The Advanced Persistent Talent series profiles ThreatConnect employees and explores how their work impacts products and offerings, how they got here, and their views on the industry at large. Want to know more about a particular team? Let us know!

Angel Salcedo radiates energy even through a computer screen. The warmth in his smile and the confidence in his voice help explain why he thrives as a customer success engineer: he  knows that the work begins with careful, empathetic communication. 

“Customer success is not about knowing all the answers,” Salcedo says. “It’s about starting a dialogue where everyone’s expertise carries equal weight. That’s how you problem-solve in a field that’s always changing.”

“In tech, what was yesterday is not today, and what’s today is not tomorrow,” Salcedo says. “The more we allow that opportunity to be collaborative rather than feeling we have to know it all, the more we can deliver.” Read on to learn how he helps ThreatConnect clients reach their goals.

The following conversation has been edited for clarity and length.

How did you get into threat intelligence?

Angel Salcedo: It’s a funny story. I graduated with my master’s in information technology from Kennesaw State University in 2019. I held a few jobs after graduation before I found myself in a Tier 2 developer role during the pandemic. My interest in technology and systems continued to grow. I found myself constantly asking questions, questioning solutions, and ultimately became curious about other roles in information technology.

I stayed at that company until 2022, when I landed a role as a cybersecurity analyst. I then had the opportunity to coordinate with a recruiter at ThreatConnect. The recruiter I met with was not only welcoming but also made me feel like ThreatConnect could be my place to grow tremendously. My first round interview felt fate-fueled. It was an interview where the interviewer and interviewee just clicked. I answered the questions confidently while expressing my curiosity and desire to grow. It was welcomed, and I was told I would grow tremendously. That is still true to this day. 

What does your role look like day to day?

Threat intel is, in and of itself, a beast with many facets and complexities that can be challenging for our clients to understand when they first work within ThreatConnect. I work as a conduit to successfully deploy automations, develop workflows, and create visualizations that help leadership understand the actions to take to improve their businesses’ security posture. I tackle meetings, work with different organizations and people, and constantly ask, “What are ways we can further mature your cybersecurity program? What’s our next big mountain to climb?”

What is either the most challenging or maybe interesting part of your job?

I like to say I’m a jack-of-all-trades because of the vast number of tools ThreatConnect integrates with. My engineering colleagues and I are like puzzle pieces that come together to form a really great picture. We all bring different skills and different tools that work together to develop a successful threat intelligence program. Not only do I feel like a whiz at ThreatConnect, but, thanks to what my colleagues with expertise in other areas have taught me, I also feel pretty sharp when it comes to different tools that integrate with ThreatConnect. 

How do you set customers up for success with these tools?

It’s about putting your hand out and saying that we’re going to do this together. That’s the beauty of customer success: you’re not alone, and I’m not alone. We’re going to get to the other side together. I love working through that dialogue and letting them know, “Hey, your idea is just as important as my idea, and our ideas together are going to get us where we want to go.” It’s an opportunity for us to learn from each other, and that’s just as important as being the one who knows all the answers, because new things pop up every day. 

In tech, what was yesterday is not today, and what’s today is not tomorrow. The more we allow that opportunity to be collaborative rather than feeling we have to know it all, the more we can deliver.

What’s been the most interesting thing you’ve worked on this past year?

In 2024, ThreatConnect acquired Polarity, so one thing I’ve been able to do is connect that tool to ThreatConnect more cohesively. Previously, Polarity interacted with ThreatConnect to gather intel and present it from Polarity’s perspective. This year, I worked with some of the engineers and developers on the Polarity side to get a successful integration with ThreatConnect underway. Since demonstrating the capability, a few organizations I worked with before the acquisition have told me, “This capability is how I envisioned Polarity being integrated into ThreatConnect from the very beginning!” That’s been a challenge that I have learned tremendously from.

How do you like to spend your time outside of ThreatConnect? 

