The world of cybersecurity is racing to keep up with the daily emerging threats in our digital landscape. As organisations face AI powered attacks and zero day exploits, new approaches to threat detection and intelligence have never been more important.
Emmanuel Joshua is at the forefront of this space as a Software Development Engineer specialising in cybersecurity automation, threat intelligence and detection engineering. With experience building scalable security solutions, Emmanuel focuses on automating security operations and AI driven intelligence to reduce threat research time and improve detection coverage.
His journey into cybersecurity began during his research work at the National Science Foundation where the challenge of securing programmable platforms for robots piqued his interest in the field. Since then, Emmanuel has dedicated himself to understanding evolving attack methodologies and improving security strategies, building and optimising threat detection systems that can respond to threats in real time.
Beyond his technical contributions, Emmanuel is passionate about mentoring and knowledge sharing in the cybersecurity community. He advocates for a future where security is built into systems from the ground up and where global collaboration breaks down the silos that currently fragment threat intelligence.
We spoke with Emmanuel about the evolution of threat detection systems, the impact of AI on cybersecurity operations and his vision on how organisations can protect themselves in an increasingly complex threat landscape. From reducing threat analysis time from 8 hours to 1 hour with AI integration to implementing behavioural analytics that generate high fidelity alerts, Emmanuel shares his practical experience at the intersection of software engineering and cybersecurity.
Your career has focused extensively on cybersecurity automation and threat intelligence. What initially drew you to this specialized field, and how has your approach evolved over time?
My interest in cybersecurity didn’t take shape until mid-college. I was initially drawn to building web applications and later pursued robotics research at the National Science Foundation (NSF). What introduced me to cybersecurity was the challenge of securing these systems. My core work centered on ensuring the integrity and confidentiality of data flow in wireless networks, implementing encryption algorithms and authentication mechanisms to prevent unauthorized access.
That realization led me to this industry, blending my technical skills with my intense curiosity for problem-solving. My approach has evolved from reactive security to developing AI-driven systems that automate threat identification, enhance anomaly recognition, and significantly shorten response times.
You’ve developed expertise in threat detection systems. Could you explain to our readers how modern threat detection differs from traditional security approaches, and why this evolution matters?
Traditional security relied heavily on signature-based detection – identifying known threats based on specific patterns. While effective against recognized threats, this falls short against sophisticated attacks and advanced persistent threats.
Modern threat detection has transformed this paradigm by incorporating behavioral analysis, machine learning, and real-time monitoring. Instead of looking for known signatures, today’s systems establish baselines of normal behavior and flag anomalies. This shift from “known bad” to “unknown suspicious” enables us to detect zero-day exploits that traditional methods would miss.
This evolution matters because the threat landscape has become increasingly complex. One of the craziest challenges my team worked on was optimizing our threat detection platform. In early development, it took security engineers more than 24 hours to deploy a single detection. We aimed to get it down to 5 minutes through optimization and LLM integration. We transformed everything from query performance to caching strategies, making real-time validation almost instant. Now security engineers can deploy detections in minutes with no bottlenecks.
AI is transforming cybersecurity. From your perspective, what are the most promising applications of AI in security operations, and what limitations or concerns should organizations be mindful of?
I’m currently working on an AI-driven threat intelligence system that uses LLM to automate and enhance threat research and detection development. As security engineers spend roughly 8 hours analyzing a threat manually, this solution uses AI to do the heavy lifting, allowing this process to be done in just 1 hour.
On the defensive side, AI assists by automating threat identification, enhancing anomaly recognition, and shortening response times. It enables security teams to process large amounts of data and identify patterns people may overlook.
However, we must acknowledge how it affects the attacker’s side. Attackers now use machine learning to create AI-generated phishing emails that appear more authentic than ever before, automate hacking tools, and employ deepfake technology for impersonation schemes. AI enables attacks to occur faster, more frequently, and with fewer traces, so cybersecurity is constantly playing catch-up.
Organizations should be mindful that AI systems are only as good as their training data. If an attacker corrupts your training data, they can influence your AI’s decisions. You must implement stringent validation controls and anomaly detection techniques.
Your background includes research experience with the National Science Foundation. How did this academic foundation shape your understanding of cybersecurity challenges in real-world environments?
At NSF, I developed a programmable platform to control robots (mobile agents) like the Magni robots. This platform was massive and had a big goal of scalability around multiple industries. What introduced me to cybersecurity was the challenge of securing these systems.
