Contents
Get a Personalized Demo
See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster.
It keeps happening.
Someone implements Torq. They see what it does to their SOC. They start evangelizing it internally. And when their own career path eventually points somewhere new, they reach out.
This is the second time we’ve written this blog, and this time, four more former customers came to us: Austin Dix, Nate Thompson, Casey Howard, and Jeremy Herzog.
Different companies, different industries, and different team sizes. But the same arc: they hit a wall with their existing tools, found Torq, saw what was possible, and eventually decided they wanted to be part of building it.
Meet the Team That Left Manual Security Behind
Casey Howard, Sales Engineer
Casey has spent his career in security operations, automation, and AI-assisted workflows, building programs focused on what actually moves the needle: speed, clarity, and measurable outcomes. His take: most SOC teams aren’t short on talent or tools — they’re short on connected systems and time. After his team cut MTTR by 90% with Torq in the first month, he came here to make that the norm, not the exception.
Jeremy Herzog, Manager, Solutions Engineering Lab
Jeremy spent eight years at an MSSP, joining as an individual contributor engineer and rising to Director of Engineering — scaling their small enterprise segment from zero to 120 customers and leading implementation, detection engineering, and Tier 2/3 operations. After his team finally got automation off the ground with Torq (and solved problems that had been stuck for six years), he came here to build the environments that help the sales engineering team win deals.
Nate Thompson, Sales Engineer
Nate is a cybersecurity leader with 18+ years of experience transforming security operations at Dana Incorporated, a global Fortune 500 automotive supplier. A founding member of the cybersecurity program, Nate was one of the driving forces behind modernizing the company’s security stack — replacing legacy platforms, building automation and analytics capabilities, and championing the adoption of AI across security operations. As a Sales Engineer for Strategic Accounts at Torq, Nate helps security teams solve the same problems he spent his career living.
Austin Dix, Customer Success Engineer
Austin spent years running a lean SOC in the defense industrial space, where data misclassification carries real legal consequences. His team manually pulled CSVs and uploaded data classification reports to a DLP platform until he found Torq during a second evaluation round and saw what automation could actually do. As a Customer Success Engineer at Torq, Austin now helps lean teams skip the years he spent reinventing the wheel.
How It Started
Every story starts the same way: a security team doing its best with tools that weren’t built for what they actually needed.
Austin was running a five-person SOC in the defense industrial space. His SIEM vendor’s SOAR offering was poorly implemented, and his ticketing platform required an act of Congress to make any changes. The team was manually running data classification reports, pulling CSVs, cross-referencing project lists, and uploading them to a DLP platform. In an industry where misclassified data isn’t just a mistake — it’s a liability — that kind of manual work was untenable.
Nate’s team at an automotive manufacturer was automating with homegrown Python and PowerShell scripts. “While they worked, it was very limited,” he said. “We would have to maintain all of that ourselves.” The team was a skeleton crew — Nate, one or two others, and an engineer who knew Python. That was it.
Casey was managing an MSSP and a legacy case management ticketing module at a financial services company. Three integrations the team wanted, three additional line items. Edge-case integrations? Not possible at all. The team needed bi-directional sync between source systems and case management. Their tooling couldn’t deliver it.
Jeremy was Director of Engineering at an MSSP. His SOC team had tried and failed to implement a SOAR that got rebranded and folded into a larger platform before it even started. “They had it for a year and never really got it off the ground.” The result: an MSSP with limited automation or response capabilities — a distinct disadvantage for winning new business and retaining existing clients.
The Breaking Point
Austin’s breaking point wasn’t technical. It was a vendor who refused to give him a demo. His team had run a formal bake-off, picked a winner, completed a POC, and gotten approval. Then Austin tried to bring in his infrastructure team to buy additional licenses. The vendor said, “No demo until you sign a purchase order.” Austin said, “All right, I’m going to go find somebody else that will.”
Nate’s company got XSOAR added on for free during a renewal cycle, which killed the evaluation they were already running. It helped at first, but they hit a wall fast. “All we really did was give our scripts a pretty interface. We could draw boxes, but if we wanted to do something that wasn’t a box, we had to engage professional services. That took weeks and months.” With a two-person team and a growing backlog, everything froze.
Casey evaluated every major SOAR and automation on the market. Two were eliminated solely due to licensing models — user-based pricing with an MSSP was prohibitive. Another charge per execution run. It came down to Torq and one other vendor.
Jeremy’s SOC team couldn’t get their SOAR working, so leadership handed the project to his engineering group. He evaluated three options. Torq floated to the top.
