Summary
Overview
Work History
Education
Skills
Timeline
Generic

Sean Ford

Argyle

Summary

Security engineering leader with over a decade of experience in security engineering and incident response, detection engineering, and technical operations at scale. Currently a Technical Operations Manager at Okta, leading complex cross-functional initiatives, including tech stack and security team integrations post-merger. Previously managed detection and response at Auth0, building detections-as-code, onboarding log sources, and deploying automation (e.g., Slackbot-based triage, Tines playbooks) to reduce alert fatigue by 40%. Hands-on with Python, Terraform, Snowflake, Panther, and cloud-native security in AWS environments. Former U.S. Army Sergeant with a proven ability to lead under pressure and deliver operational excellence in high-stakes environments.

Overview

14
14
years of professional experience

Work History

Technical Operations Manager

Okta
11.2023 - Current
  • Led the design and implementation of an automated incident management Slackbot using Tines, streamlining response workflows and improving operational efficiency across security teams.
  • Architected and integrated a secure, fine-grained permissions model for incident case management using Jira Cloud, enabling strict need-to-know access and eliminating the need for costly third-party tools and shortened deployment from months to weeks.
  • Designed and launched an employee-facing Slackbot backed by Tines to automate user verification and misconfiguration alerting, reducing security alert volume by ~30%.
  • Oversaw cross-functional integrations between detection engines and case management systems (Hive and Jira), aligning technical implementations with security and operational requirements.
  • Drove the onboarding of log sources for hundreds of SaaS applications by prioritizing efforts based on system criticality and app owner readiness, accelerating log coverage expansion.
  • Developed and implemented a cost-effective strategy to access distributed Snowflake data across organizational tenants via secure data shares and OAuth2-based integrations, eliminating redundant storage and reducing access friction.
  • Built strong partnerships with global vendors—led POCs, negotiated pricing, and integrated selected solutions into the existing tech stack to support evolving business needs.
  • Recruited and managed engineers across the US, Europe, and Australia; fostered a high-performance culture through mentorship, autonomy, and continuous growth opportunities.
  • Delivered large-scale projects on time by blending hands-on technical leadership with strategic project management and cross-team alignment.
  • Known for building consensus among diverse stakeholders to resolve complex technical challenges and deliver scalable, business-aligned solutions.
  • Led incident response lifecycle for high-severity incidents—streamlined detection, containment, and analytics across integrated detection pipelines.
  • Mentored engineers and managed cross-regional teams (US, EU, APAC) to maintain shift coverage, SLA compliance, and 24x7 operational excellence.
  • Designed full-stack detection integration: ingested across multiple SaaS log sources, Snowflake datasets, and internal detection engines—standardizing visibility across production, corp, and third-party systems.
  • Collaborated with engineering, product, and detection teams to define and implement OAuth2-secured data access pipelines into Snowflake for scalable, automated detection controls.
  • Led POC evaluations for vendor-integrated security tools, aligning security tech stack with product roadmap while balancing engineering performance and business ROI.
  • Built cross-functional consensus with engineering, TPMs, and business stakeholders to drive seamless adoption of secure detection controls across domains.
  • Developed and executed incident response protocols, automations, and post‑incident reviews—accelerating time-to-containment by ~25%.
  • Partnered directly with CISO and business leaders to define KPIs, risk metrics, and operational SLAs, delivering real-time analysis and strategic remediation plans.
  • Piloted and integrated workflow automations (Slackbots backed by Tines) to drive consistency in operational security and business alignment.
  • Led onboarding and ingestion of logs across hundreds of SaaS applications, collaborating with system owners to prioritize high‑value data in financial context.
  • Implemented data-sharing solutions via Snowflake secure shares and OAuth2 integrations to unify monitoring across decentralized systems—reducing fragmentation and speeding threat detection.
  • Built standardized alert triage and incident workflows via Slackbot automations, enabling consistent compliance-ready monitoring.
  • Led vendor POCs and negotiations for security and monitoring tools—ensured financial-aligned pricing with ROI-based evaluations.
  • Designed and implemented automated incident management workflows via a custom Slackbot backed by Tines, reducing manual triage workload by 40% and increasing response consistency across ~2,000 daily detection signals.
  • Headed SOC operations including 24/7 monitoring, triage, and incident response across cloud and on‑prem environments.
  • Created a self-service alert flow using a user-facing Slackbot that now auto-triages ~30% of daily security alerts, enabling faster remediation and freeing up human analyst time for high-impact incidents.
  • Architected secure and compliant detection pipelines across global Snowflake tenants, ensuring data privacy adherence under GDPR and California privacy laws while supporting business-aligned detection engineering.
  • Collaborated with compliance, legal, and data teams to ensure ingestion workflows and detection controls met regulatory and audit requirements (SOC 2 Type II, PCI, GDPR), including building exemptions for security data handling.
  • Partnered with the federal compliance team to build FedRAMP Moderate and High-compliant logging and alerting pipelines, aligning detection capabilities with federal cloud security standards.
  • Delivered major projects from inception to rollout through technical leadership, close collaboration with engineering, and strategic vendor integration—including leading POCs, negotiating pricing, and onboarding vendors to the security stack.
  • Mentored and led cross-functional technical teams across the US, Europe, and Australia, creating a high-performing and engaged engineering culture despite not having formal direct reports.
  • Built and prioritized SaaS log onboarding workflows for hundreds of applications by aligning with app owners, streamlining data coverage while balancing security needs and operational constraints.
  • Acted as a trusted liaison across security, engineering, legal, and compliance domains to design scalable, secure, and privacy-compliant systems in a decentralized, multi-tenant cloud environment.

Manager, Incident Response

Auth0 (acquired by Okta)
04.2022 - 11.2023
  • Managed a team of 4 detection engineers responsible for building and maintaining detections-as-code pipelines using Panther and Snowflake, ensuring scalable, repeatable, and auditable security alerting.
  • Led the consolidation of detection tooling and processes during the Okta/Auth0 merger, unifying detection strategies and reducing duplication while preserving team velocity and visibility.
  • Guided team through organizational integration, aligning incident response and detection functions across two previously distinct security programs, and establishing a shared operating model post-merger.
  • Architected high-fidelity detection rules in a code-driven framework, leveraging Python and SQL for scalable analytics across cloud workloads and enterprise SaaS environments.
  • Acted as a key liaison between detection engineering, platform security, and leadership to align detection coverage with evolving business priorities and M&A strategy.
  • Mentored junior and mid-level engineers, building a high-trust, high-impact team culture that fostered ownership, accountability, and continuous improvement.
  • Advocated for and implemented best practices in detection engineering, including version control, CI/CD integration, testing frameworks, and metrics to measure detection efficacy and reduce false positives.
  • Hired, managed, and developed a team of 4 high-performing detection engineers, establishing a strong engineering culture built on accountability, growth, and technical ownership.
  • Led detection and response operations during the merger of Okta and Auth0, consolidating detection pipelines and playbooks across both organizations to create a unified incident response and monitoring framework.
  • Directed the transition to a detection-as-code model using Panther and Snowflake, enabling scalable, version-controlled, and testable detections aligned with modern engineering practices.
  • Oversaw triage and incident response for high-fidelity alerts across a hybrid cloud environment, and established operational KPIs to measure team effectiveness and reduce false positives.
  • Collaborated cross-functionally with security, platform, product, and compliance teams to ensure detection coverage aligned with evolving threat models and business priorities.
  • Designed and implemented automated workflows and tuning processes to maintain signal quality and eliminate noise, improving detection precision and reducing analyst burnout.
  • Played a key role in strategic decision-making around detection architecture, vendor integrations, and tooling migration during the merger, ensuring long-term sustainability and business alignment.
  • Partnered with HR and recruiting to define roles, assess candidates, and build an inclusive hiring process—scaling the team to meet growing detection and response demands.

Senior Security Engineer

Auth0 (acquired by Okta)
02.2021 - 04.2022
  • Developed and maintained high-fidelity detections as code using Python and SQL within Panther, enabling scalable, version-controlled alerting tied directly to evolving threat models.
  • Built and managed detection infrastructure using Terraform across cloud-native environments, ensuring reproducibility and adherence to infrastructure-as-code best practices.
  • Led log onboarding efforts across dozens of SaaS and internal systems—defined log schemas, collaborated with app owners, and ensured end-to-end ingestion into Snowflake and detection pipelines.
  • Engineered automation workflows with Tines to streamline alert enrichment, analyst handoff, and ticket generation—reducing manual toil and speeding time-to-triage.
  • Participated in a global on-call rotation for incident response, leading investigations, root cause analysis, and stakeholder communication for high-severity security events.
  • Conducted proactive threat hunting using Snowflake datasets and internal logs to identify stealthy or emerging attack techniques across cloud and corporate environments.
  • Worked closely with security architecture and engineering teams to contain incidents, provide real-time guidance, and implement remediations across production environments.
  • Collaborated with compliance and GRC teams to ensure detection logic and log retention met audit and regulatory standards (SOC 2, GDPR, PCI).
  • Represented security engineering in customer assurance calls, explaining detection logic, coverage, and operational processes to enterprise clients and auditors.

Senior Tech Lead

Columbia University
09.2016 - 02.2021
  • Promoted from Systems Administrator to Senior Tech Lead, reporting directly to the Director of IT; managed a team of 4 systems administrators and 1 intern, overseeing task execution, performance reviews, and professional development.
  • Reduced system downtime by 20% by proactively upgrading critical services and modernizing legacy infrastructure across 14 VMware hosts and 300+ virtual machines.
  • Spearheaded regular vulnerability scans using OpenVAS and Nessus; implemented remediation strategies that reduced exploitable findings by 70% across internal systems.
  • Led detection and response for information security incidents, conducting triage, root cause analysis, and containment using network and host-based forensics.
  • Designed and delivered interactive cybersecurity awareness training for faculty and staff, resulting in a 60% decrease in successful phishing attempts and increased engagement in reporting threats.
  • Led security assessments and remediation efforts for web applications handling sensitive PII data; collaborated with developers to integrate secure coding practices and reduce risk exposure.
  • Scoped and executed security projects, including malware and intrusion detection/prevention, log analysis (Sumo Logic, Splunk), host-based firewall hardening, and vulnerability assessments—significantly strengthening departmental security posture.
  • Continuously refined log ingestion pipelines to enhance threat detection and alerting capabilities; reduced false positives and improved time-to-detection.
  • Co-authored disaster recovery and business continuity policies; supported tabletop exercises and failover simulations to validate readiness.
  • Designed and deployed a High-Performance Computing (HPC) cluster with 20 compute nodes (600+ CPU cores, 10TB RAM), 170TB shared ZFS storage, Slurm scheduler, and Singularity containers—supporting 50+ researchers and students with scalable compute resources.

Co-founder & Developer

Clion Inc
09.2015 - 09.2017
  • Co-founded a startup focused on tactical medical technology; led development of an Android application in Java to track and triage battlefield casualties for U.S. Special Operations Command (USSOCOM).
  • Conducted over 100 in-depth interviews with combat medics and special operations personnel to assess gaps in existing casualty tracking workflows, gathering mission-critical insights to inform product development.
  • Used agile iteration cycles to prioritize and implement core features based on direct user feedback, improving usability and decision-making speed in field scenarios.
  • Designed and prototyped a wearable proof-of-concept device using off-the-shelf components, enabling real-time data transmission and casualty status updates in high-pressure environments.
  • Collaborated with a cross-functional team of five engineers and product designers to solve a complex national security challenge under tight timelines and resource constraints.
  • Presented prototype and findings to military stakeholders; incorporated feedback to enhance UI/UX, sensor integration, and field resilience.

Unit Armorer / Sergeant

United States Army 1-91 Cavalry Regiment, 173rd IBCT (Airborne)
Grafenwöhr
04.2013 - 08.2014
  • Demonstrated rapid career progression and leadership under pressure. Entrusted with mission-critical logistics, secure communications, and multi-million-dollar assets in both combat and garrison environments. Proven ability to lead teams, streamline processes, and ensure compliance across diverse operational contexts.
  • Hand-selected by First Sergeant to manage the unit arms room, overseeing accountability, security, and maintenance of over $12 million in weapons, radios, and sensitive tactical equipment with zero loss.
  • Successfully passed two consecutive Host Nation Weapons Inspections (HNWI) conducted by German civilian authorities, ensuring full compliance with local weapons laws and U.S. Army regulations.
  • Supervised and mentored two junior enlisted soldiers, ensuring daily operations, inventory, and reporting were executed with precision.
  • Designed and implemented a training system that improved new soldier weapons qualification time by 30%, directly enhancing unit readiness and operational efficiency.
  • Received top ratings on four semi-annual physical security inspections; maintained strict compliance with U.S. Army arms room and sensitive item handling policies.
  • Served as liaison during NATO multinational readiness exercises in Germany and the Baltic region, coordinating communication and logistics with partner forces.
  • Promoted to Sergeant (E-5) in 2.5 years with 672 promotion points, significantly ahead of peers; recognized for leadership and performance.
  • Graduated Warrior Leader Course with a 97.3 GPA and named to the Commandant’s List.

Team Leader

United States Army
Logar Province
06.2012 - 03.2013
  • Independently established two remote fuel distribution points in austere combat outposts—responsibilities normally assigned to an E-7, E-5, and multiple junior enlisted—supporting continuous operations in a high-risk environment.
  • Supported over 180 mounted and dismounted logistics patrols, providing actionable feedback that improved route safety and mission execution speed.
  • Served as Platoon Radio Telephone Operator (RTO); programmed and maintained SINCGARS and MBITR radios, and managed secure communications (COMSEC) equipment.
  • Acted as a de facto regional operations manager, directing daily activities of 8 soldiers in high-tempo environments.
  • Selected by battalion commander from over 40 peers for early promotion waiver to Specialist (E-4) based on merit and leadership.

Logistics Specialist

United States Army
Schweinfurt
06.2011 - 05.2012
  • Liaised with Bulgarian and Romanian NATO forces during joint multinational training exercises, contributing to strategic alliance coordination.
  • Graduated top 10% of Advanced Individual Training (AIT) and completed U.S. Army Airborne School.

Education

Master of Science - CyberSecurity

Fordham University
New York, NY
05-2019

Bachelor of Arts - Computer Science

Columbia University
New York, NY
12-2017

Skills

  • Incident management
  • Security compliance
  • Team building
  • Automated workflows
  • Detection engineering
  • Vendor management
  • Regulatory compliance
  • Project management
  • Team leadership
  • Process optimization
  • Communication skills

Timeline

Technical Operations Manager

Okta
11.2023 - Current

Manager, Incident Response

Auth0 (acquired by Okta)
04.2022 - 11.2023

Senior Security Engineer

Auth0 (acquired by Okta)
02.2021 - 04.2022

Senior Tech Lead

Columbia University
09.2016 - 02.2021

Co-founder & Developer

Clion Inc
09.2015 - 09.2017

Unit Armorer / Sergeant

United States Army 1-91 Cavalry Regiment, 173rd IBCT (Airborne)
04.2013 - 08.2014

Team Leader

United States Army
06.2012 - 03.2013

Logistics Specialist

United States Army
06.2011 - 05.2012

Master of Science - CyberSecurity

Fordham University

Bachelor of Arts - Computer Science

Columbia University

Similar Profiles

CREATE PROFILE