Up next for our ‘meet the team’ series we’re talking to Adam!
Having joined when Cybanetix was still quite small Adam has grown with the business, taking on whatever was asked of him and supporting the SOC to grow to the level is has now. We spent the afternoon having a conversation about exactly what that looks like for him and what’s coming next.
🤝 What first got you interested in the cybersecurity industry?
Probably my dad, if I’m honest. He was an R&D electronics engineer for most of his life, so mechanics, electronics and programming were around me from quite a young age. That gave me an early habit of not just using things but wanting to understand how they worked.
I was also the sort of kid who liked messing with things to see what happened. Software, game servers, websites, physical electronics, bits of infrastructure. I liked working out where the rough bits were. How something behaved, how it could be gamed, repaired, modified, or jury rigged into something else entirely.
By my early teens, that had turned into me helping manage infrastructure for volunteer communities I was part of. That was probably the point where it stopped being abstract. People were relying on things working. Some of those communities were dealing with DDoS attacks, and on the gaming side there were malicious attempts against the servers themselves, so suddenly the security side was not theoretical anymore.
It was a slippery slope from there. I went from messing with systems and keeping community infrastructure running to getting interested in how attacks worked, how you defended against them, and eventually how that could become an actual career. Later on, I came across cybersecurity more formally through a programme, which I think was NCSC related, and that iced the cake for me.
🧑💻 Can you tell me about your journey leading to Cybanetix? Why this company?
I was recruited by Cybanetix almost straight out of university. At the time, I was training for another role that was completely unrelated, but I have never regretted choosing this route instead.
The MSSP environment was a big reason. It meant I could actually use my degree properly and get exposure to real operational security across different clients, tools and environments. That suited me far more than sitting in one narrow lane.
But the people are what made it stick.
Cybanetix is people. People are Cybanetix.
The warmth of this company comes from the people in it. People that put a lot of effort into doing right by clients, but somehow still make room to care about each other and keep each other going. That matters, especially when the work is difficult.
💫 What has your career journey within Cybanetix looked like?
I started as a Tier 1 analyst when the SOC was still quite small, maybe around twelve people.
From there, I got stuck in and became involved in building more structure around how the SOC operated. That meant improving SOPs, playbooks, investigation steps, case handling, training, documentation, shift management, quality standards, threat intelligence work and incident response process.
I became our first Team Leader, then later SOC Manager. By that point, the SOC had grown to around forty people, so it was a very different operation from the one I joined.
After that, I moved across to establish a dedicated Threat Management, Incident Response and Purple Operations team, which where I am currently.
🔑 What are the important factors to be aware of when working within SOC, IR or Threat Management?
It depends on what is active at the time, but at the moment a lot of my work is around making Threat Management more scalable and more useful for the team.
On the incident side, if something is running, I might be involved in shaping the investigation approach, reviewing evidence, building or checking the timeline, looking at containment options, and making sure client actions are justified by what we actually know. That could mean endpoint activity, identity logs, mailbox activity, cloud logs, or whatever else the incident needs. The important bit is keeping the response controlled while the facts are still moving.
Outside of incidents, the main focus is the CTI pipeline. I am working on how we take intelligence in and help analysts turn it into something useful quickly. Not just read a report, write a summary, and move on. The goal is to support the process from intake through to output, so an analyst can take a campaign, technique, actor update or malware report and work it through into the right thing. That might be a detection, a hunt, a Purple Ops TTP, an attack pack, client reporting, or something that changes how we prepare for incidents.
That is where the automation and workload tooling comes in. It is not there to make the decision for the analyst. It is there to remove the dead time around the work. Pulling out the useful parts of intelligence, helping structure the assessment, keeping the workflow consistent, and making it easier to move from “this is relevant” to “this is what we are doing about it.”
So, my routine is a mix of management, technical review, hands on incident work, process design, and building the mechanisms that help the team move faster without cutting corners. It is not neat, but it is very much focused on turning threat knowledge into defensive action.
👏Can you share one of your favourite or most rewarding success stories?