The Switch to Torq
Austin got introduced to Torq on his second evaluation round, and it was “night and day.” The team automated data classification for their DLP platform and used Torq as a consolidation layer for alerts from across endpoint tools, the SIEM, and identity systems. “This was before case management, so we basically used Torq to recreate case management. It brought everything together for us.”
Nate will never forget opening the Torq interface for the first time. “It was very intuitive. It just clicked.” He converted most of his legacy workflows during the POC alone. “I fell in love with the platform.” When the competing vendor came in for the bake-off, the contrast was immediate: “I sat there and was like, I don’t know which box I’m supposed to drag over. And when you finally drag one over, there are like 12 configuration steps inside.” If he couldn’t figure it out — and this was 80% of his job — his SOC analysts never would.
“I’ll never forget getting into the Torq interface for the first time. It was very intuitive. It just clicked.”
– Nate
Casey’s team chose Torq because it was a security-focused platform built for security operations teams. The feature that delivered the most impact was the AI-generated case summary — pulling everything into one view so analysts could quickly triage and decide: true positive, escalate, or close.
“AI was an afterthought back then, but once we saw the AI capabilities in Torq, it became where most of our value actually came from.”
– Casey
Jeremy made a bet with his VP of Operations: “I’m putting my credibility on the line — if you buy this product, we will have this implemented in under 30 days.” They signed. They were operational in two weeks. “After that, I just started using Torq to solve all of the problems I’d had for years. Problems I’d been dealing with for six years — Torq let me build workflows to solve in a matter of weeks.”
Favorite Torq Features
Ask any of them what stood out, and it comes back to speed, simplicity, and the ability to make non-engineers productive.
At Austin’s organization, the Torq platform was so accessible that interns were able to build. “We even had interns building automations in the platform, because the no-code interface was that simple.” Nate could go from a use case — a sentence or two — to a production-ready workflow in less than 24 hours. Other teams saw what the SOC was doing and wanted in. He extended Torq into GRC, built just-in-time USB access workflows, and started automating firewall changes for IT operations.
Casey loved the universal connectivity — API calls, webhooks, SSH, AWS, email ingestion. “Being able to connect with everything in any way we wanted to was amazing.”
After a month on Torq, the team reduced MTTR by about 90%.
Jeremy knocked out years-old problems with project management style and democratized access so more engineers could build. “It just took off from there.” By the time he left, Torq was ingrained in all four of the MSSP’s managed services.
“I democratized it, got more engineers building in the Torq platform. It just took off from there. We saved everybody time. We made everybody’s lives easier.”
– Jeremy
The Move to Torq
Austin had already left his SOC role and joined a different organization when the Torq team called. He’d told them years earlier: if you ever need anybody, let me know. They took him up on it.
Nate became a Torq evangelist before he became an employee — talking up the platform at events and demoing to other teams. “I wanted it to be for a product I was truly invested in. There are only a handful of those in my career.”
Casey saw the business outcomes from Torq and felt like everyone deserved access. “Being a security analyst and having to do alert triage — it’s mind-numbing. If I can help anyone else not have to do that low-value work, that’s what I wanted to do.”
Jeremy’s motivation started with the people. “This team is hands down the best customer relations team I’ve ever worked with in my career.” But it was also the product. “It was my first foray into automation, and it’s kind of become my native language.”
What They Didn’t Know as Customers
Every one of them says the same thing from the inside: the platform is even further along than they knew as customers.
Nate expected deterministic automation. What he found was that AI capabilities had leaped forward. “To have that as a native part of the platform — I was surprised with how quickly the R&D and product team were able to move forward.”
Casey didn’t have AI Agents as a customer and was trying to build his own agent workflows through an LLM API. “It was janky, it was so hard to work with. I’ve built so many agents now that I wanted to build when I was a customer, because it’s so easy to do it now.”
Jeremy says case management was the revelation — far more robust than he expected. And Austin wishes he’d leaned on the Torq community more. “We did a lot of reinventing the wheel that I wish we hadn’t.”
“Torq is going to make a night and day difference for any security operations team within weeks, if not days.”
– Austin
As for what’s next, they all land on the same two things: Auto Triage and the Agentic Builder.
Austin: “If I was back buying Torq again and Auto Triage was a thing, I would buy it 100 times over.” Nate sees the Agentic Builder collapsing time-to-value: “What I could do in 24 hours, you could almost do in a single meeting.” Casey sees Torq pulling away from the pack: “There are a bunch of AI SOCs now, but they only do alert triage. We can do the full incident lifecycle.” And Jeremy sees the Agentic Builder as the convergence of everything he loves: “The fact that we’re extending that into building workflows is amazing.”
We’re moving fast, and the team is growing. If you want in — we’re hiring.
