Client story A new era of AI-powered security operations: How Thoughtworks empowered their security team to manage risk and focus on innovation
At a glance
Thoughtworks modernized their security platform, achieving enhanced real-time threat detection and automated response at a global scale with Google SecOps and Insight’s expertise.
Industry: Cloud Natives
Enhanced
Security visibility across a global, 10,000-plus employee organization
Decreased
Response time to security events
Shifted
Focus to proactive threat management
Securing the digital landscape
With over 10,000 employees across 18 countries, Thoughtworks had ambitious goals that required a security solution to match their scale. As a leader in global technology consulting, the company recognized a strategic opportunity to pioneer security excellence within their industry. While their existing log aggregation platform provided a foundational layer of security signals, their forward-thinking leadership saw the need to evolve their defenses. They needed to move to a more automated process—a security system powered by AI to handle the sophistication of modern cyber risks. This initiative was a deliberate step to elevate their threat detection and response capabilities, positioning Thoughtworks as an innovator and a model for future-proof security.
Business challenge
The company’s existing solution was a repurposed log aggregation tool without a dedicated Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platform. This became a critical point of focus for the security team.
“Thoughtworks started this project as a strategic uplift to enhance our security coverage, especially our threat detection and response capabilities,” says Nitin Raina, CISO at Thoughtworks. “Our existing solution was a centralized platform that helped us gather security signals from raw logs and contain and remediate threats. While we had an existing centralized tool, it couldn’t handle automated remediation.”
Impacting security alerts and event management
Moving to a platform with more real-time threat detection and rapid response was a strategic step to stay ahead of the evolving cyber threat landscape. The team sought to enhance the correlation of security alerts and streamline event management for greater efficiency.
“While building custom scripts was an option, it would have required extensive development work and still would not have provided the functionality of a dedicated SIEM/SOAR platform.” says Raina.
To address these challenges, Thoughtworks set out to build a next-generation security program.
Solution
Thoughtworks collaborated with Insight, An Insight company, and multiple-time Google Cloud Partner of the Year, to implement and deploy Google SecOps, a solution that offers a dedicated, AI-driven SIEM/SOAR platform. The implementation was a coordinated effort between Thoughtworks, Insight, and Google Cloud, with Insight acting as the key architect and designer of the solution.
“We needed a solution provider with a deep understanding of Google SecOps architecture so that when the Thoughtworks security engineering team deployed a solution or implemented a design, the team could ask Insight to verify it and consult with Google,” says Nazneen Rupawalla, Head of Security Architecture and Threat Assessment, InfoSec, at Thoughtworks. “Whenever we needed someone to take a deep look at our technical questions, Insight was able to step in with their SecOps expertise.”
Implementing role-based access control
Insight’s consultative guidance was critical in helping ensure a smooth and customized deployment. For example, Insight helped implement role-based access control (RBAC) at Thoughtworks’ request.
“We advocated for the implementation of RBAC, a feature that was still new in Google SecOps at the time,” says Rupawalla. “With support from the Insight team, Thoughtworks was able to successfully implement the feature to align with its high standard for authorization management and the principle of least-privileged access.”
Empowering the security team with real-time threat detection rules
Insight also helped with the implementation of YARA-L rules for the company’s Endpoint Detection and Response (EDR) platform, which lets the security team manage and enhance their own real-time threat detection rules.
A critical component of Insight’s engagement with Thoughtworks involved the implementation of custom SecOps playbooks. These playbooks help refine Thoughtworks’ automated SOAR tactics, allowing for more efficient and precise handling of security incidents. By standardizing response protocols and automating key actions, Insight improved Thoughtworks’ ability to detect, analyze, and mitigate threats, strengthening their overall security posture and operational resilience.
Additionally, Insight ensured a smooth onboarding process by conducting day-to-day and weekly status calls and thoroughly documenting the Google SecOps solution for Thoughtworks. To ensure the Thoughtworks main security team had coverage in the APAC region, Insight assigned security engineers from India to the project.
Impact
As a result of working with Insight on the implementation of Google SecOps, Thoughtworks has enhanced their security posture. Now, the security team can detect, analyze, and respond to threats more effectively.
“With the level of confidence that we now have within our own team, we can manage security threat detection and response more quickly and decisively,” says Rupawalla. “The Google SecOps system is helping us do it. Baked-in AI automation gives us an even higher level of comfort in managing our cyber program. Threat intelligence also helps us to see what type of attacks confront our organization. We’re already benefiting from the proactive nature of Google SecOps.”
Using a unified security data model for coordinated incident response
The new platform also lets the company ingest critical security logs for real-time monitoring and convert raw logs into a unified security data model. Additionally, the new solution has helped Thoughtworks use this centralized model for real-time threat detection and coordinated incident response.
“The new platform has enabled the InfoSec team to proactively showcase its value to the Thoughtworks’ cyber steering group by demonstrating proactiveness in detecting threats and bringing them to closure, rather than waiting for an incident to occur,” says Rupawalla. “The value of the new platform has been recognized across multiple teams, which has led to an improvement in overall identity and SaaS monitoring.”
Driving threat intelligence capabilities
By implementing the Google SecOps centralized, AI-driven security solution with threat intelligence capabilities, Insight has given the Thoughtworks security team access to high-fidelity alerts and the ability to accelerate investigations. The platform is helping to reduce manual work and automate end-to-end workflows, freeing up analysts to focus on more critical tasks rather than closing trouble tickets. This has created an increased level of confidence within the team to manage their detection and response program effectively.
“The new solution is proving useful to increase our overall effectiveness through automated remediation and reduce the time our security analysts spend on routine alerts,” says Rupawalla. “With more visibility, we can take a more proactive approach to security.”
Analyzing malware with agentic AI
Moving forward, Thoughtworks plans to expand their use of the AI solutions within Google SecOps—specifically, agentic AI for malware analysis and analyst triage. This will help the company improve overall efficiency and continue to advance their security.
“Further collaboration with Insight on future security transformation programs will be a crucial aspect for our success as Thoughtworks continues to innovate,” says Raina.
Related client stories
By Insight Editor / 2 Oct 2025 / Topics: Artificial Intelligence (AI) Cloud cost optimization Generative AI Cloud
