2025-10-25 –, Talk 1
Context switching during incident response is a silent productivity killer that costs security engineers hours of valuable time and significant cognitive load. This talk shares a real-world case study of how we transformed our on-call experience at Databricks by implementing Model Context Protocol (MCP) servers to enable AI-assisted incident triage and investigation.
Attendees will learn how traditional incident response workflows—involving dozens of browser tabs, multiple tools, and constant context rebuilding—can be revolutionized through natural language interfaces. We'll demonstrate how MCP servers provide a standardized way for AI assistants to interact with infrastructure tools like PagerDuty and Databricks, reducing incident investigation time from 15+ minutes to under 2 minutes.
Through real-world examples, we'll show how this approach eliminated overhead during on-call rotations, enabled cross-cloud investigation capabilities without manual intervention, and allowed engineers to focus on actual problem-solving rather than tool navigation. The talk includes practical implementation details and lessons learned from production deployments across 55+ multi-cloud Databricks workspaces.
This talk is designed for security professionals who handle incident response or participate in on-call rotations, including SOC analysts, security engineers, detection engineers, and incident responders. It's particularly relevant for those looking to reduce the cognitive burden and operational friction of interrupt-driven investigations. Technical leaders considering AI-assisted tooling for their teams will also find valuable insights. While the examples use Databricks and PagerDuty, the concepts apply broadly to any security operations environment dealing with multi-tool workflows and context switching challenges. Participants will leave this presentation with concrete ideas for applying these concepts in their own environments.
Will is the tech lead for detection and response at Databricks. His expertise lies at the intersection of threat detection and software engineering, specializing in detection engineering, attack simulation, and the practical applications of threat intelligence. Previously, Will drove detection and intelligence initiatives at Stripe, Datadog, and SecureWorks, where he played key technical leadership roles in shaping security strategies and mentoring teams. He has authored four patents in the cybersecurity space, and his research has been published in well-known academic journals, including IEEE Security & Privacy.