Detection Engineering & AI Security Tooling
Fixed-scope, project-based engagements with concrete deliverables. Production detection rules, CI/CD pipelines, and AI-powered SOC tools, built by Brian Concannon with 15+ years spanning the FBI, CrowdStrike, Expel, and two companies he founded.
No slide decks. Working code you own.
Services
Detection Rule Library
Production-ready detections written for your platform
A library of 30–50 detection rules grounded in real-world experience, with MITRE ATT&CK mapping, tuning guidance, and false positive documentation.
Learn more →Detection-as-Code Pipeline
CI/CD for your detection rules
Rules in version control, automated validation on every PR, and deployment to your SIEM/EDR via API. Ship detections like software.
Learn more →AI-Powered SOC Tooling
Custom AI tools for your security team
Alert triage assistants, RAG-powered analyst knowledge bases, and automated enrichment pipelines. Two-phase approach: prototype first, then production build.
Learn more →Need something different? I also take on custom projects in AWS infrastructure, full-stack development, and technical leadership for security startups. Let's talk.
Products
Rocky Raccoon
An AI security assistant I built end-to-end: RAG pipeline, vector search, chat interface, REST API, and MCP server. Used by detection engineers and threat hunters for process triage, detection writing, and threat hunting.
rockyraccoon.io →About
EchoTrail Solutions is led by Brian Concannon, who has spent 15+ years building detection systems, leading security teams, and shipping production tooling across the FBI, CrowdStrike, Expel, and two companies he founded.
Founder at EchoTrail Solutions
2025 – PresentBuilding Rocky Raccoon, an AI security assistant for detection engineers and threat hunters. Offering detection engineering consulting with fixed-scope, project-based engagements.
Founder at EchoTrail
2018 – 2025Built and grew EchoTrail Insights into a widely-used Windows process behavior database for detection engineers worldwide.
Manager, Detection Tools Engineering at Expel
2019 – 2020Led the team building detection infrastructure for a 24/7 SOC, transforming raw telemetry from diverse security tools into actionable, high-fidelity detections. Joined during Series C, contributed through Series D.
Senior Manager, Analytics Insight Team at CrowdStrike
2013 – 2016Joined as employee ~70 before the Falcon platform launched. Built CrowdStrike's first behavioral detection engine. Co-founded and led what became the Overwatch threat hunting team. Built streaming analytics processing millions of events per second.
Special Agent at FBI
2005 – 2013Investigated nation-state cyber intrusions. Selected for the FBI Cyber Action Team (CAT) responding to the most complex cyber incidents in the country. Built automated analysis tools for large-scale network forensics.
Senior Software Engineer II at Raytheon
1999 – 2005Led real-time embedded software development in C++ for Navy satellite communications. Designed encryption subsystems for classified SATCOM.