This academic foundation taught me to think methodically about security problems. I learned that no matter how advanced or innovative a system is, if it’s not secure, it’s vulnerable. This realization fundamentally shaped my approach to real-world security challenges, emphasizing the importance of building security into systems from the ground up rather than adding it later.
The research environment also fostered a deeper understanding of the theoretical foundations of security, which has proven invaluable when adapting to new threats in real-world environments.
Threat intelligence is a critical component of modern security strategies. What makes for effective threat intelligence, and how can organizations better leverage this intelligence to strengthen their security posture?
Effective threat intelligence needs to be timely, relevant, actionable, and contextualized. Organizations should focus on continuous monitoring and real-world threat intelligence. As cyber threats evolve regularly, if you’re using outdated detection rules, you’re already behind.
Your security systems should collect live attack data, adapt to new methods, and improve defenses in response to real-world situations. Too often, organizations collect vast amounts of threat data but lack the processes to convert it into meaningful action.
To better leverage threat intelligence, organizations need scalable and adaptive detection. Traditional security measures are too slow to keep up with contemporary threats. Attackers develop rapidly, so detection systems must be real-time, AI-powered, constantly learning from new attack patterns. For example, when we replaced a batch-processing detection system with a real-time pipeline based on AWS Lambda and Kinesis, instead of spending hours detecting dangers, we caught them in minutes.
Many organizations struggle with security automation. What common pitfalls do you see in automation initiatives, and what advice would you give to security teams looking to enhance their automation capabilities?
The biggest pitfall is that if your security team manually handles each alarm, you’re already losing. It’s essential to create systems that detect and respond to threats, such as blocking malicious IP addresses, isolating compromised accounts, and automatically initiating forensic investigations.
Organizations often implement automation without proper planning or understanding of their security processes. They automate broken workflows, creating faster but still ineffective processes. Security automation should not be a band-aid solution but a strategic approach to improve overall security posture.
My advice is to focus on automated response and threat enrichment. For example, we implemented automatic threat enrichment in our detection pipeline to focus on only high-fidelity findings. Rather than spending time researching alerts, analysts now receive pre-tagged, pre-analyzed events, reducing response time by 60%.
Also, use behavioral analytics to generate high-fidelity alerts. In the threat detection space, false positives have been a significant issue; you don’t want your security team swamped with meaningless notifications. Instead of flagging every failed login, look for patterns over time, device fingerprinting, login velocity, and behavioral anomalies.
Looking at the current threat landscape, which emerging attack methodologies concern you most, and how should security professionals prepare for them?
Today, several attack methodologies stand out because they’re developing quickly and causing significant damage:
- AI-powered phishing – Attackers now use machine learning algorithms to create emails that nearly identically mirror genuine employees, executives, or vendors. These emails appear and sound human, making them very believable.
- Deep fake social engineering – Imagine receiving a video call from your CEO instructing you to transfer money, except it’s not them. Attackers utilize deep fake audio to persuade staff to accept multimillion-dollar transactions.
- AI-Powered Credential Attacks – Attackers employ AI to automate credential stuffing, testing stolen username-password combinations across various websites. Traditional countermeasures like rate restriction are ineffective since AI-powered bots can mimic human behavior.
- Zero-Day Exploits with AI – Attackers now utilize AI to find software flaws faster than security researchers can patch them, leading to more zero-day attacks.
Security professionals should prioritize security during development. Unfortunately, security is usually an afterthought in many organizations, which is a terrible practice. Security engineers and developers should be embedded in the design and integrated with CI/CD pipelines, and automated vulnerability scans should be enforced as security best practices before releasing code to production.
You’ve mentioned system observability as an area of focus in your work. Could you explain what this means in a security context and why it’s important for effective monitoring and response?
In cybersecurity, observability goes beyond basic monitoring to provide deep visibility into system behaviors and potential security issues. It combines logs, metrics, and traces to create a comprehensive view of what’s happening across your environment.
Observability is crucial because it enables security teams to detect sophisticated threats that might otherwise go unnoticed. By correlating data from multiple sources, we can identify subtle patterns that indicate a potential compromise.
For instance, in an AI-powered credential-stuffing attack I encountered, everything appeared to be typical traffic initially. There were no spikes or apparent brute-force attempts. However, after analyzing the records, we observed strange login sequences, such as the same user checking in from numerous places in ways that didn’t make sense. That’s when we realized something was wrong.
