Security Operations Engineer at Coterie Insurance

A defender who builds.

I'm Micah Falde, an operations-minded technologist with 5+ years standing up security programs from the ground up. I engineer detections, automate the manual work that slows teams down, translate technical work into decisions leadership can act on, and ship real products on the side. I build because hands-on building makes me a sharper defender.

View selected work Get in touch
0
years in security
0
industry certifications
0
cases resolved in a year, #1 by volume
0
products built
Selected work

Things I've designed, shipped, and maintained

A mix of security engineering, data analysis, and product builds. Each one is real, version-controlled, and taken end to end, from architecture to deployment.

SaaS · Flagship

SalonSync

salon-sync.co

A commission-aware, booth-rental-aware salon management platform that runs on iPhone, Android, and web. Built for my wife's business, it handles scheduling, payments, client management, and stylist tools, rebuilt from a web MVP into a 9-phase production app.

124K lines 412 source files 39 Cloud Functions 189 test files
FlutterRiverpodFirebaseCloud Functions Stripe ConnectTwilio SMSGoogle Calendar
Commission engine · card-on-file · public booking · waitlist · two-way SMS · multi-role dashboards
Security · Detection Engineering

Detection Engineering Library

A production detection-engineering repo: 36 KQL rules for Microsoft Sentinel and Azure Data Explorer targeting data exfiltration, C2 beaconing, and cloud-account misuse, each with templates, risk scoring, and CI validation.

36 KQL rules 16 categories 87 tables cataloged CI linted
KQLMicrosoft SentinelAzure Data Explorer GitHub ActionsMITRE ATT&CKLogic Apps · DCR
DNS tunneling · cloud exfil (Dropbox, Drive, OneDrive, FTP, azcopy) · suspicious TLDs · M365 external sharing
Civic Tech · Platform

Rally

A proof-of-concept voter-data platform for low-budget campaigns. Lower-budget races struggle to manage voter files across managers, staff, and volunteers in a shared spreadsheet, so I built a real system for it, tested on voter data from my own county.

244K voter file tested 50-state adapters PostGIS
FastAPISQLAlchemy 2PostgreSQL + PostGISReactFlutterGeocodio
Contact-to-voter matching · turf management · append-only canvass tracking · survey builder
Data Analysis · Geospatial

Church Plant Location Analysis

view the analysis

Tasked by my church to recommend a site for a new church plant. I mapped members' home addresses against drive-time ranges to candidate locations, showing who would likely attend each option, delivered as an interactive analysis.

drive-time isochrones membership dataset interactive maps
Geospatial analysisDrive-time mappingData vizGitHub Pages
Address geocoding · isochrone modeling · attendance projection by location
PWA · Product

The Felt

A mobile-first poker trainer with 6+ game-theory modes and a frozen, property-tested poker engine, the kind of eval rigor that separates production work from a demo. Built and verified overnight.

182 test cases 8.4K lines 0 any types
React 19TypeScriptViteZustandVitestCapacitor
Pure UI-free engine · spaced-repetition review · property-based soak tests · iOS PWA
Security · Framework

ClaudSecurity

A self-improving security-operations framework on a four-layer Directive, Orchestration, Execution, Memory architecture, with a bidirectional incident response and detection feedback loop.

8 subagents 38 proven queries 4.9K seed-query lines
KQLPythonClaude CodeMicrosoft SentinelDefender XDR
Persistent memory layer · IOC index · MITRE coverage mapping · audit-ready git trail
About

The through-line

I'm an operations-minded technologist with 5+ years building systems and processes from the ground up. I've been the early hire who stands up the security function and writes the playbook, the subject-matter expert teams rely on, and the person who turns technical jargon into a plan leadership can act on. Today I'm a Security Operations Engineer at Coterie Insurance, a cloud-first fintech.

My work runs from detection engineering and threat hunting to executive reporting and automating away the manual work that slows teams down. Across roles in fintech, education, and healthcare, I've cut alert noise by over 50%, driven patch compliance from under 40% to over 80% in days, and resolved more cases than anyone on the queue in a single year.

Off the clock, I build. A salon platform live on iPhone, Android, and web. A voter-data tool for low-budget campaigns. A drive-time analysis that helped my church choose where to plant. I ship them with the same discipline I bring to security: architecture first, verification always, and metrics over vibes. I'm an AI-native engineer who directs LLM agents to scaffold, implement, and test, while I own the architecture, the review, and the judgment calls that AI can't make. Building production software is exactly what makes me a sharper defender.

Capabilities

What I work with

Security & Operations

Detection engineering, incident response, and threat hunting across fintech, education, and healthcare.

Microsoft SentinelKQLDefender XDR MDE / MDI / MDOAzure Data ExplorerIntune Orca CSPMZeroFoxRecorded Future MITRE ATT&CKIncident ResponseThreat Hunting Brand & Dark-Web MonitoringNIST 800-53

Engineering & Data

Full-stack across mobile, web, and cloud, plus the data and reporting work leadership runs on.

