Cody Cornell, Chief Strategy Officer & Co-Founder of Swimlane – Interview Series

Cody Cornell, Co-Founder and Chief Strategy Officer of Swimlane, leads the company’s strategic direction and oversees the development of its security automation and orchestration solutions. He is dedicated to fostering an open exchange of expertise and best practices, collaborating closely with industry-leading technology vendors and partners. Through these partnerships, Cody identifies opportunities to streamline and automate security operations, accelerating cyber response and advancing security automation initiatives.

Swimlane, founded by a security practitioner familiar with the challenges faced by Security Operations (SecOps) teams, provides a comprehensive security automation platform designed to integrate and enhance SecOps workflows. The company has grown to become one of the largest and fastest-growing providers of security automation solutions globally.

As a co-founder of Swimlane, what was the initial vision that led you to create the company, and how has that vision evolved with the rise of AI and automation in cybersecurity?

When we set out to build Swimlane, our focus wasn’t on market size or sales. Instead, we zeroed in on solving the real challenges security teams were facing and helping the organizations we worked with. Our goal was to create a platform built by practitioners, for practitioners—something that security teams would truly value and enjoy using.

We’ve succeeded by offering flexibility rather than prescribing rigid automation frameworks. This approach enables our customers to tackle their unique challenges with creativity, and they continually surprise us with the innovative ways they use the platform. As the demand for automation—and now AI—soars, Swimlane stands apart with a solution that goes beyond anything else in the market, enabling organizations to automate every aspect of their security operations. Today, we’re proud to be the largest and fastest-growing security automation company in the world.

Swimlane Turbine is known for combining automation, generative AI, and low-code capabilities. For those unfamiliar, can you explain how these three components work together to enhance security operations?

Automation, generative AI, and low-code truly are the triple threat that organizations need to solve the most challenging problems across their entire security organization. This transformative combination allows security teams to quickly build automation with limitless integration possibilities, driving significant time and resource savings. By combining these capabilities, Swimlane establishes itself at the heart of security operations (SecOps), offering the industry’s most comprehensive set of tools to analyze and act on telemetry across the entire security ecosystem.

Low-code automation is a key feature of Swimlane Turbine. How does Turbine Canvas enable organizations to quickly build and deploy security automation workflows, even for teams that may not have extensive coding experience?

Turbine Canvas is a low-code playbook-building studio that unleashes the true potential of low code, transforming it from a buzzword into a powerful tool that democratizes automation for all users. By using modular, reusable programming components, Turbine Canvas empowers users to create playbooks through an intuitive, user-friendly visual interface.

Turbine Canvas features no-code native actions and AI-playbook building tools that enable SecOps teams to design automation workflows as easily as drawing a flowchart. It allows security teams to gain instant, comprehensive visibility into playbook connections, make centralized edits, and use multiple triggers per playbook for unmatched control and flexibility. This approach redefines automation, prioritizing clarity and collaboration over cryptic, machine-driven logic.

One of Swimlane Turbine’s biggest innovations is Hero AI, which includes case summarization and recommended actions. How do these AI-driven tools assist security teams in making faster and more informed decisions?

Hero AI, Swimlane’s suite of AI-powered innovations, amplifies the capabilities of the Swimlane Turbine platform, combining human and machine intelligence to streamline SecOps workflows and maximize ROI. With a private large language model (LLM), Hero AI protects customer data while delivering AI-augmented automation. The Crafted Prompts feature gives users the ability to leverage their alert, case, intelligence or automation pipelines in their prompts to the Swimlane LLM. This ensures that they are using all context at their disposal to get the best AI responses, but doing so in a secure and private way.

Key tools within Hero AI further elevate security operations. Context-Aware Recommended Actions draw on industry frameworks such as NIST and MITRE, as well as the organization’s own Knowledge Center documentation, to deliver tailored recommendations that enhance decision-making. AI Case Summarization simplifies the complexity of incidents, helping analysts prioritize and address critical issues faster. Additionally, AI Reporting enables users to generate stakeholder-ready after-action reports with a single click, in any language, and automatically share them. This functionality ensures seamless communication with stakeholders, fostering collaboration and improving decision-making processes across diverse teams.

The platform also features the Active Sensing Fabric for processing vast amounts of security data. Can you discuss how this capability enhances traditional SOC functions and improves the overall efficiency of security operations?

The Active Sensing Fabric enables security automation solutions to go beyond legacy SOAR platform telemetry sources, ingesting larger and more diverse and hard-to-reach data sets while taking immediate action at the source—eliminating the need for extensive coding to connect technology silos. This capability allows for faster identification, tracking, and response to threats.

