arrow-left
All Resources
From Customer to Product Leader: Building the Security Platform I Always Wanted
I’m thrilled to step into the combined role of VP of Product & Security at Panther. It is both exciting and challenging, and deeply aligns with my lifelong passion for solving the toughest problems in security—monitoring systems at scale.
Join me on May 28th for a conversation with Canva's security leader, Paul Clarke, to learn more about my plans and vision for Panther. Register here.
Why Panther?
I first encountered Panther as a customer at Dropbox, where I experienced firsthand how it addressed critical needs that other security monitoring solutions couldn't. From years of incident response, I had learned that time is critical. Panther allowed our team to do near real-time analysis of streaming security data, allowing for faster detection and flexible response activities that enabled us to lower or prevent the impact of incidents. Panther empowered my team to operate with greater agility, precision, and confidence while saving significant budget for other necessary security tools and initiatives.
When I started using Panther, I saw a platform with immense untapped potential—outstanding technology, a uniquely talented team, and a genuinely purposeful mission.
Before Dropbox when I worked at Amazon, I collaborated closely with several of the early Panther team members, which reinforced my appreciation for their integrity, skill, and deep understanding of real-world security challenges. Panther consistently stood out as an underrated underdog, quietly outpacing louder, more heavily marketed competitors. My positive experience as a customer left a lasting impression, ultimately inspiring me to join Panther to help the team fully realize its transformative potential.
From Practitioner to Vendor
Yes, after 15+ years as a security practitioner, I am making a transition from security practitioner to security vendor. Security today, like the past, is still drowning in noise and I have watched resilient individuals and teams go through burnout cycles. Every new tool promises clarity but ends up adding complexity and more distractions. Tools flood people with sometimes thousands of meaningless alerts per day, pulling attention away from genuine threats. Ironically, I’ve seen too many breaches that aren't detected by these expensive platforms—they’re discovered through impacted operations, common point of purchase analysis, trouble tickets from the help desk, phone calls from the Secret Service, or even random Internet forums talking about a problem.
Today, the sad reality is that each new security product frequently adds noise and complexity, and demands constant tuning, maintenance, and operational overhead. Rather than enabling teams to focus on their job of protecting their customers, many tools force practitioners into roles resembling site reliability engineers, buried under layers of alerts. Adding automation or SOAR platforms is often seen as a viable solution, yet this frequently stacks even more complexity and can hide real problems.
Budget pressures and the difficulty of justifying security expenditures when threats are intangible or proactively mitigated compound these challenges. Ironically, most security professionals aspire to escape the relentless operational grind rather than thrive in it.
Additionally, security teams rarely receive recognition for successfully stopping attacks or sacrificing personal time to protect their organizations and customers - which they do daily. Instead, they're typically highlighted only when something inevitably goes wrong. This dynamic creates a deep-seated hesitation among practitioners to disable or sometimes even tune noisy detections. There's always the fear—what if, the one time you turn off that noisy alert, you miss the critical incident? This mindset further entrenches teams in alert fatigue, making them reluctant to streamline their environment, perpetuating the very complexity and noise they seek to eliminate.
What we need are tools that empower practitioners to stay ahead of adversaries and shift the role of alert wrangling toward strategic defense of their organizations and customers--that's why I joined Panther.
Misconceptions About Security Operations
Too many security vendors fundamentally misunderstand daily life in security operations. One misconception is assuming practitioners possess comprehensive expertise in all emerging technologies and technical practices. The reality is far different—practitioners often have broad responsibilities and limited bandwidth to deeply specialize in every new technology. Security teams need tools designed to reduce complexity, streamline workflows, and enhance effectiveness without demanding exhaustive technical expertise or their constant attention.
Another misconception is that practitioners have unlimited hours to meticulously fine-tune detections, craft intricate rules, or configure complicated tools. In practice, most days are consumed by managing chaos, sifting through overwhelming alert noise, and rapidly shifting from task to task, each of which fragments focus, exacerbates stress, and significantly decreases overall productivity. What practitioners genuinely need are systems designed to actively not send noise, surface only items that need action, and continuously learn from the actions taken and improve over time, becoming smarter and more effective the longer they're in operation.
