Bryan Gutzman
Sr. Manager, Cyber Automations And Threat Engineering
Andover,Mn
Summary
Proven Manager of Cyber Automation and Threat Engineering with a strong record of leading high‑performing teams, driving operational excellence, and implementing strategic initiatives that enhance productivity, detection fidelity, and automation maturity. Recognized for sound judgment, advanced problem‑solving, and the ability to deliver clear, actionable decisions in complex or high‑pressure situations. Known for building strong cross‑functional partnerships and aligning cyber defense strategies with organizational objectives in fast‑paced, highly regulated environments.
Overview
12
12
years of professional experience
4
4
Certifications
Work History
Manager, Cyber Automations and Threat Engineering
Abbott
04.2022 - Current
- Manager Cyber Threat Engineering, Full-time Apr. 2022 - Present · (3 yrs 11 months), St. Paul, Mn, Abbott Labs - Cyber Threat Action Center
Lead and develop a high‑performing team of four Cyber Threat Engineers responsible for enterprise‑wide Detection Engineering, SIEM automation, data onboarding and validation, and infrastructure security project support, demonstrating leadership in cybersecurity operations.
- Manager - Cyber Defense Team, Full-time - (Aug. 2021 - Apr. 2022 · 9 months), St. Paul, Mn, Abbott Labs - Cyber Threat Action Center
Development of Behavior-Based Threat Detection, Splunk Engineering, MITRE ATT&CK & SHIELD concepts employed in integration used as part of Triage and Incident Response for events.
- Sr. Cyber Security Analyst, – Full-time - (Jan 2017 - Aug 2021 - 4 years 8 months), St. Paul, MN., Abbott Labs (SJM) Cyber Threat Action Center
- Senior Information Security Analyst, - Full-time - (Jan 2015 - Jan 2017 · 2 yrs 1 month ), St. Jude Medical, St. Paul, MN. Cyber Threat Action Center
- Network Security Analyst, Full-time -(Apr 2014 - Jan 2015 · 10 months) Saint Jude Medical (SJM - Dahl Contractor)
- Technical Assistance Center and Security Operations Center Manager - Full-time (Aug 2013 - May 2014 · 10 months), Eden Prairie, MN. SecureConnect, a Trustwave Company
- Endpoint Support Analyst Secure Connect - Full-time (Mar 2013 - Aug 2013 · 6 months) Eden Prairie, MN. SecureConnect
Education
Bachelor of Science - Cybersecurity
ITT Technical Institute
Eden Prairie, MN 05.2001 -
Associate of Science - Computer And Information Systems
ITT Technical Institute
Eden Prairie, MN 05.2001 -
High School Diploma -
Alcona High School
Lincoln, MI 05.2001 -
Skills
Extensive experience in threat detection engineering, designing and enhancing enterprise‑scale detections across the Cyber Security Sensor stack by leveraging centralized logging, correlation pipelines, and risk‑based alerting frameworks
Deep expertise in Windows Event telemetry, including advanced use of Windows Event Codes to identify malicious behaviors, uncover gaps in sensor coverage, and engineer detections for threats that evade traditional endpoint controls and Endpoint Detection and Response
Trusted by senior leadership to deliver accurate metrics, authoritative technical assessments, and support for sensitive cybersecurity initiatives requiring discretion, precision, and high‑confidence analysis
Affiliations
- Chair/Member, H-ISAC Purple Team Working Group
- Member, H-ISAC Post Quantum Computing Group
- Member, (ISC)² - CISSP
- Member, SANS Institute
Certification
Certified Information Systems Security Professional (CISSP)
Timeline
RSA Archer 5.5 Administration
02-2026
Manager, Cyber Automations and Threat Engineering
Abbott
04.2022 - Current
RSA Archer 5.5 Advanced Administration
09-2016
Bachelor of Science - Cybersecurity
ITT Technical Institute
05.2001 -
Associate of Science - Computer And Information Systems
ITT Technical Institute
05.2001 -
High School Diploma -
Alcona High School
05.2001 -
Special Skills
I have years of experience using centralized logging with Risk-Based Alerting to enable behavioral detection based on identity or asset (user or computer). The outcome is a reduction in tickets. Risky activities by the system or user are all covered under one alert instead of single alerts for every event. Furthermore, I have experience that enables me to write detections within centralized logging, allowing me to add detections beyond what the cybersecurity sensors can detect on their own. This means that threat actors cannot anticipate all the different activities that my team can detect. I currently lead a team that writes detections using our centralized logging, but also our EDR/XDR platforms. These skills are also very useful for writing detections for Insider Risks and are incorporated into our current program.
Core Competencies
- Threat Engineering and Detection
- Security Operations Center (SOC) Leadership
- Incident Response & Forensics
- Cloud Security (AWS, Azure, GCP)
- SIEM & SOAR Implementation
- Adversary Emulation and Purple Teaming
- Vulnerability Management
- Red/Blue/Purple Team Exercises
- Executive Communication & Reporting
- Risk Assessment & Mitigation
- Security Architecture & Engineering
- Regulatory Compliance (NIST, ISO, GDPR, HIPAA)
- Innovation & Automation in Cyber Defense
- Team Building & Talent Development
Publications & Presentations
- "Proactive Threat Engineering: Merging Purple Teaming with Automation" – SANS Whitepaper, 2023
- "Securing the Future: Cloud-native Detection Strategies" – RSA Conference, 2024