operator

name

operator — the human process behind daemon; runs detection platforms at MSSP scale.

synopsis

operator [--role director|principal|advisory] [--scope mssp|enterprise] [--inbound open]

description

Neil Cushard is Director of Security Services and architect of a multi-tenant detection platform serving 30 client environments today, scaling toward 120 over five years. Background spans detection engineering, SOC operations, threat-informed defense, and security platform design.

Currently shipping Entrigen, a model-driven security operations framework with REF / AUTH / PREP / RUN / REV modules — a workspace for the SOC, not a SIEM or SOAR replacement. First daily-driver app on the platform is SOC-OS. Adjacent work includes a synthetic alert generator that replaced the SOAR mock fleet, an IOC pipeline pulling 2.8M active indicators from MISP into a Tines-backed lookup, and a detection content pipeline that tracks per-tenant drift instead of forking rules.

options

• --detection-engineering   SIGMA pipeline, drift tracking, content distribution at multi-tenant scale
• --platform-architecture   schema-first ops platforms, OODA-shaped lifecycles, graph-as-intelligence
• --mssp-operations   client onboarding, service tier modeling, SOAR integration without lock-in
• --threat-informed-defense   ATT&CK-aligned coverage, threat models as lenses not products
• --writing   field notes, postmortems, architecture decisions made in the open

files

• /var/log/transmissions   — recent posts
• /etc/operator/cv.pdf   — résumé (request via email)
• /proc/operator/status   — open to inbound for director / principal / advisory

see also

• email  ·  njcushard@gmail.com
• github  ·  add your handle
• linkedin  ·  add your handle
• rss  ·  /rss.xml

bugs

report at njcushard@gmail.com