About
Jeremy Wiley.
Cybersecurity architect and data scientist focused on security data architecture and emerging-tech research. The opinions on this site come from operating the platforms in production rather than consulting about them, and from a research portfolio where I keep the contradictions on the record when new evidence overturned a prior position.
Why this practice exists.
Most security data programs trust their vendors, their schemas, and their own past assumptions. The data platform should have to earn that trust empirically, source by source, claim by claim, query by query, and keep earning it, not just at procurement time. That is the whole reason this is a single-practitioner fair-broker practice rather than a reseller or a staff-aug shop: no reseller margins, no vendor-paid placements, open methodology, and an annual external review. The disclosures below are the structural commitments that keep those words honest. The longer argument is on the thesis page.
Fair broker is not a tagline; it is the constraint the practice is built around. A senior practitioner billed by the hour to extend a vendor's services arm cannot give a vendor-neutral recommendation, because the incentive is to keep the engagement running. Fixed-price, scoped, and evidence-gated is the alternative I run on instead.
Practitioner depth.
Twenty-five years across military service, intelligence-community analytics, and security data engineering. The most recent work is an embedded resident-engineer assignment with a Tier-1 financial-services security-data team, via Corelight: production reference-architecture work for a regulated environment, not a slide deck about one.
- Corelight. Professional Services Engineer, building international customer reference architectures. This is where the Data Health Check and Data Health Enablement methodologies that gate the engagements were shipped.
- Southern Company. Senior Security Architect and Security Data Scientist on a regulated OT estate.
- Accenture. SIEM migrations in regulated environments.
The pattern across all three is the same: large, regulated, multi-source security data, where the cost of a wrong architecture decision compounds quietly for years before anyone names it.
Contributor to OCSF (the open schema standard) and ITU-T Study Group 17 (the international standardization work building on it), both of which show up directly in the recommendations this practice makes. The research surface keeps documented contradictions where a prior position was overturned on contact with new data; that update history is public on the research page rather than quietly revised.
U.S. Marine Corps veteran. Atlanta Metro.
Wrote Modular Open Architecture (MOAr) for Cybersecurity Data, manuscript complete, in production, Amazon KDP.
Disclosures
What this practice commits to.
- No reseller margins. The practice does not earn commission on any product recommended.
- No vendor-paid placements. The matrix does not include sponsored or promoted candidates.
- Open methodology. Benchmark methodology, hardware spec, query suite, and result are public on the lab. The reference implementation is shared under NDA with engagement prospects and qualifying reviewers; comparison sets that include commercial software whose licensing terms restrict third-party publication of comparative results stay gated rather than worked around.
- Annual external review by a named practitioner. One outside practitioner with relevant standing audits the published benchmark results each year under NDA. Their signoff is published on the lab page. The first review is scheduled for Q4 2026; the reviewer is named here on completion, with any flagged issues. Until then this is a forward commitment, not a claim of a signoff that already exists.
Contact
- Email jeremy@securitydataworks.com
- LinkedIn linkedin.com/in/jeremyawiley ↗
- GitHub github.com/flying-coyote ↗