David Wolf · Portfolio Use Case
Linux Foundation / Cloud Native SecurityCon research on enterprise cloud detections, cloud SOC maturity, ATT&CK-aligned motives, and the growing importance of cloud-native telemetry in SIEM programs.
Presented Cloud Native SecurityCon North America 2023 research with Joshua Smith at Devo, analyzing 2,000 enterprise cloud detections to explain how cloud detections, controls, motives, ATT&CK mapping, and SIEM maturity patterns reveal the changing role of cloud infrastructure and workspaces in modern SOC programs.
Client
Devo
Engagement Type
Full-Time role and conference research
Period
2022–2023
Role
Security Research Engineer - Architecture Innovation / Conference Speaker
Focus Areas
Cloud Native Security, Detection Engineering, Cloud SIEM
The Context
By early 2023, cloud-native security had moved beyond Kubernetes alone. SOCs were increasingly responsible for cloud infrastructure, SaaS workspaces, multi-cloud identity, cloud controls, and telemetry sources that did not fit older SIEM assumptions.
The Challenge
The challenge was to turn a large body of enterprise detection content into a meaningful security story. Raw detection counts alone do not explain maturity. The research needed to connect cloud detection coverage, motive mapping, ATT&CK-style reasoning, SIEM taxonomy, cloud providers, workspaces, and SOC operating patterns into a narrative that practitioners could use.
What I Did
The Outcome
The project created a public research artifact connecting enterprise cloud detection data to cloud SOC maturity, detection taxonomy, and cloud-native security operations. It also established a clear bridge from classic SIEM modernization to David's later AI-augmented detection engineering and multi-agent SOC workflow work.
Conference
Listings identify the talk as Mapping Motives Tells a Story: Analysis of 2,000 Enterprise Cloud Detections by David Wolf and Joshua Smith of Devo
Kubernetes
Podcast from Google recorded David at Cloud Native SecurityCon 2023, where he identified himself as a cybersecurity researcher at Devo Cloud Native SIEM Platform
The
Podcast transcript, David described cloud detections and cloud controls in the SOC as increasingly important and stated that 1 in 4 SOCs had a majority of cloud detections in their SIEM detection stack
Key Deliverables
Collaboration
Co-presented the research with Joshua Smith at Devo and connected architecture innovation, detection engineering, deployment analysis, cloud SIEM taxonomy, and conference storytelling into a public cloud-native security research contribution.
Client
Devo
Engagement Type
Full-Time role and conference research
Period
2022–2023
Role
Security Research Engineer - Architecture Innovation / Conference Speaker
Focus Areas
Cloud Native Security, Detection Engineering, Cloud SIEM
The Context
By early 2023, cloud-native security had moved beyond Kubernetes alone. SOCs were increasingly responsible for cloud infrastructure, SaaS workspaces, multi-cloud identity, cloud controls, and telemetry sources that did not fit older SIEM assumptions.
The Challenge
The challenge was to turn a large body of enterprise detection content into a meaningful security story. Raw detection counts alone do not explain maturity. The research needed to connect cloud detection coverage, motive mapping, ATT&CK-style reasoning, SIEM taxonomy, cloud providers, workspaces, and SOC operating patterns into a narrative that practitioners could use.
What I Did
The Outcome
The project created a public research artifact connecting enterprise cloud detection data to cloud SOC maturity, detection taxonomy, and cloud-native security operations. It also established a clear bridge from classic SIEM modernization to David's later AI-augmented detection engineering and multi-agent SOC workflow work.
Conference
Listings identify the talk as Mapping Motives Tells a Story: Analysis of 2,000 Enterprise Cloud Detections by David Wolf and Joshua Smith of Devo
Kubernetes
Podcast from Google recorded David at Cloud Native SecurityCon 2023, where he identified himself as a cybersecurity researcher at Devo Cloud Native SIEM Platform
The
Podcast transcript, David described cloud detections and cloud controls in the SOC as increasingly important and stated that 1 in 4 SOCs had a majority of cloud detections in their SIEM detection stack
Key Deliverables
Collaboration
Co-presented the research with Joshua Smith at Devo and connected architecture innovation, detection engineering, deployment analysis, cloud SIEM taxonomy, and conference storytelling into a public cloud-native security research contribution.
At a Glance
Focus Areas
Tools & Technologies
Evidence & Artifacts
Public-Safe Caveat
This case study uses public conference, podcast, resume, and LinkedIn/Profile sources for report-level facts and conservative language for the author's contribution. Exact Devo datasets, customer names, proprietary detection logic, internal dashboards, non-public research notes, and unpublished artifacts are omitted unless later confirmed and approved for public use.
David Wolf
AI Security · Product Security · Security Leadership
Based on analyzed public signals, not proof of any individual's or company's internal state.
