Risky Bulletin Podcast Summary Episode: Sponsored: Tines Shines at Solving Interesting Problems
Host: Casey Ellis
Guest: Matthew Muller, Field CISO at Tines
Release Date: August 3, 2025

Introduction

In this sponsored episode of the Risky Bulletin podcast, host Casey Ellis engages in an insightful conversation with Matthew Muller, the Field Chief Information Security Officer (CISO) at Tines. The discussion delves into how Tines is revolutionizing security orchestration and automation, addressing common challenges faced by Security Operations Centers (SOCs), and exploring innovative use cases that extend beyond traditional security functions.

Common Use Cases in Security Automation

Matthew Muller opens the discussion by highlighting the foundational challenges that many security teams encounter. He humorously refers to these challenges as the "base of Maslow's hierarchy of security angst," primarily dealing with managing tickets and alerts.

"When people first come to us, they're at sort of the very base of what I would sort of jokingly call Maslow's hierarchy of security angst, which is, you know, dealing with like tickets and alerts."
— Matthew Muller [00:51]

Muller explains that initial use cases often involve reducing false positives from detection systems and managing the overwhelming influx of security alerts. However, Tines' capabilities extend far beyond these entry-level solutions, offering orchestration and automation across increasingly fragmented tech stacks within security organizations.

Automation vs. Orchestration

A significant portion of the conversation distinguishes between automation and orchestration. While automation involves executing a set of predefined steps within a single system, orchestration coordinates multiple systems that may not naturally integrate.

"Automation is merely the set of steps that you want to have happen when a set of conditions occurs. Orchestration is a little different... pulling together two or more different systems that might not necessarily talk to each other out of the box every time."
— Matthew Muller [01:56]

Muller emphasizes Tines' strength in orchestration, enabling seamless collaboration between different teams and organizational boundaries. He cites an example where IT administrators used Tines to cross-reference asset lists with CrowdStrike data, facilitating better collaboration between IT and security teams without granting direct access to sensitive dashboards.

Innovative Use Cases: Beyond Traditional Security

Muller shares unique and unexpected use cases that demonstrate Tines' versatility. One notable example involves an organization using Tines to manage shift handovers within their SOC. By leveraging Slack emojis and Tines workflows, the organization created a gamified and engaging process to ensure continuity between shifts.

"They built a whole system that relies on Slack emojis that get fed back into a tines connected app... making the shift handover process a little bit more engaging for folks."
— Matthew Muller [05:42]

This approach not only streamlines critical handover procedures but also makes them more enjoyable for SOC operators, addressing both operational efficiency and employee engagement.

Measuring SOC Performance with Automation

The conversation shifts to the importance of metrics in SOC operations. Muller points out that many SOC teams currently measure analyst workload solely based on ticket volume, which only scratches the surface of their true responsibilities.

"Sans actually just published some survey data that said that the vast majority of SOC teams measure analyst workload based solely on ticket volume... Once you start thinking about processes that you can automate automation makes it measurable."
— Matthew Muller [07:49]

By automating processes with Tines, organizations can gain deeper insights into their operations, making previously invisible work visible and providing meaningful metrics for management. This facilitates better reporting and informed decision-making at the leadership level.

Empowering Teams with a Flexible Platform

Muller discusses how Tines bridges the gap between highly technical engineers and less technical team members. The platform's no-code/low-code approach allows advanced users to customize workflows while enabling junior members to contribute ideas without extensive coding knowledge.

"You get the best of both worlds where the advanced builders can go into the hood, do as much customization or technical stuff as they want and junior members of the team can log in, suggest changes, understand what's happening."
— Matthew Muller [11:21]

This flexibility ensures that Tines can cater to diverse teams, fostering collaboration and innovation across different skill levels.

Conclusion

Casey Ellis wraps up the episode by acknowledging Tines as a standout player in the platform security engineering space, noting its significant growth and adoption over recent years. The discussion underscores Tines' ability to address both common and niche challenges in security operations through robust orchestration and automation capabilities.

"We have a bunch of out of the box templates, but everything is as customizable as you want it to be."
— Matthew Muller [12:03]

For more information about Tines and their innovative solutions, visit www.tines.com.

Thank you for tuning into this episode of Risky Bulletin. Stay tuned for more insights and updates from the cybersecurity frontier.