The Advanced Persistent Talent series profiles ThreatConnect employees and explores how their work impacts products and offerings, how they got here, and their views on the industry at large. Want to know more about a particular team? Let us know!

Angel Salcedo radiates energy even through a computer screen. The warmth in his smile and the confidence in his voice help explain why he thrives as a customer success engineer: he  knows that the work begins with careful, empathetic communication. 

“Customer success is not about knowing all the answers,” Salcedo says. “It’s about starting a dialogue where everyone’s expertise carries equal weight. That’s how you problem-solve in a field that’s always changing.”

“In tech, what was yesterday is not today, and what’s today is not tomorrow,” Salcedo says. “The more we allow that opportunity to be collaborative rather than feeling we have to know it all, the more we can deliver.” Read on to learn how he helps ThreatConnect clients reach their goals.

The following conversation has been edited for clarity and length.

How did you get into threat intelligence?

Angel Salcedo: It’s a funny story. I graduated with my master’s in information technology from Kennesaw State University in 2019. I held a few jobs after graduation before I found myself in a Tier 2 developer role during the pandemic. My interest in technology and systems continued to grow. I found myself constantly asking questions, questioning solutions, and ultimately became curious about other roles in information technology.

I stayed at that company until 2022, when I landed a role as a cybersecurity analyst. I then had the opportunity to coordinate with a recruiter at ThreatConnect. The recruiter I met with was not only welcoming but also made me feel like ThreatConnect could be my place to grow tremendously. My first round interview felt fate-fueled. It was an interview where the interviewer and interviewee just clicked. I answered the questions confidently while expressing my curiosity and desire to grow. It was welcomed, and I was told I would grow tremendously. That is still true to this day. 

What does your role look like day to day?

Threat intel is, in and of itself, a beast with many facets and complexities that can be challenging for our clients to understand when they first work within ThreatConnect. I work as a conduit to successfully deploy automations, develop workflows, and create visualizations that help leadership understand the actions to take to improve their businesses’ security posture. I tackle meetings, work with different organizations and people, and constantly ask, “What are ways we can further mature your cybersecurity program? What’s our next big mountain to climb?”

What is either the most challenging or maybe interesting part of your job?

I like to say I’m a jack-of-all-trades because of the vast number of tools ThreatConnect integrates with. My engineering colleagues and I are like puzzle pieces that come together to form a really great picture. We all bring different skills and different tools that work together to develop a successful threat intelligence program. Not only do I feel like a whiz at ThreatConnect, but, thanks to what my colleagues with expertise in other areas have taught me, I also feel pretty sharp when it comes to different tools that integrate with ThreatConnect. 

How do you set customers up for success with these tools?

It’s about putting your hand out and saying that we’re going to do this together. That’s the beauty of customer success: you’re not alone, and I’m not alone. We’re going to get to the other side together. I love working through that dialogue and letting them know, “Hey, your idea is just as important as my idea, and our ideas together are going to get us where we want to go.” It’s an opportunity for us to learn from each other, and that’s just as important as being the one who knows all the answers, because new things pop up every day. 

In tech, what was yesterday is not today, and what’s today is not tomorrow. The more we allow that opportunity to be collaborative rather than feeling we have to know it all, the more we can deliver.

What’s been the most interesting thing you’ve worked on this past year?

In 2024, ThreatConnect acquired Polarity, so one thing I’ve been able to do is connect that tool to ThreatConnect more cohesively. Previously, Polarity interacted with ThreatConnect to gather intel and present it from Polarity’s perspective. This year, I worked with some of the engineers and developers on the Polarity side to get a successful integration with ThreatConnect underway. Since demonstrating the capability, a few organizations I worked with before the acquisition have told me, “This capability is how I envisioned Polarity being integrated into ThreatConnect from the very beginning!” That’s been a challenge that I have learned tremendously from.

How do you like to spend your time outside of ThreatConnect? 

