// detection engineering & AI security tooling

Ship detections like software.

Fixed-scope, project-based engagements with concrete deliverables. No slide decks. Working code you own.

brian@echotrail: ~
$ whoami
Brian Concannon — 15+ yrs building detection systems
@ FBI · CrowdStrike · Expel.

BACKGROUND

// FBI Cyber// CrowdStrike// Expel// Raytheon

~/ services

rules

Detection Rule Library

30–50 rules grounded in real-world experience, with MITRE ATT&CK mapping and tuning guidance.

from $8Kci/cd

Detection-as-Code Pipeline

Version control, automated validation on every PR, and deployment to your SIEM/EDR via API.

from $15Kai

AI-Powered SOC Tooling

Triage assistants, RAG knowledge bases, and enrichment pipelines. Prototype first, then production.

from $5K

~/ products

rag · ai

Rocky Raccoon

An AI security assistant I built end-to-end: RAG pipeline, vector search, chat interface, REST API, and MCP server. Used by detection engineers and threat hunters for process triage, detection writing, and threat hunting.

rockyraccoon.io →

~/ git log --author=brian

7f3a9c2Founder@EchoTrail Solutions· 2025 – Present

Building Rocky Raccoon, an AI security assistant for detection engineers and threat hunters. Offering detection engineering consulting with fixed-scope, project-based engagements.

b41e8d0Founder@EchoTrail· 2018 – 2025

Built and grew EchoTrail Insights into a widely-used Windows process behavior database for detection engineers worldwide.

c9a07f5Manager, Detection Tools Engineering@Expel· 2019 – 2020

Led the team building detection infrastructure for a 24/7 SOC, transforming raw telemetry from diverse security tools into actionable, high-fidelity detections. Joined during Series C, contributed through Series D.

2d6b1aaSenior Manager, Analytics Insight Team@CrowdStrike· 2013 – 2016

Joined as employee ~70 before the Falcon platform launched. Built CrowdStrike's first behavioral detection engine. Co-founded and led what became the Overwatch threat hunting team. Built streaming analytics processing millions of events per second.

f0e4c33Special Agent@FBI· 2005 – 2013

Investigated nation-state cyber intrusions. Selected for the FBI Cyber Action Team (CAT) responding to the most complex cyber incidents in the country. Built automated analysis tools for large-scale network forensics.

a1c5e90Senior Software Engineer II@Raytheon· 1999 – 2005

Led real-time embedded software development in C++ for Navy satellite communications. Designed encryption subsystems for classified SATCOM.

linkedin →

Let's talk about your detection program.

Book a 30-minute intro call to walk through your environment and where you need coverage, or send a message. Fixed scope, fixed price, working code you own.

brian@echotrail:~$ ./book-intro-call