Case study

Cisco saves 3 months of developer time within 30-days of implementing Tines


  • 3 months of work-time saved
  • 10-30x faster than generic tools
  • 100% employee retention YoY

I'm no longer fragile to change. Instead of spending a years' worth of resources transitioning between tools, it's accomplished in days or weeks at most.

About Cisco 

Cisco is a multinational communications and technology conglomerate ranking number 74 on the Fortune 100 with more than 80,000 employees worldwide. The company's product portfolio spans hardware, software, IoT solutions, networking, data management and security, and beyond, making it one of the world's largest digital communications and technology companies.

Executive summary 

In early 2023, the Cisco team kicked off the search for a security automation platform. Prior to this, they had been reliant on custom Python scripts to connect their tech stack and build basic automations. This approach was unreliable, difficult to maintain, and required extensive engineering time to deploy and maintain automations.

Switching to Tines, the Cisco team has saved valuable time, orchestrated team-wide automation efforts, published 17 Tines use cases to date, and saved a full three months of developer work time. Robert Kerby, Head of Security Business Group Operations at Cisco, shares how he brought stability to his organization and positioned them for success by implementing Tines.

The challenges 

The Cisco team faced an all-too-common problem: automation that was tethered to custom code. With 90% of their automation in Python, maintenance had become a nightmare and Cisco's security operations team struggled with poor observability, maintenance, documentation, and more. Over time, the Cisco team realized that their homegrown SOAR solution was full of surprises, breaking unexpectedly and not returning full sets of test results.

"The custom development that had been done was turned over probably five or six times, either from people leaving the company or for people taking on new roles," explains Robert. "Maintenance became a nightmare and every time something broke was like a reverse engineering process, but we didn't know how it was supposed to work."

With Robert’s pulse on emerging technology, he know there were platforms available to support the team in addressing their key challenges: 

  • Work overload across the team

  • Fragmented security tech stack with inconsistent tooling 

  • High barrier to entry due to an overreliance on Python scripts

  • Fragility to change which slowed the time to value

Why Tines? 

Robert and his team set about evaluating a range of SOAR platforms, including Cisco's own automation offering. The evaluation process included the team narrowing down to a few use cases, then building them during a proof of concept, and establishing an evaluation rubric for performance. At the end of the process, the team was confident Tines was more agile and scalable.

Because Tines is built specifically for security use cases, the Cisco team was able to find a much shorter time to value.  

"I looked at other SOAR products, but I also looked at general automation products. If you want to deliver impact and value fast, something that's tailored to your use case is going to have a much shorter path to value than something that's generic," adds Robert. "I asked the owners of each tool to build a use case and measure how long it took to get a case built with feature parity. We saw that the generic tools took 10 to 30 times longer on average than building the same solutions with Tines. And that's because it's built for the security use case."

3 monthsof work-time saved
10-30x fasterto implement than generic tools
100% retentionon the security team

After implementing Tines, Robert and team found the speed, scalability, and observability they needed. Within just one month, the team published three complete stories using Tines and has since come to save one quarter per year of a full-time security engineer's time through security automation alerting. As a result, they’re able to reallocate that focus to higher priority tasks. 

  • 17 use cases

  • 3 use cases within the first month

  • 0 silent failures since implementing Tines

With Tines, Cisco recognized improvements across the board compared to their previous homegrown solution. Enhanced observability and more seamless maintenance reduced silent failures from one per quarter to zero, and the amount of busy work the team manages has been significantly decreased. Prior to Tines, SOC2 and ISO audit processes required participation from three full time employees and that number has been reduced to one post-Tines implementation. 

Change management 

Lastly, Cisco has found a new level of flexibility in terms of navigating change management. Using their homegrown solution, the team faced prolonged transition periods transitioning vulnerability tools. As the business acquires new tools and adds to its product portfolio, the security team now has a manageable solution for completing updates and changes. Before Tines, transition periods could take as long as a year, but working with Tines on the most recent transition, the team completed the work in one week.

Strategic impact 

Beyond the direct impact switching to Tines brought to Robert and his team, there’s been a tangible strategic impact. Cisco, as a whole, is charged with leveraging automation to reduce costs. “We have, conservatively, 45 products (3rd party and proprietary) across security. The process of retrofitting them with AI is absolutely miserable, not to mention expensive. Tines is a massive part of how to clearly and cost effectively do this.” 

What’s next?  

Tines now offers tremendous potential to scale key security functions. Delivering key functions, including vulnerability management, threat detection, risk management, and application security, as products to engineering with Tines will help scale and reduce time to value. 

"We’re especially eager to apply the Tines Toolkit to deliver our workflows as products to the rest of the organization. With the toolkit, we are able to deliver workflows as APIs called right from a CI/CD commit process," adds Robert.

"Giving security information back to developers is immensely helpful because not everyone thinks about security the way we do. I want to engrain security steps in the dev process to make everything more seamless across the board." 

Robert Kerby, Head of Security Business Group Operations

Additionally, Robert and team are looking for ways to automate use cases outside of security, such as site reliability, business operations, and more to continue getting value from the Tines platform.


Identifying Opportunities for Career Development 

One of the most interesting benefits the Robert and team have discovered with Tines is the opportunity for professional development. As the team continues to implement Tines, analysts across the cybersecurity team have developed an interest in learning to code. Because Tines allows non-cosers to learn app building mechanics without writing code, it’s the perfect introduction. Robert and team have found that analysts who start out working with Tines develop a strong understanding of how to build before learning to code, which makes transitioning into engineering faster and more seamless. 

I’ve called Tines the springboard for learning how to be a developer. Non-technical team members can learn the mechanics of how apps function code-free, which ultimately makes them much easier to build. This opens up new career paths and opportunities here and helps us retain our talent.”

Robert Kerby, Head of Security Business Group Operations

More case studies

Built by you, powered by Tines

Talk to one of our experts to learn the unique ways your business can leverage Tines.