I love to spend time with my family and friends. I am a community-oriented person. I enjoy bringing great people together. I am also someone who uses a wheelchair. I call it sitting down, and it’s driven me a lot, no pun intended. It’s been really cool to see how that part of my life has provided me with adventurous opportunities. I’m one of the ambassadors for the Kyle Pease Foundation, a really great national organization based here in Georgia. It allows people with disabilities who sit down, like me, to participate in 5K runs, 10Ks, half marathons, and marathons around the country. I completed a half-marathon in two hours and 10 minutes at about 5 a.m. on Thanksgiving Day. I also volunteer and am a member of Phi Beta Sigma Fraternity, Incorporated, so that’s a big part of my life, too. 

The beautiful thing about what my life has taught me is that I’m never afraid of a challenge. I love doing hard stuff, and so it’s brought me to this place of wondering, “What’s the next hard thing I can do, and what’s the next hard thing after that?” My circumstances have definitely made me think outside the box, but they’ve also, in some ways, made me create my own shape, and that’s been a really, really beautiful thing. I don’t know if this is a quote from someone else; I hope it’s just me, but I live by it and think it will guide me for the rest of my life: “See the man before the chair.”

It takes a lot of work to complete a half-marathon. How do you apply that discipline to your job?

I always think that people have a fire inside that burns regardless of their circumstances. I call them “core fires”. If I had everything today and nothing tomorrow, my core fire would still burn. Mine is that I love to help people. I’ve had a really excellent upbringing from people who wanted to help me and who saw beauty in my spirit and my light. I feel like I’m here on purpose. I love to give back; in work, that translates to both creating solutions and authentically engaging with our clients. It’s being able to talk to someone who might need that extra little conversation about how their dog is doing, even if it’s just that small. 

I love that about my job; it’s not just about engineering great things. I love the challenge of that, but more than anything, I really do love to help. This year, two of the organizations I work with reached 100% of their goals, and that really makes me happy. It is our success and hard work that allowed us to achieve 100%. For them to be on the other side and say, “That engineer is doing great things for us.” That is what truly excites me every day at my job.

The post ThreatConnect Customer Success Engineer Angel Salcedo Makes Success a Team Sport appeared first on ThreatConnect.

The hard reality for Managed Security Services Providers (MSSPs) is that customers today expect faster answers, higher visibility into threats, and total confidence that their provider can separate signal from noise. Meanwhile, alert volume continues to surge across SIEM, EDR, XDR, and cloud telemetry while SOC teams remain understaffed and overwhelmed. 

This perfect storm of constraints drives mean time to respond (MTTR) higher, which can erode customer trust, limit scalability, and eat directly into MSSP margins.

The True Cost of High MTTR for MSSPs

When analysts are drowning in alerts, the business impact is immediate:

• Slow triage leads to missed SLA misses and customer dissatisfaction.
• More escalations lead to higher labor hours and reduced margins.
• The economic challenge: you can’t scale headcount linearly with customer growth.

And the data reflects the strain:

• 62% of SOC alerts are disregarded
• 55% of teams have missed critical alerts due to poor prioritization (Mandiant Global Perspectives on Threat Intelligence)
• 97% of analysts worry about missing a relevant security event because it is buried under a flood of alerts

This is not just inefficiency — it’s operational and reputational risk.

Why Traditional Triage Fails: The Context Gap

Triage is a critical function of MSSPs, and is supposed to help analysts quickly evaluate, prioritize, and act on alerts — separating genuine threats from false positives, and determining the appropriate response.

However, if alerts pop up without meaningful intelligence or context, analysts are left with a noisy signal, lacking actor info, TTPs, or historical sightings. Analysts must jump between tools, browsers, APIs, and spreadsheets just to understand what they’re looking at. Tool sprawl forces constant context switching and rework. Even a few extra minutes per alert, multiplied across thousands of alerts, creates massive operational drag.

This leads to:

• Disorganized enrichment
• Inconsistent outcomes
• Burnout
• False positives piling up
• Customers questioning the value of the service

The root problem: alerts don’t come with enough intelligence to support fast, defensible decisions.

The Missing Link: Threat-Informed Response

Threat-informed response embeds intelligence directly into the alert workflow, so analysts don’t have to hunt for answers. No guesswork. No tab sprawl. No manual lookup. The right intel appears exactly when and where analysts need it.

