Ken Tidwell has been involved with software startups for 40 years. He has been everything from a lowly intern to president. Most notably, Ken was the chief architect at ArcSight when the concept of a SIEM was first developed and contributed many of the ideas still found in SIEMs two decades later. He also led the ArcSight content team and was head of the correlation team, where he built the rule engine, report generation engine, and dashboards. The ArcSight correlation team built the first high-speed, high-throughput, time sequence-oriented rules engine. The team also built innovative engines for report generation – dealing with the automatic creation of long term aggregates to assist with periodic reporting – and a dashboard engine. The team also developed the first pattern discovery engine for security event streams.
Most recently, Ken co-founded FactorChain to build tools to assist in incident response and investigation. FactorChain was acquired by Sumo Logic, where Ken assisted in developing security analytics for their SIEM offering.
Other roles have included being head of user interface for one of the first commercial object-oriented AI development environments, and building the first instance of a Java-based micro-service architecture.