Cybersecurity Leader · Practitioner · Speaker
```
Ren Fellows.

Building security operations that survive what's coming — and teaching others how to do the same.

10+ Years Enterprise Security Leadership Global SOC Architecture & Transformation Creator, The Meridian Framework Conference Speaker & Practitioner
```
Scroll
Now
March 2026
01

Leading security operations at Fortune 50 scale. Day-to-day responsibility for an enterprise cyber defense function — detection and response, threat intelligence, engineering, and operational resilience across a globally distributed team.

02

Helping teams operationalize for what's coming. The shift from queue-based alert processing to a decision engine built for AI-accelerated adversaries isn't theoretical — it's a structural problem that needs an engineering answer. Working with teams on detection ownership, AI integration that's actually governed, and risk models that account for consequence velocity.

03

Writing and speaking on the human system inside security operations. The technical architecture gets the investment. The people running it — and burning out under it — rarely do. That gap is where the most preventable failures live.

About

Practitioner first.
Everything else second.

```

I'm a cybersecurity executive with 10+ years building and transforming global cyber defense operations at Fortune 50 scale. I currently lead an enterprise-wide cyber defense function spanning multiple disciplines and continents — responsible for detection and response, threat intelligence, engineering, and organizational resilience at one of the most targeted environments in financial services.

In the Field

During one of the most significant zero-day events in recent memory, I was months into a new role when my entire leadership chain went offline simultaneously. No CISO. No SecOps manager. No AppSec lead. The vulnerability scanning tool couldn't detect the affected systems for over a week. With two engineers and a project manager, I ran the full response — coordinating from CEO and board level down to the analyst floor, manually tracking remediation through a spreadsheet as guidance kept changing. Five days without leaving the building. That experience is why I build teams that don't need a perfect situation to perform — and why I believe the human system has to be engineered as carefully as the technical one.

I've led the structural redesign of security operations from the inside: insourcing the SOC from an MSSP, eliminating the wall between detection engineering and operations, migrating enterprise SIEM and EDR stacks with zero operational disruption, and embedding AI with explainability and governance as non-negotiable requirements. Earlier in my career I built a global SOC from the ground up — architecting the technology stack, standing up follow-the-sun operations, and leading the team through multiple material incidents as Incident Commander.

"The hardest part is not the technology.
It is the ownership model."

How I Lead
People Are the Architecture Technical resilience is built on human resilience. Psychological safety, burnout prevention, and trauma-informed leadership aren't soft skills — they are operational requirements.
Crisis Demands Culture Fluency Leading globally distributed teams through incidents means navigating different communication styles, decision-making norms, and crisis responses. Cultural intelligence determines whether your team moves as one when it matters most.
Ownership Over Blame Blameless post-mortems, clear role assignment during incidents, and a leadership posture focused on learning produce teams that run toward a crisis instead of away from accountability.
Clarity as an Act of Care In high-stress environments, ambiguity is harm. Structured briefings, defined decision trees, and consistent communication frameworks reduce cognitive load and protect the people doing the hardest work.
Ren Fellows
Vancouver, BC
10+Years Security Leadership
80%MTTR Reduction · Production
SOCBuilt Greenfield to Enterprise
Fortune 50Financial Services · Global Scale
Currently

Senior Director, Cyber Defense & Global Security Operations · Fortune 50 Financial Services

See Talks Connect
```
Speaking

On Stage &
On Record

```
Past Engagements
2025
ChiBrrCon · Chicago, IL
Not Just IR — Calm in Chaos: Leading Through Crises in Security Organizations

A practitioner talk on the psychological, physiological, and cultural dimensions of leading security teams through crisis — from the cognitive impacts of incidents to the long-term resilience structures that prevent burnout.

2024
WiSys Panel · Google HQ, Chicago, IL
Building a Career in Cybersecurity

In-person panel at Google's Chicago headquarters on career pathways into security, building and leading security teams, and how the discipline is evolving for the next generation.

2023
WiSys Panel · Virtual
Zero Days: Real-World Response in the Age of Log4Shell

A virtual panel on zero-day response — drawing from firsthand experience leading enterprise response to Log4Shell, and what the industry learned about the gap between detection tooling timelines and adversary exploitation pace.

I speak at security conferences, executive briefings, and industry events. Every talk is built from operational experience — not slides borrowed from someone else's framework.

Inquire About a Talk
Available Talks
Signature Keynote 35–45 min
Compress Uncertainty: How to Build a SOC That Survives AI-Accelerated Adversaries

The queue-based SOC is structurally dead. A clear mental model for the replacement — and three concrete actions to take immediately. Built for CISO, CIO, and senior practitioner audiences.

Leadership Talk 35–45 min
Not Just IR — Calm in Chaos: Leading Security Teams Through Crisis

What actually happens to your team's brains, bodies, and relationships during a major incident — and what leaders can do before, during, and after to maintain performance without burning people out.

Emerging Threat 20–25 min
The Half-Life of Confidentiality: Time-to-Weaponization in an AI-Accelerated World

The question is no longer "was there a breach?" It's "what is the time-to-weaponization of the data involved?" This talk introduces consequence velocity as an operational risk construct.

```
A Framework I Built

The Meridian
Framework

After years of building and transforming security operations at enterprise scale, I distilled what actually works into a complete operating model. Meridian is the first framework built specifically to replace the queue-based SOC with a structured decision engine — engineered for AI-accelerated threat environments.

It addresses detection, AI integration, risk modeling, performance measurement, and transformation methodology as an integrated system — because fixing one without fixing the others produces well-engineered answers to the wrong questions.

```
Five Integrated Layers
01 Governing Principle The operational filter every decision answers to
02 Operational Architecture How the decision engine is built
03 Risk Model A time-sensitive construct that replaces severity scoring
04 Performance Model What good actually looks like — and how to measure it
05 Transformation Methodology A phased, production-tested path to get there
```

Let's
Connect.

Speaking engagements, advisory conversations, or just an exchange with someone who's been in the trenches — LinkedIn is the best place to start.

```
Ren Fellows linkedin.com/in/renfellows
LocationChicago, IL · Boston, MA · Seattle, WA
ResponseWithin 48 business hours
Available forSpeaking · Advisory conversations · Peer exchange
```