Threat Intelligence
Most threat intelligence sits unread
Most threat intelligence never reaches a detection rule. The cause is structural: a format mismatch between TI delivery and detection workflows.
May 26, 2026
Theo H.
Security Researcher & Systems Thinker
Theo H. focuses on how security operations are evolving as data, automation, and AI reshape the way teams detect and respond to threats. With a background spanning security engineering and platform design, Theo has worked on building and integrating systems that connect telemetry, detection logic, and response workflows across modern security stacks. His work has centered on improving how security teams use data — not just collecting it, but turning it into actionable context for investigations and decisions. He writes about the structural challenges in today’s security operations models, including the limits of traditional SOC architectures, the gap between automation and real-world execution, and the emerging role of AI in augmenting human analysts. His perspective focuses on what is changing — and what isn’t — as organizations attempt to move from tool-driven operations to more adaptive, system-level approaches to security.
Articles
SecOps Leadership & Strategy
What 'CISO' means in 2026, beyond the job description
The CISO title in 2026 covers four distinct jobs: technical security, board risk translation, regulatory compliance, and AI governance.
May 25, 2026
SecOps Leadership & Strategy
What Security Culture Means When You're the One Building It
Security culture is behavior under pressure, not a values doc. Here's how to build it from scratch before it builds itself into something you'll spend years fixing.
May 15, 2026
AI in Security Operations
Alert triage in 2026: what AI actually changes
AI triage is live in production SOCs. Learn which pipeline stages to trust it with, which to keep human-reviewed, and how to catch the new failure modes.
May 13, 2026
Stay sharp on security operations
Practitioner takes on SOC modernization, detection engineering, threat hunting, and more. No fluff. No product pitches.