Swimlane Turbine’s Active Sensing Fabric is designed to drive the evolution of security operations. It ingests data at cloud scale from a range of distributed big data sources, essential for today’s complex infrastructure that includes webhooks, poll requests, pub/sub, file creation, SMS, email, and IoT data streams.

By enabling automation platforms to draw data directly from these sources, the Active Sensing Fabric moves action closer to the source to minimize dwell time. It continuously listens across the security ecosystem, taking immediate action directly at the source.

With Swimlane being trusted by 40 Fortune 500 companies and several U.S. federal agencies, what strategies have been most effective in building and maintaining such high levels of trust with your clients?

AI automation is emerging as the cornerstone of modern security operations, and Swimlane stands at the forefront of this transformation. By tackling both the immediate demands of real-time threat response and the strategic imperative for measurable business outcomes, Swimlane is leading SecOps innovation. Leveraging AI automation, advanced analytics, best-in-class case management and a dynamic marketplace, Swimlane sets new benchmarks for efficiency and scalability in security operations. These advancements empower organizations to fortify their defenses, reduce operational strain, and build a resilient security posture in an increasingly complex threat landscape.

Swimlane Turbine delivers a reported 240% return on investment for enterprises. Could you share specific features or case studies that illustrate how this ROI is achieved in practice?

Swimlane Turbine’s ability to deliver a 240% return on investment (ROI) in the first year is grounded in its transformative impact on enterprise operations. According to a TAG Cyber report, this ROI is achieved through several key benefits:

  • Personnel Time Savings: By streamlining workflows and automating repetitive tasks, Turbine significantly reduces the manual effort required from security teams, allowing analysts to focus on strategic and high-value activities.
  • Faster Incident Response: Turbine accelerates response times, helping prevent potential breaches and minimizing the operational costs associated with incident recovery.
  • Lower ITSM Costs: Swimlane’s integrations reduce the reliance on disjointed and overlapping tools, resulting in cost savings for IT service management systems.
  • Cloud-Native Efficiency: Turbine’s cloud-native architecture reduces infrastructure costs, providing scalability without the need for extensive on-premises resources.

The ROI is further amplified by our AI capabilities. A follow-up study from TAG Cyber estimated that AI enhancements could increase ROI by an additional 20%. For example, AI-powered automation in a typical 20-person SOC, where the average employee salary is $250,000, can boost productivity by 20%, potentially saving $1 million annually in personnel costs alone.

As automation becomes more prevalent, there are concerns about the potential displacement of security professionals. How does Swimlane address these concerns, and in what ways does your platform empower security teams rather than replace them?

Despite rapid advancements in artificial intelligence and automation within cybersecurity, preserving a human element in operations remains essential. Human intuition and expertise are invaluable in interpreting and addressing the subtleties of cyber threats that AI might miss. SOC analysts bring contextual understanding, ethical judgment, and creative problem-solving—capabilities that AI has yet to fully replicate.

At the same time, AI and automation won’t displace security professionals but will instead displace low-level tasks. By automating routine processes and using AI for grunt work, humans can focus on strategic decision-making, which ultimately empowers SOC teams and improves the day-to-day life for all roles within the SOC.

Swimlane seamlessly integrates AI with your team of human analysts. Hero AI is a revolutionary suite of AI-powered innovations that combines human expertise with machine intelligence, streamlining SecOps workflows and maximizing return on investment.

In your view, how will AI continue to shape the future of security operations, and what role do you see Swimlane playing in that future?

AI’s impact on cybersecurity and beyond is undeniably transformative. In a digital era marked by the increasing volume, velocity, and sophistication of cyber threats, AI is not just a luxury but a necessity. By automating routine tasks and enhancing threat detection, AI empowers human experts to focus on more complex, strategic challenges, ultimately strengthening our defenses. The majority of organizations (89%) report that the use of generative AI (GenAI) and large language models (LLMs) has already improved productivity and efficiency for their cybersecurity teams. As a result, a third (33%) of organizations plan to allocate more than 30% of their 2025 cybersecurity budgets to AI-powered or AI-enhanced solutions. Organizations that embrace AI are positioning themselves as leaders in innovation, turning vulnerabilities into opportunities to build more resilient security postures. As both organizations and societies face these evolving threats, responsible and strategic AI adoption will be crucial—not only for enhancing cybersecurity but also for safeguarding democratic processes and public trust.

At Swimlane, we’re committed to seamlessly integrating AI across our platform to make it more accessible and effective. With the pressures of breaches, regulatory fines, understaffed teams, and mounting board expectations, security operations centers (SOCs) need a force multiplier—security automation and AI—now more than ever. Swimlane is here to provide that solution, empowering teams to respond faster and more effectively to the evolving threat landscape.

Thank you for the great interview, readers who wish to lear more should visit Swimlane.