Lumos is the autonomous identity platform helping IT and security teams ensure the right employees have the right access to the right apps and data at the right time. With around 120 employees and growing, Lumos manages identity governance, access provisioning, and vendor management for customers who've enhanced their security posture while driving productivity gains across their business.

For years, Ethan Houston has led Lumos's security organization, responsible for product security, cloud security, detection and response, and compliance. When the security team grew, they faced a crucial decision about how to build their security program.

"We're a full-stack, generalist security team," Ethan explains. "We don't have the luxury to specialize."

With competing priorities that shift quarter by quarter, Lumos needed a security approach that could scale without requiring dedicated specialists for every function.

The traditional SIEM trap

Traditional SIEM solutions presented an impossible choice: spend valuable engineering time building custom integrations and data pipelines, or accept expensive out-of-the-box solutions that still required extensive configuration.

"We want to be building tools for customers rather than building yet another source integration," Ethan notes.

The team needed something different: a platform that would let them focus on security outcomes rather than data engineering.

When Lumos discovered RunReveal, the value proposition was immediate. The platform's ability to ingest data in any format without extensive preprocessing meant the security team could focus on detection and response rather than data transformation.

"Setup was incredibly quick," Ethan recalls. "Within a day or two, we had logs flowing from all of our key services and were building detections."

Building the AI-powered security workflow

Lumos's approach centers on using AI to support their growing team. When RunReveal detections fire into a dedicated Slack channel, the team has built an AI-powered workflow that handles the heavy lifting.

“We have a dedicated Slack channel for RunReveal alerts, integrated with Claude that understands our detection logic and the events we're monitoring," Ethan explains.

When an alert fires, the AI immediately pulls the relevant logs, analyzes the activity, and provides context about whether it's concerning.

This approach fundamentally changes the economics of detection engineering. Rather than optimizing for zero false positives—which often means missing real threats—Lumos can run broader detections and let AI handle the triage.

This speed matters because it changes what's possible for small teams. "This didn't just make us faster—it made things possible that we simply wouldn't have done otherwise."

Cost optimization through intelligent filtering

RunReveal's Pipelines feature also delivered immediate financial benefits for Ethan's team. The ability to filter and drop unnecessary logs before ingestion has saved Lumos's security team thousands of dollars annually.

The team can now make intelligent decisions about which logs provide security value and which just create noise and cost.

RunReveal has also proven valuable for unexpected use cases. During recent external penetration testing RunReveal made it easy to map dozens of IP address back to their underlying compute. "AWS doesn't make it easy to map IP addresses to compute resources, but RunReveal lets you query VPC logs and instantly find the information you need," Ethan notes.

Shaping the future of security teams

Perhaps most significantly, RunReveal is influencing how Lumos thinks about building their security team long-term.

"AI-powered tools like RunReveal are fundamentally changing how we think about growing our security team. The growth of this team is going to look very different than if we were in this same situation 5 years ago," Ethan reflects.

The team's philosophy centers on hiring security software engineers who can leverage AI-powered tools rather than traditional specialists. By combining RunReveal's platform with AI-powered analysis, Lumos can maintain comprehensive security coverage across product security, cloud security, and detection and response.

Building security of the future with RunReveal

As Lumos continues to mature their security program, RunReveal provides the foundation for expansion. The team is refining their on-call process, adding new critical log sources, and separating product security alerts from corporate systems monitoring.

For security leaders at growing companies, Lumos demonstrates how the right platform choice enables fundamentally different approaches to security. Instead of choosing between comprehensive coverage and manageable costs, AI-native tools like RunReveal make it possible to achieve both.