I love to spend time with my family and friends. I am a community-oriented person. I enjoy bringing great people together. I am also someone who uses a wheelchair. I call it sitting down, and it’s driven me a lot, no pun intended. It’s been really cool to see how that part of my life has provided me with adventurous opportunities. I’m one of the ambassadors for the Kyle Pease Foundation, a really great national organization based here in Georgia. It allows people with disabilities who sit down, like me, to participate in 5K runs, 10Ks, half marathons, and marathons around the country. I completed a half-marathon in two hours and 10 minutes at about 5 a.m. on Thanksgiving Day. I also volunteer and am a member of Phi Beta Sigma Fraternity, Incorporated, so that’s a big part of my life, too. 

The beautiful thing about what my life has taught me is that I’m never afraid of a challenge. I love doing hard stuff, and so it’s brought me to this place of wondering, “What’s the next hard thing I can do, and what’s the next hard thing after that?” My circumstances have definitely made me think outside the box, but they’ve also, in some ways, made me create my own shape, and that’s been a really, really beautiful thing. I don’t know if this is a quote from someone else; I hope it’s just me, but I live by it and think it will guide me for the rest of my life: “See the man before the chair.”

It takes a lot of work to complete a half-marathon. How do you apply that discipline to your job?

I always think that people have a fire inside that burns regardless of their circumstances. I call them “core fires”. If I had everything today and nothing tomorrow, my core fire would still burn. Mine is that I love to help people. I’ve had a really excellent upbringing from people who wanted to help me and who saw beauty in my spirit and my light. I feel like I’m here on purpose. I love to give back; in work, that translates to both creating solutions and authentically engaging with our clients. It’s being able to talk to someone who might need that extra little conversation about how their dog is doing, even if it’s just that small. 

I love that about my job; it’s not just about engineering great things. I love the challenge of that, but more than anything, I really do love to help. This year, two of the organizations I work with reached 100% of their goals, and that really makes me happy. It is our success and hard work that allowed us to achieve 100%. For them to be on the other side and say, “That engineer is doing great things for us.” That is what truly excites me every day at my job.

The post ThreatConnect Customer Success Engineer Angel Salcedo Makes Success a Team Sport appeared first on ThreatConnect.

The Advanced Persistent Talent series profiles ThreatConnect employees and explores how their work impacts products and offerings, how they got here, and their views on the industry at large. Want to know more about a particular team? Let us know!

How does a biochemistry diplomate wind up working in cybersecurity? For ThreatConnect Senior Security Engineer Matt Brash, it was all about being in the right place, and talking to the right person, at the right time. 

Brash had been working part-time in a suit shop after graduating from university as he planned his next moves when he met a customer who worked in cybersecurity. While he sold the man on the suit, the client sold him on the field. “It was really that one conversation in a suit shop that sort of shaped my career,” he says. It’s turned out to be a perfect fit. 

Analytical by nature, Brash relishes the problem-solving that goes into his work as a security engineer, taking complex problems and transforming them into an actionable game plan. “The intelligence problems that our customers have can often feel overwhelming to them,” Brash says, “and sometimes they need guidance in taking that big problem and breaking it down into small, tangible improvements that we can add over time.” 

That, for Brash, is the most rewarding part of the job — “when you can step back and actually see that a team is working more efficiently and leveraging the data we provide in a meaningful way.” Here’s how he gets it done.

The following conversation has been edited for clarity and length.

What does your job at ThreatConnect entail on a day-to-day basis?

Matt Brash: My job is to help understand customers’ technical needs when it comes to using threat intelligence data, and to then turn those needs into real-world capabilities in our platform. 

ThreatConnect is an automation platform that centralizes lots of different intelligence data into one place, so I help customers understand what types of intelligence they can access and what formats that data is available in. Then, the question becomes, “What do we do with the data?” And that’s about understanding who is going to be able to make decisions based upon that intelligence, so we dig into specific pain points within the rest of the security team to understand how they can use curated intelligence to work more efficiently.

Which side of that equation would you say is more challenging?

Definitely the latter. I think threat intelligence teams sometimes struggle to justify their value. They provide huge value to security organizations, but it’s not always easily quantifiable. We help customers capture key metrics to demonstrate the performance improvement that intelligence provides.

I also find that intelligence teams are often positioned as sort of a side team for the rest of the security, whereas at ThreatConnect, we’re trying to empower them to feel that actually, no, intelligence is really the heart and knowledge base that should inform all of the security teams. That’s the mentality change we’re trying to drive.

