration with ThreatConnect underway. Since demonstrating the capability, a few organizations I worked with before the acquisition have told me, “This capability is how I envisioned Polarity being integrated into ThreatConnect from the very beginning!” That’s been a challenge that I have learned tremendously from.

How do you like to spend your time outside of ThreatConnect? 

I love to spend time with my family and friends. I am a community-oriented person. I enjoy bringing great people together. I am also someone who uses a wheelchair. I call it sitting down, and it’s driven me a lot, no pun intended. It’s been really cool to see how that part of my life has provided me with adventurous opportunities. I’m one of the ambassadors for the Kyle Pease Foundation, a really great national organization based here in Georgia. It allows people with disabilities who sit down, like me, to participate in 5K runs, 10Ks, half marathons, and marathons around the country. I completed a half-marathon in two hours and 10 minutes at about 5 a.m. on Thanksgiving Day. I also volunteer and am a member of Phi Beta Sigma Fraternity, Incorporated, so that’s a big part of my life, too. 

The beautiful thing about what my life has taught me is that I’m never afraid of a challenge. I love doing hard stuff, and so it’s brought me to this place of wondering, “What’s the next hard thing I can do, and what’s the next hard thing after that?” My circumstances have definitely made me think outside the box, but they’ve also, in some ways, made me create my own shape, and that’s been a really, really beautiful thing. I don’t know if this is a quote from someone else; I hope it’s just me, but I live by it and think it will guide me for the rest of my life: “See the man before the chair.”

It takes a lot of work to complete a half-marathon. How do you apply that discipline to your job?

I always think that people have a fire inside that burns regardless of their circumstances. I call them “core fires”. If I had everything today and nothing tomorrow, my core fire would still burn. Mine is that I love to help people. I’ve had a really excellent upbringing from people who wanted to help me and who saw beauty in my spirit and my light. I feel like I’m here on purpose. I love to give back; in work, that translates to both creating solutions and authentically engaging with our clients. It’s being able to talk to someone who might need that extra little conversation about how their dog is doing, even if it’s just that small. 

I love that about my job; it’s not just about engineering great things. I love the challenge of that, but more than anything, I really do love to help. This year, two of the organizations I work with reached 100% of their goals, and that really makes me happy. It is our success and hard work that allowed us to achieve 100%. For them to be on the other side and say, “That engineer is doing great things for us.” That is what truly excites me every day at my job.

The post ThreatConnect Customer Success Engineer Angel Salcedo Makes Success a Team Sport appeared first on ThreatConnect.

The Advanced Persistent Talent series profiles ThreatConnect employees and explores how their work impacts products and offerings, how they got here, and their views on the industry at large. Want to know more about a particular team? Let us know!

How does a biochemistry diplomate wind up working in cybersecurity? For ThreatConnect Senior Security Engineer Matt Brash, it was all about being in the right place, and talking to the right person, at the right time. 

Brash had been working part-time in a suit shop after graduating from university as he planned his next moves when he met a customer who worked in cybersecurity. While he sold the man on the suit, the client sold him on the field. “It was really that one conversation in a suit shop that sort of shaped my career,” he says. It’s turned out to be a perfect fit. 

Analytical by nature, Brash relishes the problem-solving that goes into his work as a security engineer, taking complex problems and transforming them into an actionable game plan. “The intelligence problems that our customers have can often feel overwhelming to them,” Brash says, “and sometimes they need guidance in taking that big problem and breaking it down into small, tangible improvements that we can add over time.” 

That, for Brash, is the most rewarding part of the job — “when you can step back and actually see that a team is working more efficiently and leveraging the data we provide in a meaningful way.” Here’s how he gets it done.

The following conversation has been edited for clarity and length.

What does your job at ThreatConnect entail on a day-to-day basis?

Matt Brash: My job is to help understand customers’ technical needs when it comes to using threat intelligence data, and to then turn those needs into real-world capabilities in our platform. 

ThreatConnect is an automation platform that centralizes lots of different intelligence data into one place, so I help customers understand what types of intelligence they can access and what formats that data is available in. Then, the question becomes, “What do we do with the data?” And that’s about understanding who is going to be able to make decisions based upon that intelligence, so we dig into specific pain points within the rest of the security team to understand how they can use curated intelligence to work more efficiently.

Which side of that equation would you say is more challenging?