Flutter / DartReactTypeScript PythonFastAPIPowerShell AzureFirebaseSupabase PostgreSQL / PostGISPower BIStripe Geospatial / mappingData viz

AI & Automation

Directing agents to build, test, and verify, with engineering judgment on top.

Claude CodeAgent orchestrationLLM workflow automation Eval / verification harnessesStructured prompting Anthropic APIOpenAI API Process automationScripting
Experience

Where I do the work

Security Operations Engineer · Coterie Insurance (fintech)
May 2022 to Present · early hire, building the SOC from scratch
  • Early employee who helped stand up the security operations function for a cloud-first fintech as the company scaled, owning detection, response, and reporting.
  • Built and tuned detections in Microsoft Sentinel, matured a recurring threat-hunting program, and led cloud security posture management that cut alert noise by over 50%.
  • Built an executive reporting solution in Power BI, turning raw operational data into dashboards leadership uses to make decisions, and delivered regular threat briefings.
  • Ran brand and reputation monitoring across the open and dark web with ZeroFox and Recorded Future, and partnered on application, Kubernetes, and vulnerability-management security.
Independent Technology Consultant · WeWatch
May 2020 to Present · multi-year client retainers
  • For a 15,000-person health system, designed and launched an automated data pipeline end to end, pulling many separate systems into one place for real-time monitoring, and managed its SIEM.
  • Resolved 1,195 cases in a single year while running a daily 24/7 operations queue, ranking #1 in quantity of cases resolved.
  • For an aviation startup interfacing with FAA systems, architected and deployed secure, NIST 800-53 compliant cloud infrastructure from the ground up, automating the buildout with scripts.
  • Designed HIPAA-compliant cloud backup and recovery, and served as a subject-matter expert and mentor, training analysts and writing the playbooks teams run on.
Sr. Information Security Analyst · Pensacola Christian College
Feb 2021 to May 2022
  • Senior administrator for the Microsoft 365 and Azure security stack (Defender XDR, Sentinel, Intune), leading incident response across a hybrid cloud environment.
  • Drove software-update compliance from under 40% to over 80% within days of each monthly cycle through an automated third-party patching deployment.
  • Led, mentored, and trained junior analysts, and led cross-team system-hardening and architecture changes while handling escalated, high-stakes incidents.
Software Development Intern · O'Reilly Auto Parts
Jan 2019 to Mar 2019
  • Front-end and back-end web development (HTML, CSS, Java) on a team of experienced developers, debugging, building, and testing software.
Credentials

Education & certifications

Education

M.S., Cybersecurity & Information Assurance
Western Governors University
2021
B.S., Cybersecurity & Information Assurance
Western Governors University
2020

Certifications

15+ industry certifications across security operations, defense, and IT.

CompTIA Security+ CompTIA Network+ CompTIA A+ CompTIA Project+ Microsoft SC-200 Microsoft SC-900 ISC2 SSCP EC-Council CEH EC-Council ECIH ITIL v4 CIW Web Security Associate CIW Site Development Associate
Archive

More things I've built

The long tail: apps, security tooling, data work, and experiments. Filter by domain.

FarmLedger

SaaS

An offline-first farm-finance and livestock SaaS, tracking profitability, Schedule F tax data, herds, and equipment depreciation with local-to-cloud sync.

Flutter · Supabase · PowerSync · 37 DB tables

VulnCompare

Security

Streamlit web tool comparing Chainguard vs. Docker Hardened Image CVE scans for data-driven procurement.

Python · Streamlit · Trivy · Docker

Geospatial Contact Mapping

Data

Mapped thousands of location-based contacts from raw spreadsheets into accurate, field-ready interactive maps for an emergency-services contract.

Power BI · Google Earth Pro · Excel

Chainguard Hardened Images

Security

Reproducible, minimal, CVE-free container base images with signed, deterministic builds.

apko · melange · cosign · Grype

SignalOverNoise

SaaS

Self-hosted paid Discourse community on a DigitalOcean droplet with a Stripe-wired founding-member model.

Discourse · Docker · DigitalOcean · Stripe

Decision Memory

Experiment

Password-gated web app letting nonprofit staff query institutional decisions with required citations and supersession chains.

Flask · Anthropic · Groq · JSON store

CLAWD

Experiment

A personal Claude agent with a self-improving memory architecture and multi-platform messaging orchestration.

Python · Claude CLI · WhatsApp / Telegram / SMS

Age of Micah II

Experiment

A browser RTS homage to Age of Empires III, 5,100 lines of dependency-free JS with a custom engine, BFS pathfinding, fog of war, and a self-aging AI.

Vanilla JS · HTML5 Canvas · WebAudio

AI Research Vault

Experiment

A single-file interactive knowledge graph of 65 curated AI-research and policy articles with a D3 visualization.

HTML · D3.js · Embedded JSON

SalonSync Variants

SaaS

Four maintained branches of the salon platform: unlimited, design, maintenance, and shared-device kiosk builds.

Flutter · Firebase · multi-branch
Contact

Let's build something defensible.

Open to security-engineering, operations, and full-stack roles where building and defending are the same job. The fastest way to reach me is email.

micahfalde@protonmail.com GitHub