David Wolf · Portfolio Use Case
Architecture innovation work redesigning SIEM reference architectures, standardizing detection taxonomy, validating Exchange content, and turning hundreds of enterprise deployments into maturity patterns.
Led and contributed to Devo architecture innovation work focused on SIEM reference architectures, detection taxonomy, Exchange-content validation, enterprise and MSSP deployment analysis, cloud-native detection strategy, migration guidance, and SOC maturity research. The work connected real-world customer deployments to reusable architecture patterns, detection-engineering guidance, and public research accepted at major security conferences.
Client
Devo
Engagement Type
Full-Time research and architecture innovation role
Period
2022–2023
Role
Security Research Engineer - Architecture Innovation
Focus Areas
SIEM Reference Architecture, Detection Taxonomy, Devo Exchange Validation
The Context
SIEM modernization is not just a storage or query problem. Customers need ingestion patterns, normalization, detection taxonomy, validated content, triage workflows, cloud telemetry, and migration guidance that reflect how SOC teams actually operate.
The Challenge
Every enterprise and MSSP deployment carries different telemetry, naming, coverage, maturity, and legacy-SIEM baggage. The challenge was to identify repeatable patterns and turn them into architecture guidance without hiding the complexity that customers face.
What I Did
The Outcome
The project created a bridge between customer deployment reality, product architecture, detection validation, and public security research. It remains one of the clearest examples of David's ability to turn messy operational security data into reusable architecture and market-facing insight.
Hundreds
Of enterprise and MSSP SIEM deployments according to uploaded resume/Profile source material
Source
References analysis of 300 enterprise and MSSP SIEM deployments to identify maturity patterns and turn findings into research accepted at RSA and industry conferences
Source
References analysis of hundreds of customer deployments and research accepted at RSA, Infosecurity Europe, and Cloud Native Security Conference
To
SIEM reference architecture redesign, detection taxonomy standardization, and Devo Exchange detection validation according to uploaded source material
Architecture
Research to public conference work, including CloudNativeSecurityCon 2023 research on 2,000 enterprise cloud detections
Key Deliverables
Collaboration
Worked across architecture innovation, security research, detection engineering, product, customer-facing, and conference-research contexts to turn real deployment patterns into reusable SIEM architecture guidance and public thought leadership.
Client
Devo
Engagement Type
Full-Time research and architecture innovation role
Period
2022–2023
Role
Security Research Engineer - Architecture Innovation
Focus Areas
SIEM Reference Architecture, Detection Taxonomy, Devo Exchange Validation
The Context
SIEM modernization is not just a storage or query problem. Customers need ingestion patterns, normalization, detection taxonomy, validated content, triage workflows, cloud telemetry, and migration guidance that reflect how SOC teams actually operate.
The Challenge
Every enterprise and MSSP deployment carries different telemetry, naming, coverage, maturity, and legacy-SIEM baggage. The challenge was to identify repeatable patterns and turn them into architecture guidance without hiding the complexity that customers face.
What I Did
The Outcome
The project created a bridge between customer deployment reality, product architecture, detection validation, and public security research. It remains one of the clearest examples of David's ability to turn messy operational security data into reusable architecture and market-facing insight.
Hundreds
Of enterprise and MSSP SIEM deployments according to uploaded resume/Profile source material
Source
References analysis of 300 enterprise and MSSP SIEM deployments to identify maturity patterns and turn findings into research accepted at RSA and industry conferences
Source
References analysis of hundreds of customer deployments and research accepted at RSA, Infosecurity Europe, and Cloud Native Security Conference
To
SIEM reference architecture redesign, detection taxonomy standardization, and Devo Exchange detection validation according to uploaded source material
Architecture
Research to public conference work, including CloudNativeSecurityCon 2023 research on 2,000 enterprise cloud detections
Key Deliverables
Collaboration
Worked across architecture innovation, security research, detection engineering, product, customer-facing, and conference-research contexts to turn real deployment patterns into reusable SIEM architecture guidance and public thought leadership.
At a Glance
Focus Areas
Tools & Technologies
Evidence & Artifacts
Public-Safe Caveat
This case study uses uploaded resume/Profile source material and conservative public-safe language. Exact customer names, deployment details, proprietary Devo taxonomy logic, internal dashboards, private Exchange validation notes, non-public research artifacts, and customer-specific findings are omitted unless later confirmed and approved for public use.
David Wolf
AI Security · Product Security · Security Leadership
Based on analyzed public signals, not proof of any individual's or company's internal state.