Definitely the latter. I think threat intelligence teams sometimes struggle to justify their value. They provide huge value to security organizations, but it’s not always easily quantifiable. We help customers capture key metrics to demonstrate the performance improvement that intelligence provides.

I also find that intelligence teams are often positioned as sort of a side team for the rest of the security, whereas at ThreatConnect, we’re trying to empower them to feel that actually, no, intelligence is really the heart and knowledge base that should inform all of the security teams. That’s the mentality change we’re trying to drive.

What excites you most about this work?

It sounds really cliche, but it’s probably solving complex problems — being able to tangibly see that we’ve improved a customer’s business processes through automation, or by making data more accessible to the right security stakeholders. That’s really the most enjoyable part of the job, when you can step back and actually see that a team is working more efficiently and leveraging the data we provide in a meaningful way.

What’s the most interesting challenge you’ve worked on this year?

The one that stood out for me was helping an organization really operationalize their data. We work with lots of clients from different industries, and a lot of the time, it’s not a data problem. They already have access to lots of threat intelligence data, but they don’t, perhaps, know how to prioritize what is relevant to them and then automate feeding this data into their existing processes. 

That’s really the type of problem I like to solve, because cyber as an industry has a big burnout problem. Most security teams we speak to say, “We have too many alerts. We’re always working outside of our normal working hours.” If we can help those analysts work more efficiently, they’re going to get greater job satisfaction.

How has cybersecurity changed in the time you’ve worked in this space?

AI has completely flipped the narrative for most organizations in the last 18 months. For example, it’s being used to produce deepfakes, so organizations can no longer trust who they are potentially communicating with. Malware engineers are also using AI to constantly produce new strains of malware. Just like adversaries use AI to target us, we need to know how to use AI to better detect these things. 

At the same time, every organization in the world is adopting AI in their main technologies. Whether you work in marketing, sales, or HR, you’re probably using a product today that has some underlying generative or agentic AI capabilities. So the question is, how are we going to make sure that the models that underline those systems can’t be tampered with by adversaries? All of this, I think, is the new frontier of cyber war.

How do you like to spend your time outside of work?

I made a big lifestyle move a few years ago. I’ve been a West Londoner most of my life; I was born in West London and always sort of stayed around the area, but my wife and I moved to a farm in the west of Ireland three years ago.  I really like the outdoors. I love treks. I love cold water swims and go swimming all year round — December, January, February. I love just being out in the water. 

Golf is my other passion. I’m very bad at it; I don’t have a good handicap, but still, I think golf is a good way of mentally unwinding, especially when you’re in a high-stress job like we are. You’re always on when you work in a sales engineering role, always thinking about, “How can I improve this for a customer?” When I’m golfing, I can just completely switch off.

Cold water swimming sounds like a mental challenge as well as a physical one. What makes it rewarding for you?

My sales guys and I have a sort of inside joke about winners’ mentality: you’ve got to push through pain to get what you want in life. Maybe it’s got a little bit to do with that. If you can master your reaction to cold water, you come out, and you feel very relaxed. It’s almost like you pushed yourself through an endurance test, and whenever you actually go through that barrier, you feel like you’ve achieved something.

The post How ThreatConnect Senior Security Engineer Matt Brash Rescues SOC Teams from Burnout appeared first on ThreatConnect.

The Advanced Persistent Talent series profiles ThreatConnect employees and explores how their work impacts products and offerings, how they got here, and their views on the industry at large. Want to know more about a particular team? Let us know!

When you work in risk quantification, you face two main challenges: helping clients understand the value of what you do, and then helping them implement it. But after working in risk quantification since 2016, with another 10 years of experience in risk management, ThreatConnect’s Senior Solution Architect Tim Wynkoop has become an expert at both.  

Risk quantification can provide actionable data that enables decision-makers to prioritize better and act faster, but only with the right strategy. According to Wynkoop, the key is to know what you need to measure and what you don’t. Without that discernment, he says, “You’re trying to boil the ocean.”

Outside of work, Wynkoop enjoys traveling and putting his strategic mind to use while playing board games. Surprisingly, his favorite is not Risk. Read on to learn how he protects clients even while working from halfway around the world.

The following conversation has been edited for clarity and length.

How did you get into threat intelligence and risk quantification? 

Tim Wynkoop: I’ve been in risk management since about 2006 and worked in a variety of different roles, mostly in the banking world and the financial sector. I’ve held operational risk roles, as well as business continuity and disaster recovery positions. In 2016, I transitioned into risk quantification, leveraging the FAIR model at a predecessor to ThreatConnect. Then, I helped a customer build a risk management program before ultimately coming here.