A particularly frustrating reality I encountered repeatedly is the lack of genuine data interoperability. Critical security data often feels trapped within vendor-specific tools that lack robust APIs or accessible, machine-readable formats, forcing analysts into tedious cycles of manual extraction, transformation, and copying and pasting. This painful workflow is frequently the only way practitioners can consolidate data into external systems like case management platforms or even spreadsheets to achieve coherent visibility into incidents, significantly hindering rapid decision-making and effective incident response.
I recall major security incidents where I spent far more time manually exporting data into Excel than conducting meaningful threat analysis or taking decisive response actions. Excel became our primary incident response hub—not by choice, but necessity—highlighting just how fundamentally broken the current security tooling landscape truly is. The reliance on spreadsheets to manage complex scenarios emphasizes an urgent need for a unified, interoperable, and practical security approach, where data is easily and programmatically accessible rather than locked behind proprietary barriers.
My Vision for the Future Panther
My vision for Panther isn't merely to build another SIEM—it's to fundamentally transform how security teams operate and interact. Panther will serve as a powerful, open, and intuitive signals layer, converting in near real-time unstructured logs into structured, actionable insights. Rather than inundating teams with alerts, Panther provides precise, context-rich signals that inform accurate detections and real-time decision-making.
Consider a real-world scenario: Your security team receives an alert suggesting a possible credential compromise. Traditionally, you would spend valuable time manually gathering logs from multiple possibly isolated tools, struggling to correlate data and gain coherent visibility into the incident. This tedious and fragmented process is both error-prone and slow, consuming hours that could otherwise be spent mitigating threats.
As we execute my vision at Panther, this will change dramatically. The moment an alert triggers, Panther's intelligent signals layer will immediately aggregate and enrich all relevant log data. Panther AI will help quickly contextualize the incident, clearly summarizing what happened: identifying affected user accounts, outlining the timeline of suspicious activity, detecting potential lateral movements, pinpointing impacted assets, and presenting you with next steps out of your run book. You receive a concise, actionable summary, not endless alerts. Panther seamlessly integrates these insights directly into your existing workflows and tools via strong APIs, flexible exports, and comprehensive data destinations. Instead of manually piecing together fragmented data, you can instantly understand the full scope and respond decisively.
While we're rapidly evolving towards this comprehensive signals vision, Panther already provides powerful API-driven integrations and strong alert destination flexibility, and we recently introduced Panther AI for rapid incident summaries that significantly streamline incident response workflows.
In this future, security teams won’t merely react to threats; they’ll proactively anticipate and counter them. Panther's structured signals in the future will empower teams to leverage advanced analytics, machine learning, and AI-driven workflows to capture threats earlier. This evolution shifts us from the traditional "logs-to-alerts" paradigm to a far more strategic "logs-to-wisdom" model, providing genuine situational awareness and actionable intelligence.
Panther’s signals approach will empower security professionals to quickly recognize critical patterns, anomalies, and sophisticated attacker techniques, laying a robust foundation for deeper insights and stronger defenses. Security teams will no longer chase false positives or drown in alert fatigue. Instead, they'll operate with clarity, confidence, and precision—responding proactively, reducing burnout, and focusing on higher-value security tasks.
Ultimately, Panther will redefine what security platforms can achieve, delivering an open, flexible, and intelligent solution truly aligned with practitioners' realities. My goal is clear: deliver actionable insights and capabilities that enable human teams to swiftly and effectively outpace adversaries, transforming their roles from operational responders to strategic defenders of their organizations.
At Panther, I finally have the freedom and foundation to build the solution I always envisioned—a product that genuinely makes security teams smarter, faster, and fundamentally better prepared than any attacker.
I am looking forward to closely collaborating with our customers and the broader security community as we transform security operations together.
Register now to join us on May 28th to hear more about my story and my vision for Panther's future.