Seeing analysts, I have trained become excellent people and excellent analysts.
That is the most rewarding part for me.
It is watching someone build confidence, make better investigative decisions, handle pressure better, and then start supporting other people themselves. There are incidents and technical pieces of work I am proud of, but seeing someone grow into the role properly stays with me more.
🧩What do you think the cybersecurity industry could be doing to support upcoming SOC analysts?
From what I have heard in conversations with analysts, the industry needs to give new SOC analysts more space to learn properly.
A lot of people come in with the right attitude. They are curious, they want to work, and they want to improve. But if you just put them in front of a queue and expect pressure to do the teaching, you are not really developing them properly.
They need structure around them. Proper training, good mentoring, clear escalation routes, and time to understand why something matters. Not just what button to press or what category to choose.
SOC work is not just tooling and tickets. It is learning what normal looks like, spotting when something does not fit, and being able to explain why it matters. That takes time, and it needs to be taught properly.
🌎Where do you think Cybanetix is headed in the future, and what are you most excited about?
I can only really speak for my area, and I’m obviously very excited about our work.
The big one is the intelligence pipeline we’re building. The idea is to automatically and dynamically collect intelligence from different sources, process it, structure the useful parts, and turn that into things analysts can actually act on. So instead of someone manually reading through endless reports and trying to drag the useful bits out by hand, the workflow should help surface what matters and push it towards an output.
That could be a detection idea, a threat hunt, client reporting, an incident response consideration, or a Purple Ops attack pack. The analyst still makes the judgement call, obviously. The point is not to automate the thinking. It is to get rid of the slow, repetitive work around the thinking.
That matters because CTI can become very expensive in terms of time. There is always more to read, more to assess, more to validate. If we can make that process faster and more consistent, we can turn more intelligence into useful defensive work without burying analysts under admin.
I’m also excited about Purple Operations becoming more mature alongside that. If CTI tells us a technique is relevant, Purple Ops gives us a way to test whether our detections, assumptions and response processes would actually hold up against that behaviour.
So, for me, the direction is about making the service sharper. Faster at processing intelligence, better at turning it into defensive action, and more honest about whether that action actually works when tested.
👩🏫What advice would you give to aspiring leaders who are looking to follow a similar career path?
Be curious but be willing to do the boring work properly.
A lot of cybersecurity is not glamorous. It is reading logs, taking notes, understanding normal behaviour, asking why something happened, and admitting when you are not sure.
I would focus on building good habits. Ask sensible questions. Document what you find. Learn from people around you. Always keep digging or toying with what you find interesting until you understand it end to end.
Technical skills matter, obviously. Networking, identity, endpoints, cloud, scripting, detection logic and attacker behaviour all help.
But attitude matters just as much. Nobody knows everything. Anyone pretending they do is either lying or due for a very educational incident.
🌈What are you most proud of?
I think what I’m most proud of is that I can point to things I’ve helped build, not just roles I’ve held.
The first is the SOC. I joined when it was still fairly small and later managed it through quite a lot of change. The SOAR changes were a big part of that, but so was the growth in the team, the leadership structure, the client base, and the volume of work coming through.
What I’m proud of is that, even while the team was growing and changing, we managed to keep standards high. As the workload increased and the environment became more complex, it would have been easy for quality to slip or for people to become overwhelmed by process and volume. Instead, we kept a strong focus on good case handling, supporting analysts properly, and maintaining consistent standards across the team, which is something I’m genuinely proud of.
The second is TMIR, which is my current role now. I’m proud of helping expand and formalise a department that brought together Incident Response, CTI, and Purple Ops into a more focused operational function.
A big part of that has been helping shape how the team works day to day, building out processes, improving collaboration, and developing automation and workload tooling so the team can operate more efficiently as demand has grown.
That is probably the bit I’m most pleased with. Seeing the department continue to mature, with clearer structure, stronger processes, and a well-defined role within the wider service, has been really rewarding.
Adam Waldie – IR/Threat Manager
This interview was conducted and written by Emily Carter – Marketing Executive