With threat-informed response, MSSPs can:

• Accelerates triage decisions
• Improves accuracy
• Reduces escalations
• Standardizes how analysts evaluate alerts
• Instantly raises the performance of junior analysts

Threat-informed response turns raw alerts into actionable intelligence.

How ThreatConnect Operationalizes Threat-Informed Response

ThreatConnect delivers real-time enrichment directly into the tools analysts already use. As soon as an alert fires, analysts can instantly see:

• Associated threat actors
• Relevant TTPs
• Whether it’s been seen in the customer environment
• Whether it’s been observed across ThreatConnect’s intelligence community
• Related indicators, attributes, and confidence scores

All without leaving their SIEM, EDR, ticketing system, or email. Unlike traditional TI portals — which require slow, repetitive manual lookup — ThreatConnect brings intelligence to the alert.

The result is consistent, defensible triage every time. Analysts not only see that something is risky — they understand why.

How Threat-Informed Response Becomes a Profit Multiplier for MSSPs

Before Threat-Informed Response
Alerts wait in the queue for enrichment. Senior analysts are pulled into escalations. MTTR inflates and false positives waste cycles. SLA misses increase eroding customer trust.

After Threat-Informed Response with ThreatConnect
Analysts make first-touch triage decisions in seconds, not minutes. Fewer alerts escalate to costly Tier 2 and Tier 3. MTTR drops across the board and false positives get closed rapidly. True threats get flagged faster giving customers clearer, more trustworthy answers.

The Impact On Your Bottom Line

Faster triage not only protects MSSP margins  — it improves them. 

Lower unplanned labor hours, less analyst burnout and turnover, and improved SLA performance reduce churn and allow MSSPs to scale customers without linear headcount growth.

• Reduces the cost to respond to every alert. Real-time context eliminates unnecessary analysis cycles, so analysts focus on threats that actually matter.
• Improves SLA performance and compliance. Lower MTTR boosts SLA reliability. Reporting becomes more robust and defensible.
• Delivers clear, contextual answers that customers understand. Analysts can explain “what’s happening” without diving into technical jargon. Customers feel protected, and they see clear value.
• Improves retention and opens doors to higher-margin services. Threat-informed response becomes a differentiator. Enables upsell opportunities (threat hunting, premium tiers, custom intel feeds). Customers stay longer and spend more.

Threat-informed response becomes both an operational advantage and a revenue driver.

The Future of MSSP Operations: Threat-Informed Response as a Competitive Advantage

Threat intel is no longer optional — it’s an operational requirement. Customers are increasingly choosing MSSPs based on their ability to respond quickly and confidently.

MSSPs who adopt threat-informed response gain a defensible, performance-based edge. Those who don’t will struggle to keep pace as threats grow in sophistication.

Why ThreatConnect Is Positioned as the Future Standard

ThreatConnect is purpose-built for MSSPs, offering:

• Embedded intelligence where analysts work
• Unified view across tools
• Adaptive, continuously evolving intelligence engine
• Designed for repeatable, scalable service delivery 

ThreatConnect turns intelligence into action — instantly.

Slash MTTR and Boost MSSP Margins with ThreatConnect

MSSPs won’t win by throwing more bodies at the alert problem. They’ll win by empowering analysts with better context.

Threat-informed responses transform alert overload into a high-confidence, scalable workflow. ThreatConnect is the engine that makes it possible. 

With ThreatConnect, MSSPs can:

• Slash MTTR
• Reduce operational costs
• Strengthen customer trust
• Drive higher margins
• And scale without burnout

Learn more about how ThreatConnect’s threat-informed response can slash MTTR and improve margins for MSSPs. 

The post How Threat-Informed Response Slashes MTTR and Boosts MSSP Margins appeared first on ThreatConnect.

The Advanced Persistent Talent series profiles ThreatConnect employees and explores how their work impacts products and offerings, how they got here, and their views on the industry at large. Want to know more about a particular team? Let us know!

How does a biochemistry diplomate wind up working in cybersecurity? For ThreatConnect Senior Security Engineer Matt Brash, it was all about being in the right place, and talking to the right person, at the right time. 

Brash had been working part-time in a suit shop after graduating from university as he planned his next moves when he met a customer who worked in cybersecurity. While he sold the man on the suit, the client sold him on the field. “It was really that one conversation in a suit shop that sort of shaped my career,” he says. It’s turned out to be a perfect fit. 

Analytical by nature, Brash relishes the problem-solving that goes into his work as a security engineer, taking complex problems and transforming them into an actionable game plan. “The intelligence problems that our customers have can often feel overwhelming to them,” Brash says, “and sometimes they need guidance in taking that big problem and breaking it down into small, tangible improvements that we can add over time.” 

That, for Brash, is the most rewarding part of the job — “when you can step back and actually see that a team is working more efficiently and leveraging the data we provide in a meaningful way.” Here’s how he gets it done.

The following conversation has been edited for clarity and length.

What does your job at ThreatConnect entail on a day-to-day basis?

Matt Brash: My job is to help understand customers’ technical needs when it comes to using threat intelligence data, and to then turn those needs into real-world capabilities in our platform. 

ThreatConnect is an automation platform that centralizes lots of different intelligence data into one place, so I help customers understand what types of intelligence they can access and what formats that data is available in. Then, the question becomes, “What do we do with the data?” And that’s about understanding who is going to be able to make decisions based upon that intelligence, so we dig into specific pain points within the rest of the security team to understand how they can use curated intelligence to work more efficiently.

Which side of that equation would you say is more challenging?

Definitely the latter. I think threat intelligence teams sometimes struggle to justify their value. They provide huge value to security organizations, but it’s not always easily quantifiable. We help customers capture key metrics to demonstrate the performance improvement that intelligence provides.

I also find that intelligence teams are often positioned as sort of a side team for the rest of the security, whereas at ThreatConnect, we’re trying to empower them to feel that actually, no, intelligence is really the heart and knowledge base that should inform all of the security teams. That’s the mentality change we’re trying to drive.

What excites you most about this work?

It sounds really cliche, but it’s probably solving complex problems — being able to tangibly see that we’ve improved a customer’s business processes through automation, or by making data more accessible to the right security stakeholders. That’s really the most enjoyable part of the job, when you can step back and actually see that a team is working more efficiently and leveraging the data we provide in a meaningful way.

What’s the most interesting challenge you’ve worked on this year?

The one that stood out for me was helping an organization really operationalize their data. We work with lots of clients from different industries, and a lot of the time, it’s not a data problem. They already have access to lots of threat intelligence data, but they don’t, perhaps, know how to prioritize what is relevant to them and then automate feeding this data into their existing processes. 

That’s really the type of problem I like to solve, because cyber as an industry has a big burnout problem. Most security teams we speak to say, “We have too many alerts. We’re always working outside of our normal working hours.” If we can help those analysts work more efficiently, they’re going to get greater job satisfaction.

How has cybersecurity changed in the time you’ve worked in this space?

AI has completely flipped the narrative for most organizations in the last 18 months. For example, it’s being used to produce deepfakes, so organizations can no longer trust who they are potentially communicating with. Malware engineers are also using AI to constantly produce new strains of malware. Just like adversaries use AI to target us, we need to know how to use AI to better detect these things. 

At the same time, every organization in the world is adopting AI in their main technologies. Whether you work in marketing, sales, or HR, you’re probably using a product today that has some underlying generative or agentic AI capabilities. So the question is, how are we going to make sure that the models that underline those systems can’t be tampered with by adversaries? All of this, I think, is the new frontier of cyber war.

How do you like to spend your time outside of work?

I made a big lifestyle move a few years ago. I’ve been a West Londoner most of my life; I was born in West London and always sort of stayed around the area, but my wife and I moved to a farm in the west of Ireland three years ago.  I really like the outdoors. I love treks. I love cold water swims and go swimming all year round — December, January, February. I love just being out in the water. 

Golf is my other passion. I’m very bad at it; I don’t have a good handicap, but still, I think golf is a good way of mentally unwinding, especially when you’re in a high-stress job like we are. You’re always on when you work in a sales engineering role, always thinking about, “How can I improve this for a customer?” When I’m golfing, I can just completely switch off.

Cold water swimming sounds like a mental challenge as well as a physical one. What makes it rewarding for you?

My sales guys and I have a sort of inside joke about winners’ mentality: you’ve got to push through pain to get what you want in life. Maybe it’s got a little bit to do with that. If you can master your reaction to cold water, you come out, and you feel very relaxed. It’s almost like you pushed yourself through an endurance test, and whenever you actually go through that barrier, you feel like you’ve achieved something.

The post How ThreatConnect Senior Security Engineer Matt Brash Rescues SOC Teams from Burnout appeared first on ThreatConnect.

A smarter, faster way for security teams to share context, reduce friction, and accelerate action.

Security teams are drowning in alerts, overwhelmed by disconnected tools, and constantly scrambling to get the right information to the right people. Incident response, threat intel, vulnerability management, procurement, and HR all work in different tools — often with zero shared context — creating blind spots and friction that directly impact risk.

RFIs (Requests for Information) are supposed to bridge those gaps, but traditional methods through email threads, DMs, tickets, and manual hand-offs lead to more task switching, duplicate work, and delayed decisions.

• 84% of analysts worry about missing threats in oceans of data, according to Crowdstrike Global Security Attitude Survey. 
• 70% say alert volume hurts their personal well-being, according to CISO Magazine. 
• 55% of teams miss critical alerts due to ineffective prioritization, according to Mandiant Global Perspectives on Threat Intelligence. 

There has never been a greater need for security collaboration that’s fast, contextual, and frictionless.

Polarity by ThreatConnect delivers a unified search, enrichment, and collaboration layer that sits on top of your entire security stack. Now, with RFI integration, collaboration happens instantly, in-context, and without friction.

Breaking Down Knowledge Silos

Polarity overlays real-time context, threat intel, and AI summaries into any tool — no integrations required. Instead of hunting through different consoles, portals, and documents, Polarity delivers a unified search and enrichment layer that sits on top of your security stack. So when you need to ask for more intel, flag an IOC, validate a vendor, or check the status of a CVE, you can do it instantly, without leaving the workflow you’re in.

This is the power of Polarity — and the RFI integration brings collaboration directly into that overlay.

What Makes Polarity Different

Most tools promise “better visibility.” Polarity delivers something deeper: real-time context wherever you work. Polarity overlays intelligence into any tool. From browsers to SIEMs to ticketing systems, Polarity functions like Ctrl+F for your entire security stack, but with more precision and intelligence. 

Core Capabilities

• Computer vision: Optical Character Recognition (OCR) recognizes indicators and keywords in any window — no API, no setup.
• Federated search across 150+ tools: Highlight any text and instantly see related context from across your environment.
• AI summaries and enrichment scoring: Polarity Assistant — powered by Azure OpenAI — explains threats, identifies priorities, and suggests next steps.
• One-click actions: Share intel, annotate findings, or trigger workflows right from the overlay.

Proven Impact

• Investigation time reduced by 300%.
• One customer cut IR time from 7 hours to 37 minutes.
• Significant decreases in false positives and alert fatigue.

Polarity doesn’t require integration. It simply sees what’s on your screen and gives you the intelligence you need — wherever you are.

Introducing the RFI Integration: Collaboration Without Friction

RFIs are the connective tissue between teams — intel, IR, vulnerability management, procurement, HR, legal, and more. But traditionally, RFIs are slow and manual. Analysts must pause their investigation, switch tools, gather context, write out detailed requests, and hope they reach the right team.

With Polarity’s RFI integration, users can: 

• Send an RFI from any screen — highlight text, right-click, or use the Polarity overlay.
• Configure what the UI looks like — dropdown menus, buttons, or even a fully invisible workflow.
• Route RFIs however you want — email, Jira, ServiceNow, or custom workflows.
• Customize submission flows per use case — intel requests, CVE validation, vendor checks, HR inquiries, etc.
• Layer in AI automation — generate tasks, run scans, summarize intel, or gather data automatically.

RFIs transform from manual overhead to a single effortless action performed in-context.

Real-World Use Cases Across Security and Operations

This integration isn’t just a nice-to-have. It solves real workflow challenges for key security roles — from threat intel to incident response.

Threat Intel Collaboration

Scenario: Analyst highlights an IP address or threat actor name.

What happens next:

• Polarity auto-enriches it with context from ThreatConnect and 150+ other sources.
• Analyst sends an RFI to CTI with one click.
• CTI can respond instantly — no email threads, no lost context, no copy/paste.

Value: More accurate intelligence, faster cross-team coordination, zero workflow disruption.

Vulnerability Management

Scenario: A vulnerability assessor spots a new CVE (common vulnerability and exposure).

What Polarity does automatically:

• Surfaces exploit status, enrichment scoring, and CAL context.
• One-click RFI triggers a scan across the environment or kicks off the VM workflow.
• Automatically routes to Jira/ServiceNow with all fields pre-populated.

Value: Faster patching, better prioritization, immediate alignment between vuln, IR, and IT teams.

Incident Response

Scenario: Responder sees an unfamiliar IOC (Indicator of Compromise) in an alert.

Polarity instantly:

• Enriches the IOC inline using AI summarization.
• Suggests risk score and next steps.
• RFI sends a request to IR leadership or CTI for validation or escalation.

Value: Moves teams from “alert” to “decision” significantly faster.

Procurement & Vendor Assessment

Scenario: Analyst, HR, or legal sees a vendor mentioned in an audit or incident.

Polarity enables:

• Highlight vendor name → send RFI → procurement validates license, relationship, or past issues.
• Documentation is automatically created and trackable across teams.

Value: Cross-functional clarity without time lost to email chains.

Why This Matters: Collaboration That Sticks

Collaboration often fails because the friction outweighs the value. Switching tools, writing long summaries, re-entering data, or tracking down the right person require too much effort to be worthwhile.

Polarity removes each of these barriers with:

• Inline, context-aware actions.
• Instant enrichment and federated search.
• Auto-routing to the right workflow.
• AI assistance that reduces repetitive work.
• Zero duplicate effort across teams.

The result: collaboration becomes effortless — reducing alert fatigue by filtering low-priority events using enrichment scoring. When collaboration is easy, teams are more likely to engage with each other efficiently and effectively. 

Getting Started with Polarity

Polarity by ThreatConnect is easy to deploy and adopt — providing instant value: 

• Works across 100% of tools on Windows, Mac, and Linux.
• Connects to 150+ data sources.
• Cloud or on-prem deployment.
• Out-of-the-box email support.
• Optional ticketing integrations.
• Day-one value with AI-assisted context and RFI workflows.

Ready to see it in action? Book a demo.

The post Empower Seamless Collaboration with Polarity’s RFI Integration appeared first on ThreatConnect.

The Advanced Persistent Talent series profiles ThreatConnect employees and explores how their work impacts products and offerings, how they got here, and their views on the industry at large. Want to know more about a particular team? Let us know!

When you work in risk quantification, you face two main challenges: helping clients understand the value of what you do, and then helping them implement it. But after working in risk quantification since 2016, with another 10 years of experience in risk management, ThreatConnect’s Senior Solution Architect Tim Wynkoop has become an expert at both.  

Risk quantification can provide actionable data that enables decision-makers to prioritize better and act faster, but only with the right strategy. According to Wynkoop, the key is to know what you need to measure and what you don’t. Without that discernment, he says, “You’re trying to boil the ocean.”

Outside of work, Wynkoop enjoys traveling and putting his strategic mind to use while playing board games. Surprisingly, his favorite is not Risk. Read on to learn how he protects clients even while working from halfway around the world.

The following conversation has been edited for clarity and length.

How did you get into threat intelligence and risk quantification? 

Tim Wynkoop: I’ve been in risk management since about 2006 and worked in a variety of different roles, mostly in the banking world and the financial sector. I’ve held operational risk roles, as well as business continuity and disaster recovery positions. In 2016, I transitioned into risk quantification, leveraging the FAIR model at a predecessor to ThreatConnect. Then, I helped a customer build a risk management program before ultimately coming here.

How did that journey shape how you approach what you do?