Effective observability requires not just collecting data but making it actionable through automation and analysis tools that help security teams quickly understand and respond to threats.
Security talent development is clearly important to you. What skills do you believe tomorrow’s cybersecurity professionals should be developing, and how can organizations better nurture security talent?
Cybersecurity talent development is essential, especially as threats become more sophisticated. I’m passionate about mentoring and sharing knowledge with others, which stems from my belief that “the more you know, the more you get; to know you don’t know enough and there’s still a lot to learn.”
Tomorrow’s cybersecurity professionals should focus on developing a blend of technical skills and leadership principles. Three character traits I find most instrumental are ownership, curiosity, and the ability to invent and simplify.
Ownership means taking full responsibility for the systems we build to ensure they are functional, scalable, and effective. When I worked on the threat report catalog, I went beyond the initial scope to improve query performance, constantly asking how we can work backward from the security engineer to build tools that provide long-term value.
Learning and curiosity are critical as security is constantly evolving. Security professionals should never be done learning and should consistently seek to improve themselves. My curiosity has led me to integrate innovations like LLM-based code review to improve code detection template quality, reducing review time for the team.
Organizations can nurture security talent by embracing these principles and creating environments that encourage continuous learning, ownership, and innovation.
You’ve worked on integrating AI into security workflows. Could you share a specific example of how AI has transformed a security process, and what the tangible benefits were?
I’m currently working on an AI-driven threat intelligence system that uses LLM to automate and enhance threat research and detection development. This system transforms the way security teams detect and understand cyber threats.
Currently, when a new cyber threat emerges, security teams spend hours manually digging through data, logs, or telemetry, analyzing these threats, and trying to identify patterns to create detections. This manual process is slow, taking security engineers roughly 8 hours on average to analyze a threat.
Our AI solution does the heavy lifting, reducing this analysis time to just 1 hour. This allows security teams to react faster and stop attacks before they cause severe damage, while significantly improving the efficiency of the detection development process.
The tangible benefits are substantial. By accelerating threat detection, we see fewer data breaches, less downtime for businesses, and better protection of personal and financial information. This solution can also help defend critical infrastructure like hospitals, power grids, and government systems from cyber threats.
Although still in early phases, this AI integration is fundamentally altering how cybersecurity teams protect against attackers who are themselves increasingly using AI.
Many of our readers are interested in personal development in the tech field. What resources, communities, or learning approaches have been most valuable in your own professional journey?
My personal development journey began with pure curiosity and hands-on experimentation. Growing up in Nigeria, I didn’t have easy access to computers. As I mentioned, “At an early age, looking back, you had to be from a wealthy home to have access to a computer, let alone owning one.” This scarcity created a natural craving and fascination.
From an early age, I experimented with computers whenever I could – “I used to open CPU boxes to optimize RAM, play games, and do whatever I could.” This hands-on approach, trying to figure things out without formal training, built a foundation of practical knowledge that continues to serve me today.
The most valuable learning approach in my journey has been project-based learning. When I landed at NSF for research, I developed a programmable platform to control robots, which unexpectedly led me to cybersecurity through the challenge of securing these systems.
For those looking to develop in the tech field, I recommend embracing ownership of projects, maintaining endless curiosity, and focusing on practical application. As I’ve experienced, the most effective learning often happens when tackling real challenges rather than following predetermined paths.
If you could share one piece of wisdom about cybersecurity with every organization, regardless of size or industry, what would it be?
If I could inspire a movement in cybersecurity, it would center around leveraging AI to revolutionize security while pushing for global collaboration. The key notion is that innovation alone is not enough.
Looking at companies in this space, you can easily spot silos where critical threat knowledge is locked away instead of being shared. My wisdom would be that the future of cybersecurity is not just in AI but in collaboration – an open shared security network where companies and individuals share insights to strengthen our collective defenses.
To put this into practice, I would recommend five key principles:
- Implement scalable and adaptive detection systems that learn in real-time from new attack patterns.
- Automate your response processes to detect and respond to threats immediately.
- Use behavioral analytics to generate high-fidelity alerts and reduce false positives.
- Prioritize security during development rather than treating it as an afterthought.
- Maintain continuous monitoring and leverage real-world threat intelligence.
Remember, security is an ongoing process, not a one-time setup. By combining these principles with a collaborative mindset, organizations of any size can significantly strengthen their security posture against increasingly sophisticated threats.