What excites you most about this work?

It sounds really cliche, but it’s probably solving complex problems — being able to tangibly see that we’ve improved a customer’s business processes through automation, or by making data more accessible to the right security stakeholders. That’s really the most enjoyable part of the job, when you can step back and actually see that a team is working more efficiently and leveraging the data we provide in a meaningful way.

What’s the most interesting challenge you’ve worked on this year?

The one that stood out for me was helping an organization really operationalize their data. We work with lots of clients from different industries, and a lot of the time, it’s not a data problem. They already have access to lots of threat intelligence data, but they don’t, perhaps, know how to prioritize what is relevant to them and then automate feeding this data into their existing processes. 

That’s really the type of problem I like to solve, because cyber as an industry has a big burnout problem. Most security teams we speak to say, “We have too many alerts. We’re always working outside of our normal working hours.” If we can help those analysts work more efficiently, they’re going to get greater job satisfaction.

How has cybersecurity changed in the time you’ve worked in this space?

AI has completely flipped the narrative for most organizations in the last 18 months. For example, it’s being used to produce deepfakes, so organizations can no longer trust who they are potentially communicating with. Malware engineers are also using AI to constantly produce new strains of malware. Just like adversaries use AI to target us, we need to know how to use AI to better detect these things. 

At the same time, every organization in the world is adopting AI in their main technologies. Whether you work in marketing, sales, or HR, you’re probably using a product today that has some underlying generative or agentic AI capabilities. So the question is, how are we going to make sure that the models that underline those systems can’t be tampered with by adversaries? All of this, I think, is the new frontier of cyber war.

How do you like to spend your time outside of work?

I made a big lifestyle move a few years ago. I’ve been a West Londoner most of my life; I was born in West London and always sort of stayed around the area, but my wife and I moved to a farm in the west of Ireland three years ago.  I really like the outdoors. I love treks. I love cold water swims and go swimming all year round — December, January, February. I love just being out in the water. 

Golf is my other passion. I’m very bad at it; I don’t have a good handicap, but still, I think golf is a good way of mentally unwinding, especially when you’re in a high-stress job like we are. You’re always on when you work in a sales engineering role, always thinking about, “How can I improve this for a customer?” When I’m golfing, I can just completely switch off.

Cold water swimming sounds like a mental challenge as well as a physical one. What makes it rewarding for you?

My sales guys and I have a sort of inside joke about winners’ mentality: you’ve got to push through pain to get what you want in life. Maybe it’s got a little bit to do with that. If you can master your reaction to cold water, you come out, and you feel very relaxed. It’s almost like you pushed yourself through an endurance test, and whenever you actually go through that barrier, you feel like you’ve achieved something.

The post How ThreatConnect Senior Security Engineer Matt Brash Rescues SOC Teams from Burnout appeared first on ThreatConnect.

The Advanced Persistent Talent series profiles ThreatConnect employees and explores how their work impacts products and offerings, how they got here, and their views on the industry at large. Want to know more about a particular team? Let us know!

When you work in risk quantification, you face two main challenges: helping clients understand the value of what you do, and then helping them implement it. But after working in risk quantification since 2016, with another 10 years of experience in risk management, ThreatConnect’s Senior Solution Architect Tim Wynkoop has become an expert at both.  

Risk quantification can provide actionable data that enables decision-makers to prioritize better and act faster, but only with the right strategy. According to Wynkoop, the key is to know what you need to measure and what you don’t. Without that discernment, he says, “You’re trying to boil the ocean.”

Outside of work, Wynkoop enjoys traveling and putting his strategic mind to use while playing board games. Surprisingly, his favorite is not Risk. Read on to learn how he protects clients even while working from halfway around the world.

The following conversation has been edited for clarity and length.

How did you get into threat intelligence and risk quantification? 

Tim Wynkoop: I’ve been in risk management since about 2006 and worked in a variety of different roles, mostly in the banking world and the financial sector. I’ve held operational risk roles, as well as business continuity and disaster recovery positions. In 2016, I transitioned into risk quantification, leveraging the FAIR model at a predecessor to ThreatConnect. Then, I helped a customer build a risk management program before ultimately coming here.

How did that journey shape how you approach what you do?

