Ron Graf

Senior Staff Data Scientist & Engineering Manager

AI for Cybersecurity

Location Pittsburgh, PA
Email ronaldjgrafjr@gmail.com
LinkedIn linkedin.com/in/ron-graf

Summary

Senior staff data scientist and people manager with a decade of experience applying AI and machine learning across the cybersecurity and threat intelligence domain. Currently leading a team at Google's Threat Intelligence Group (GTIG) building agentic systems that scale analyst output across the global intelligence workforce. Holds an active US security clearance.

Highlights

Production Agentic Systems · Google
Built agentic tooling now in daily use by hundreds of threat analysts across Google's global intelligence workforce.
Engineering Leadership · AI-Native
Led the team that built the agentic stack behind GTIG's shift to an AI-native approach to threat intelligence.
Speaking · 2021–2025
Guest lecturer for CMU 84-663 (Cyber Conflict), 2025. Presented "What Does an LLM-Powered Threat Intelligence Program Look Like?" at Black Hat USA and SECTOR Toronto, 2023 (Dark Reading). Co-presented at the CMU IDeaS Conference, 2021.
Applied AI · Since 2017
Shipping production ML and NLP systems for security and intelligence since well before the LLM era, from document-triage tooling to deepfake detection models.

Experience

Jan 2023 – Present
Pittsburgh, PA

Senior Staff Data Scientist, