This case study details a project focused on automating the manual data entry process for SOC analysts responding to security incidents.  My role was to design and implement an automated solution to reduce the time analysts spent on administrative tasks, allowing them to focus on higher-priority alerts and improving overall response times. The project ran from October 1, 2023 to November 15, 2023.

Project Name: Automating SOC Incident Reporting

Team Composition: Myself (Associate Product Manager &amp; SOC Analyst), 2 Software Engineers, 1 QA Engineer, 3 SOC Analysts

Tools Used: Jira, Confluence, Python, relevant APIs for ticketing system and incident reporting forms

SOC analysts were spending significant time manually filling out incident response forms. This process was time-consuming and diverted their attention from critical incident handling.  This inefficiency impacted overall response times and the effectiveness of incident mitigation.  Internal data showed an average of 20 minutes spent per incident on manual data entry.

The primary objective was to reduce the time spent on manual data entry by at least 30%.  Success would be measured by tracking the average time spent per incident on data entry and comparing it to the pre-automation baseline.  Secondary metrics included analyst feedback on the tool's usability and impact on their workflow.

The strategy involved developing a Python-based automation solution that integrated with our existing ticketing system and the incident response forms. The solution would automatically populate the forms with data extracted from the tickets.  The roadmap involved initial design, API integration, testing, and deployment.  We used a phased rollout to minimize disruption and ensure smooth integration.

We conducted user interviews with SOC analysts to understand their current workflow and challenges. This informed the design and functionality of the automation tool. We also performed thorough API documentation review and testing to ensure seamless data extraction and transfer.  Before full deployment, we conducted beta testing with a subset of analysts to gather feedback and make necessary adjustments.

The development process followed an Agile methodology, with two-week sprints. Daily stand-ups and sprint reviews ensured effective communication and progress tracking. We used Jira for task management and Confluence for documentation.  Feature prioritization was based on analyst input and impact on response time. We prioritized core functionality and iteratively added enhancements based on feedback.

Development proceeded as planned, with minor adjustments based on beta testing feedback.  We encountered some initial challenges with data formatting inconsistencies between the ticketing system and the incident response forms. These were resolved through careful data transformation within the Python script. Regular updates were communicated to stakeholders through Jira and email.

The primary challenge was integrating with the ticketing system's API due to its complexity and lack of comprehensive documentation.  We mitigated this by close collaboration with the IT team who provided additional support and clarifying information.  Another challenge was ensuring data integrity and preventing errors during automated data transfer.  This was addressed by implementing robust error handling and data validation within the script.

The launch involved a phased rollout to SOC analysts, starting with a small group for further testing before wider deployment.  Training was provided to familiarize analysts with the new system.  The go-to-market strategy focused on internal communication and showcasing the tool's efficiency benefits through success metrics.

The automation solution exceeded expectations, achieving a 35% reduction in average time spent on data entry per incident.  Analyst feedback was overwhelmingly positive, highlighting the tool's ease of use and its impact on productivity.  This allowed analysts to dedicate more time to high-priority tasks and improve overall incident response times.

The project demonstrated the value of automation in streamlining workflows and improving efficiency. Key learnings include the importance of thorough API documentation, robust error handling, and user feedback throughout the development process.  The project strengthened my API integration skills and honed my problem-solving abilities.

The successful automation of incident reporting has significantly improved the efficiency of our SOC team.  Future iterations will include enhanced reporting capabilities, improved error handling, and integration with other security tools. This project serves as a model for future automation initiatives within the organization.

Streamlining SOC Analyst workflow through automation to reduce incident response times and improve efficiency.

Automating SOC Incident Response

I owned multi-module FinTech SaaS products end-to-end, focusing on secure onboarding, API-driven capabilities, and measurable user outcomes.

Led product discovery and roadmap execution across security-sensitive workflows

Conducted 30+ user interviews and competitive studies, improving task completion by ~22%

Designed secure-by-default onboarding flows, increasing onboarding success by ~18%

Shipped automation that reduced vulnerability triage time by ~35%, accelerating secure releases

Co-designed investigation dashboards, reducing analyst effort by ~28%

Led cross-functional pods aligned to business OKRs, improving delivery predictability

Worked with engineering, UX, and security teams to build AI-driven and secure collaboration features for an enterprise messaging platform.

Conducted 25+ enterprise user interviews, shaping multi-quarter roadmap decisions.

Designed AI-powered chat summaries, reducing message review time by 30–40%.

Built OCR-powered “Smart Search,” improving search accuracy by ~25%.

Launched Auto-Response suggestions reducing repetitive internal queries by ~15%.

Designed secure authentication flows, permission models, and API governance for enterprise compliance.

Built Admin-level Data Export workflows, reducing manual support requests by 50%.

Improved onboarding and UX flows, contributing to ~20% product adoption growth.

Created cross-functional release workflows, reducing post-release issues by ~22%.

My work as a SOC Analyst directly influenced how products were designed and improved.

Built MITRE ATT&CK-aligned detection rules improving SIEM accuracy by 25%

Automated incident response, reducing MTTD/MTTR by ~30%

Influenced vulnerability lifecycle management decisions impacting product security

Integrated threat intelligence into product workflows to improve trust and reliability

Performed API, web, network & wireless penetration tests affecting product redesigns.

Identified misconfigurations & CVEs feeding into PM backlog & engineering decisions.

Authored developer-centric remediation guidance strengthening security posture.

Performed API security assessments and penetration testing to identify vulnerabilities and improve security posture. Created a detailed report with identified flaws and mitigation strategies to enhance API security.

Many APIs suffer from authentication weaknesses, broken access controls, and excessive data exposure. This project focused on finding security gaps through penetration testing and providing remediation strategies to protect against real-world threats.

<b>Tools Used:</b>&nbsp;Burp Suite, Postman, OWASP ZAP, Nmap, Metasploit

Conducted a Penetration security assessment to identify vulnerabilities and improve security posture. Created a detailed report outlining security flaws.

 Burp Suite, Postman, OWASP ZAP, Nmap, Metasploit

Penetration Testing Assessment & Mitigation Report

Shiyam has a rare mix of empathy and execution — always tying every decision back to impact.

Chloe Zhang

Shiyam brings clarity to chaos. Their product thinking is grounded, data-driven, and inspiring to teams.