Michael Williams
Cybersecurity: Analyst · Incident Response · Threat Hunting · Detection Engineering · Customer Success Engineering · AI Security
My foundation is cybersecurity operations: incident response, threat hunting, detection engineering, and customer-facing security work across multi-tenant environments. I build from that foundation into AI security systems that preserve what security teams need most: evidence, guardrails, auditability, and safe failure.
Across my roles, I have walked into ambiguity, found operational pain points, and built systems to solve them. ThreatPrism is one example: a guardrail-first SOC investigation pipeline that contributed to a 48% MTTR reduction across 60+ enterprise clients while keeping production implementation details proprietary.
Featured Work
SOC systems, AI security research, and guardrail-first tooling
ThreatPrism
Guardrail-first SOC investigation pipeline. Automates IOC extraction, MITRE ATT&CK mapping, severity scoring, and analyst context generation before a human touches the alert. Contributed to a 48% MTTR reduction across 60+ enterprise clients via Swimlane SOAR.
AI DevSecOps Platform
Validated AI security engineering project for detecting unsafe patterns in AI-generated code. Combines deterministic controls, semantic taint tracking, ShellGuard, LLM reasoning with Pydantic constraints, and provenance concepts. Validated across 57 adversarial test cases with zero false negatives.
SecureCLI-Tuner
Security-first LLM fine-tuned for agentic DevOps. Translates natural language into safe Bash commands with 100% adversarial attack blocking rate. QLoRA fine-tuning plus three-layer runtime guardrail architecture.