One of the earliest realizations I had while working in cybersecurity is how easy it is to get trapped in the loop of ticking off tasks — closing support tickets, finishing extractor builds, or deploying detection rules. For a long time, that’s how I measured productivity: the more tasks completed, the better the team’s performance.
But over the years, as I took on the responsibility of leading detection engineering and professional services, my perspective started shifting. I began asking myself — does simply getting things done automatically translate into impact? The answer, quite frankly, was no.
Lesson 1: Completion Doesn’t Equal Impact
I’ll admit, when I first moved into leadership, my primary focus was on delivery metrics — faster content turnaround, quicker response to service tickets, and meeting deadlines. There’s a certain satisfaction in seeing progress bars move and dashboards light up green.
However, when I looked back at customer feedback or reflected on what truly made a difference, it was rarely the volume of tasks we completed. Customers didn’t care how many extractors we created; what stayed with them were the moments where our work enabled them to detect a threat they would have otherwise missed.
That was my first big lesson — success isn’t measured in counts, but in consequences. It’s about the real-world problems we help solve.
Lesson 2: Context is the Game-Changer
Speed is important in cybersecurity, no doubt about that. Timeliness can often make or break a detection. But somewhere along the way, I learned that context is what truly defines the value of our work.
We shifted our internal approach. Every time a new request came in — whether it was an extractor, a detection rule, or a threat-hunting use case — we started asking the right questions: What specific threat are we solving for? Who benefits from this? What risk does this reduce?
This simple change had a profound effect. Suddenly, our work wasn’t just about delivering content — it was about delivering purposeful content. Every line we wrote, every detection we pushed out, had a reason behind it and we know what it can and cannot detect.
Lesson 3: Celebrate the ‘Why’ Thinkers
Looking back, some of my proudest leadership moments didn’t come from project completions or successful deployments. Instead, they came from seeing my team question the status quo.
It’s when someone on the team paused and asked — “But we are not detecting all the threat patterns for a campaign?” — that I knew we were maturing as a unit.
That mindset is what’s helped our DataOps, Detection Engineering, and Threat Research teams evolve. Not because we churned out more, but because we started focusing on what truly mattered and are aware in terms of what we can and cannot do. Impactful work isn’t about volume — it’s about alignment with the bigger picture.
Final Thoughts: Shifting the Definition of Success
If there’s one thing I’ve learned — and continue to remind myself and my team — it’s that success in cybersecurity isn’t defined by how fast we run. It’s defined by the value we create.
The work we do should leave a lasting impact — by helping customers detect the undetectable, by building content that matters, and by continuously aligning our efforts to the evolving threat landscape.
At the end of the day, our real success lies in moving beyond tasks — and focusing on the impact those tasks create. That’s the mindset shift I’m committed to driving in my team and the way I hope we continue to approach our craft in cybersecurity.