There was a little bit of an awakening. Throughout that process, I was using subjective risk measurements like “inherent” versus “likely.” That’s where risk quantification came into play. 

Really, risk quantification is a decision enablement tool. The whole crux of risk quantification is that it should enable me to make better decisions, whatever that decision is: Should I invest in this control? Should I patch this vulnerability versus that vulnerability? Should I invest in these other things? What should I do about this? Is this an acceptable amount of risk to my organization? 

With risk quantification, I’m actually able to say, “Look, if this is the bad thing that you’re worried about happening, here’s how much it’s going to cost you.”

What does your role look like at ThreatConnect?

Officially, I help on the pre-sales side, where I give demos, help people figure out what their problems are, and explain, “Why is risk quantification better than what you do?” However, given my background, I also help out with customer success on the post-sales side. 

A lot of the time, when people get into risk quantification, they want to measure everything. And yes, you can do that, but you’re trying to boil the ocean. You’re trying to do too much, too fast. So when someone does become a customer, I help them identify, “What are you all trying to do? How can we help you get there and also get value out of the platform?”

What, to you, is the top benefit of risk quantification?

Honestly, it goes back to that ability to make an informed decision that’s defensible. If you’re going to go to an executive, or your board, or whoever owns the money organization, and say, “I need $10 million to fix these problems that we’re going to have,” it’s not enough to say, “because I said so.” It makes a difference to actually be able to say, “Look, I need $10 million because it’s going to reduce our risk by $20 million.”

How do you assign a dollar value to a risk?

To quantify risk, you basically need to ask a couple of questions: first, what problem are you trying to solve, and second, what’s the bad thing you’re worried about happening? 

If you’re able to say, “This is the bad thing I’m worried about happening” — meaning, somebody doing something bad to a thing of value  — then the last question is, what are you doing to protect yourself from that? So let’s say you’re trying to protect valuables inside your house. If you’re living in a high-crime neighborhood, are you leaving your door unlocked? 

That’s basically what risk quantification is. It’s saying, “When this bad thing happens, what’s the impact on me if this bad thing were to happen?”

How do you spend your time outside of ThreatConnect?  

My wife is a pediatric ICU doctor and a malaria researcher, so we spend six months out of the year in Africa. I can still work there, but that’s an interesting thing. I enjoy traveling — being able to visit new places and try new things. And then, we have a ten-month-old, so that’s a whole interesting new adventure.

But other than that, I’m a quasi nerd. I’m not as nerdy as other people, but I enjoy playing board games and things like that.

What is your favorite board game? The obvious choice here would be Risk!

Surprisingly, not Risk. I would say, like, Settlers of Catan or Ticket to Ride — those types of strategic games.

And how do you balance working while traveling abroad in a different time zone?

Ultimately, I adjust my schedule. I still basically stay on Eastern hours. Because of my role, I support global, so I don’t usually start my day until the afternoon over there, because it’s six or seven hours ahead, but it’s also more convenient for me to work with some of our international clients because of the time difference.

Have you traveled since welcoming your little one?  

We went last year. That was a little bit more challenging, because she was only three months old at the time. We had somebody who would help watch her a couple of days before that time, and then my wife and I would just switch off, but she didn’t want anybody other than us. It was only for a month, so it wasn’t too bad. We’re hoping that this time around, she’ll be more open to having other people hang out with her.

Does working in risk quantification and risk management shape your approach to problem-solving and prioritization in everyday life? 

I would say yes, mainly because everybody deals with risk. For example, if you’re married, you’re taking a risk telling your spouse that you’re going to be home at 6:00 if you won’t get home until 6:30. If that happens once, OK. But if  you’re consistently wrong, there’s risk management there. 

So, yes, I would say that working in risk quantification has helped me take a logical approach to asking, “Is it worth the outcome in doing things a certain way?” But then again, I am also a risk taker. I’ve gone bungee jumping twice, and I would do that again in a heartbeat. I’ve gone skydiving twice. My wife’s like, “You work in risk. Why do you want to do this?” And I’m like, “Well, because it’s fun!”

The post How ThreatConnect’s Senior Solution Architect Puts a Dollar Value on Risk appeared first on ThreatConnect.