How did that journey shape how you approach what you do?

There was a little bit of an awakening. Throughout that process, I was using subjective risk measurements like “inherent” versus “likely.” That’s where risk quantification came into play. 

Really, risk quantification is a decision enablement tool. The whole crux of risk quantification is that it should enable me to make better decisions, whatever that decision is: Should I invest in this control? Should I patch this vulnerability versus that vulnerability? Should I invest in these other things? What should I do about this? Is this an acceptable amount of risk to my organization? 

With risk quantification, I’m actually able to say, “Look, if this is the bad thing that you’re worried about happening, here’s how much it’s going to cost you.”

What does your role look like at ThreatConnect?

Officially, I help on the pre-sales side, where I give demos, help people figure out what their problems are, and explain, “Why is risk quantification better than what you do?” However, given my background, I also help out with customer success on the post-sales side. 

A lot of the time, when people get into risk quantification, they want to measure everything. And yes, you can do that, but you’re trying to boil the ocean. You’re trying to do too much, too fast. So when someone does become a customer, I help them identify, “What are you all trying to do? How can we help you get there and also get value out of the platform?”

What, to you, is the top benefit of risk quantification?

Honestly, it goes back to that ability to make an informed decision that’s defensible. If you’re going to go to an executive, or your board, or whoever owns the money organization, and say, “I need $10 million to fix these problems that we’re going to have,” it’s not enough to say, “because I said so.” It makes a difference to actually be able to say, “Look, I need $10 million because it’s going to reduce our risk by $20 million.”

How do you assign a dollar value to a risk?

To quantify risk, you basically need to ask a couple of questions: first, what problem are you trying to solve, and second, what’s the bad thing you’re worried about happening? 

If you’re able to say, “This is the bad thing I’m worried about happening” — meaning, somebody doing something bad to a thing of value  — then the last question is, what are you doing to protect yourself from that? So let’s say you’re trying to protect valuables inside your house. If you’re living in a high-crime neighborhood, are you leaving your door unlocked? 

That’s basically what risk quantification is. It’s saying, “When this bad thing happens, what’s the impact on me if this bad thing were to happen?”

How do you spend your time outside of ThreatConnect?  

My wife is a pediatric ICU doctor and a malaria researcher, so we spend six months out of the year in Africa. I can still work there, but that’s an interesting thing. I enjoy traveling — being able to visit new places and try new things. And then, we have a ten-month-old, so that’s a whole interesting new adventure.

But other than that, I’m a quasi nerd. I’m not as nerdy as other people, but I enjoy playing board games and things like that.

What is your favorite board game? The obvious choice here would be Risk!

Surprisingly, not Risk. I would say, like, Settlers of Catan or Ticket to Ride — those types of strategic games.

And how do you balance working while traveling abroad in a different time zone?

Ultimately, I adjust my schedule. I still basically stay on Eastern hours. Because of my role, I support global, so I don’t usually start my day until the afternoon over there, because it’s six or seven hours ahead, but it’s also more convenient for me to work with some of our international clients because of the time difference.

Have you traveled since welcoming your little one?  

We went last year. That was a little bit more challenging, because she was only three months old at the time. We had somebody who would help watch her a couple of days before that time, and then my wife and I would just switch off, but she didn’t want anybody other than us. It was only for a month, so it wasn’t too bad. We’re hoping that this time around, she’ll be more open to having other people hang out with her.

Does working in risk quantification and risk management shape your approach to problem-solving and prioritization in everyday life? 

I would say yes, mainly because everybody deals with risk. For example, if you’re married, you’re taking a risk telling your spouse that you’re going to be home at 6:00 if you won’t get home until 6:30. If that happens once, OK. But if  you’re consistently wrong, there’s risk management there. 

So, yes, I would say that working in risk quantification has helped me take a logical approach to asking, “Is it worth the outcome in doing things a certain way?” But then again, I am also a risk taker. I’ve gone bungee jumping twice, and I would do that again in a heartbeat. I’ve gone skydiving twice. My wife’s like, “You work in risk. Why do you want to do this?” And I’m like, “Well, because it’s fun!”

The post How ThreatConnect’s Senior Solution Architect Puts a Dollar Value on Risk appeared first on ThreatConnect.