There was a little bit of an awakening. Throughout that process, I was using subjective risk measurements like “inherent” versus “likely.” That’s where risk quantification came into play. 

Really, risk quantification is a decision enablement tool. The whole crux of risk quantification is that it should enable me to make better decisions, whatever that decision is: Should I invest in this control? Should I patch this vulnerability versus that vulnerability? Should I invest in these other things? What should I do about this? Is this an acceptable amount of risk to my organization? 

With risk quantification, I’m actually able to say, “Look, if this is the bad thing that you’re worried about happening, here’s how much it’s going to cost you.”

What does your role look like at ThreatConnect?

Officially, I help on the pre-sales side, where I give demos, help people figure out what their problems are, and explain, “Why is risk quantification better than what you do?” However, given my background, I also help out with customer success on the post-sales side. 

A lot of the time, when people get into risk quantification, they want to measure everything. And yes, you can do that, but you’re trying to boil the ocean. You’re trying to do too much, too fast. So when someone does become a customer, I help them identify, “What are you all trying to do? How can we help you get there and also get value out of the platform?”

What, to you, is the top benefit of risk quantification?

Honestly, it goes back to that ability to make an informed decision that’s defensible. If you’re going to go to an executive, or your board, or whoever owns the money organization, and say, “I need $10 million to fix these problems that we’re going to have,” it’s not enough to say, “because I said so.” It makes a difference to actually be able to say, “Look, I need $10 million because it’s going to reduce our risk by $20 million.”

How do you assign a dollar value to a risk?

To quantify risk, you basically need to ask a couple of questions: first, what problem are you trying to solve, and second, what’s the bad thing you’re worried about happening? 

If you’re able to say, “This is the bad thing I’m worried about happening” — meaning, somebody doing something bad to a thing of value  — then the last question is, what are you doing to protect yourself from that? So let’s say you’re trying to protect valuables inside your house. If you’re living in a high-crime neighborhood, are you leaving your door unlocked? 

That’s basically what risk quantification is. It’s saying, “When this bad thing happens, what’s the impact on me if this bad thing were to happen?”

How do you spend your time outside of ThreatConnect?  

My wife is a pediatric ICU doctor and a malaria researcher, so we spend six months out of the year in Africa. I can still work there, but that’s an interesting thing. I enjoy traveling — being able to visit new places and try new things. And then, we have a ten-month-old, so that’s a whole interesting new adventure.

But other than that, I’m a quasi nerd. I’m not as nerdy as other people, but I enjoy playing board games and things like that.

What is your favorite board game? The obvious choice here would be Risk!

Surprisingly, not Risk. I would say, like, Settlers of Catan or Ticket to Ride — those types of strategic games.

And how do you balance working while traveling abroad in a different time zone?

Ultimately, I adjust my schedule. I still basically stay on Eastern hours. Because of my role, I support global, so I don’t usually start my day until the afternoon over there, because it’s six or seven hours ahead, but it’s also more convenient for me to work with some of our international clients because of the time difference.

Have you traveled since welcoming your little one?  

We went last year. That was a little bit more challenging, because she was only three months old at the time. We had somebody who would help watch her a couple of days before that time, and then my wife and I would just switch off, but she didn’t want anybody other than us. It was only for a month, so it wasn’t too bad. We’re hoping that this time around, she’ll be more open to having other people hang out with her.

Does working in risk quantification and risk management shape your approach to problem-solving and prioritization in everyday life? 

I would say yes, mainly because everybody deals with risk. For example, if you’re married, you’re taking a risk telling your spouse that you’re going to be home at 6:00 if you won’t get home until 6:30. If that happens once, OK. But if  you’re consistently wrong, there’s risk management there. 

So, yes, I would say that working in risk quantification has helped me take a logical approach to asking, “Is it worth the outcome in doing things a certain way?” But then again, I am also a risk taker. I’ve gone bungee jumping twice, and I would do that again in a heartbeat. I’ve gone skydiving twice. My wife’s like, “You work in risk. Why do you want to do this?” And I’m like, “Well, because it’s fun!”

The post How ThreatConnect’s Senior Solution Architect Puts a Dollar Value on Risk appeared first on ThreatConnect.