Security operations
Cory Bowline

Deep Dive With Security Operations: Michael Haag

Red Canary brings great talent to our Security Operations team to continually investigate threats, improve our detection coverage, and drive the development of our Analysis Platform.

If you’ve met anyone on our operations team, you know we don’t hire the typical run-of-the-mill security analysts. To bring you the best Managed Detection & Response, we hire the best. Without further ado: meet Michael Haag, Director of Advanced Threat Detection & Research on the Red Canary Detection Operations team.

Michael joined Red Canary from Danaher Corporation, a Fortune 150 global organization with dozens of operating companies spread around the world. His role was unique in that he architected the security program for Danaher in addition to handling day-to-day threat investigations and hunting activities. Michael brings extensive experience with Carbon Black Response that included a Cb Response + Splunk detection and investigation process. As one of the most advanced Response users, Michael has spoken at numerous conferences and user exchanges sharing the power of endpoint visibility, detection, and response.

“Michael is at the top of the list when it comes to endpoint detection and response experts. He brings a really rare combination of strategic vision and technical expertise and understands all of the security problems inherent with a global organization. Every one of our customers would want Michael on their team – we’re excited to bring his skills to every one of them.”

– Keith McCammon, Red Canary Chief Security Officer

Before Danaher, Michael worked at SAIC/Leidos as a Cyber APT Hunter in their MSSP division. During his time there, he supported over 50 DoD and commercial customers and defined advanced detection capabilities in multiple SIEM products to ensure detection coverage across the full spectrum of threats.

“What I love about Red Canary is that is it not just another monitoring company or MSSP,” Michael said. “From the founders to the accounting team, everyone cares passionately about making customers’ security better. Combine that with the most comprehensive and scalable tech I’ve seen for detection, triage, and response (and I’ve seen most of the other options out there) and we have a platform I’m excited to work with every day. Nothing beats being able to help companies detect these attacks that they’d be blind to otherwise


The simple math behind an effective incident response program


5 ways to fulfill the promise of secure DevOps


Testing and validation in the modern security operations center


Enabling the modern security operations center

Subscribe to our blog