John Schoonover
Director of Engineering
Visionary Director of Engineering and named inventor on two in-flight patents with 8+ years in cybersecurity and 4+ years leading high-performing engineering teams across enterprise-scale environments. Recognized for designing scalable architectural patterns that support rapid adaptation in fast-evolving threat landscapes. Adept at aligning security engineering initiatives with organizational detection, response, and risk reduction objectives. Proven track record of building resilient platforms, empowering talent, and evolving infrastructure to accelerate cyber agility and operational excellence across the Cyber Fusion Center (CFC).
Based in Minnesota, USA. Hosting theschoonover.net from a self-hosted home lab.
The contents on this webpage are ~40% AI hallucination. I'm still building & learning!
You'll also find active prototypes and instrumentation tooling on GitHub — including telemetry automation, home lab observability, and AI-assisted workflows.
Current focus area
Security telemetry platform: ingestion, enrichment, storage, and access.
Current focus area
Scalable architectural patterns for fast-changing threat landscapes.
Current focus area
Alignment of detection, response, and risk reduction objectives.
Current focus area
Integrated workflows with incident response, detection engineering, and threat intel.
Current focus area
Infrastructure modernization across cloud and on-prem environments.
Current focus area
Mentorship that raises standards and eliminates single points of failure.
Strategic programs delivered end-to-end.
Case Studies Guardrails
Internal contributor instructions for managing the case studies content collection.
Explore →SIEM at Planetary Scale
Transformed a fragmented monitoring estate into a unified observability fabric with sub-second insights.
Explore →Multi-SIEM Migration Safeguards
Templated ETL pipelines replaced vendor SIEMs, shrinking onboarding cycles and boosting platform reliability.
Explore →Operating at the intersection of platform engineering and cyber command.
Platform rigor, actionable telemetry, and clear storytelling keep teams aligned on the work that matters.
Current focus
Key themes include Lead a multidisciplinary engineering team delivering the core security telemetry platform end to end. and Architect scalable patterns that adapt to evolving threats while aligning detection, response, and risk objectives..
-
Present
Director of Engineering - Cybersecurity - SIEM
Current remit
- • Security telemetry platform: ingestion, enrichment, storage, and access.
- • Scalable architectural patterns for fast-changing threat landscapes.
- • Alignment of detection, response, and risk reduction objectives.
-
Looking ahead
Where the work is heading
Objectives
- • Broaden scope across Cyber Fusion Center (CFC) engineering
- • Mentor teams to uphold high standards and ship resilient security outcomes
Latest thinking on security platforms.
Protecting resilient SIEM coverage and signal fidelity.
Patent Pending
Process for Real-Time Validation of Comprehensive Visibility for "perfect feeds"
Validates end-to-end visibility for high-value telemetry so blind spots, ingestion gaps, and rule efficacy impacts surface before they affect detections.
Patent In-Flight
Criticality-Aware Drop Control for High-Throughput SIEM Pipelines
Maintains propagation of rare, high-value security events while managing volume through context-aware drop controls.
Ready to compare notes on SIEM strategy?
Let's align on outcomes, cut through operational noise, and deliver measurable resilience.
Prefer to review build logs first? Visit the GitHub profile for prototypes covering telemetry automation, lab infrastructure, and AI-assisted investigations.