A new era of AI-powered security operations: How Thoughtworks empowered their security team to manage risk and focus on innovation

Securing the digital landscape

With over 10,000 employees across 18 countries, Thoughtworks had ambitious goals that required a security solution to match their scale. As a leader in global technology consulting, the company recognized a strategic opportunity to pioneer security excellence within their industry. While their existing log aggregation platform provided a foundational layer of security signals, their forward-thinking leadership saw the need to evolve their defenses. They needed to move to a more automated process—a security system powered by AI to handle the sophistication of modern cyber risks. This initiative was a deliberate step to elevate their threat detection and response capabilities, positioning Thoughtworks as an innovator and a model for future-proof security.

Business challenge

The company’s existing solution was a repurposed log aggregation tool without a dedicated Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platform. This became a critical point of focus for the security team.

“Thoughtworks started this project as a strategic uplift to enhance our security coverage, especially our threat detection and response capabilities,” says Nitin Raina, CISO at Thoughtworks. “Our existing solution was a centralized platform that helped us gather security signals from raw logs and contain and remediate threats. While we had an existing centralized tool, it couldn’t handle automated remediation.”

Impacting security alerts and event management

Moving to a platform with more real-time threat detection and rapid response was a strategic step to stay ahead of the evolving cyber threat landscape. The team sought to enhance the correlation of security alerts and streamline event management for greater efficiency. 

“While building custom scripts was an option, it would have required extensive development work and still would not have provided the functionality of a dedicated SIEM/SOAR platform.” says Raina. 

To address these challenges, Thoughtworks set out to build a next-generation security program.

Solution

Thoughtworks collaborated with SADA, An Insight company, and multiple-time Google Cloud Partner of the Year, to implement and deploy Google SecOps, a solution that offers a dedicated, AI-driven SIEM/SOAR platform. The implementation was a coordinated effort between Thoughtworks, SADA, and Google Cloud, with SADA acting as the key architect and designer of the solution.

“We needed a solution provider with a deep understanding of Google SecOps architecture so that when the Thoughtworks security engineering team deployed a solution or implemented a design, the team could ask SADA to verify it and consult with Google,” says Nazneen Rupawalla, Head of Security Architecture and Threat Assessment, InfoSec, at Thoughtworks. “Whenever we needed someone to take a deep look at our technical questions, SADA was able to step in with their SecOps expertise.”

Implementing role-based access control

SADA’s consultative guidance was critical in helping ensure a smooth and customized deployment. For example, SADA helped implement role-based access control (RBAC) at Thoughtworks’ request. 

“We advocated for the implementation of RBAC, a feature that was still new in Google SecOps at the time,” says Rupawalla. “With support from the SADA team, Thoughtworks was able to successfully implement the feature to align with its high standard for authorization management and the principle of least-privileged access.”

Empowering the security team with real-time threat detection rules

SADA also helped with the implementation of YARA-L rules for the company’s Endpoint Detection and Response (EDR) platform, which lets the security team manage and enhance their own real-time threat detection rules.

A critical component of SADA’s engagement with Thoughtworks involved the implementation of custom SecOps playbooks. These playbooks help refine Thoughtworks’ automated SOAR tactics, allowing for more efficient and precise handling of security incidents. By standardizing response protocols and automating key actions, SADA improved Thoughtworks’ ability to detect, analyze, and mitigate threats, strengthening their overall security posture and operational resilience.

Additionally, SADA ensured a smooth onboarding process by conducting day-to-day and weekly status calls and thoroughly documenting the Google SecOps solution for Thoughtworks. To ensure the Thoughtworks main security team had coverage in the APAC region, SADA assigned security engineers from India to the project.

Impact

As a result of working with SADA on the implementation of Google SecOps, Thoughtworks has enhanced their security posture. Now, the security team can detect, analyze, and respond to threats more effectively. 

“With the level of confidence that we now have within our own team, we can manage security threat detection and response more quickly and decisively,” says Rupawalla. “The Google SecOps system is helping us do it. Baked-in AI automation gives us an even higher level of comfort in managing our cyber program. Threat intelligence also helps us to see what type of attacks confront our organization. We’re already benefiting from the proactive nature of Google SecOps.”

Using a unified security data model for coordinated incident response

The new platform also lets the company ingest critical security logs for real-time monitoring and convert raw logs into a unified security data model. Additionally, the new solution has helped Thoughtworks use this centralized model for real-time threat detection and coordinated incident response.

“The new platform has enabled the InfoSec team to proactively showcase its value to the Thoughtworks’ cyber steering group by demonstrating proactiveness in detecting threats and bringing them to closure, rather than waiting for an incident to occur,” says Rupawalla. “The value of the new platform has been recognized across multiple teams, which has led to an improvement in overall identity and SaaS monitoring.”

Driving threat intelligence capabilities

By implementing the Google SecOps centralized, AI-driven security solution with threat intelligence capabilities, SADA has given the Thoughtworks security team access to high-fidelity alerts and the ability to accelerate investigations. The platform is helping to reduce manual work and automate end-to-end workflows, freeing up analysts to focus on more critical tasks rather than closing trouble tickets. This has created an increased level of confidence within the team to manage their detection and response program effectively.

“The new solution is proving useful to increase our overall effectiveness through automated remediation and reduce the time our security analysts spend on routine alerts,” says Rupawalla. “With more visibility, we can take a more proactive approach to security.”

Analyzing malware with agentic AI

Moving forward, Thoughtworks plans to expand their use of the AI solutions within Google SecOps—specifically, agentic AI for malware analysis and analyst triage. This will help the company improve overall efficiency and continue to advance their security. 

“Further collaboration with SADA on future security transformation programs will be a crucial aspect for our success as Thoughtworks continues to innovate,” says Raina.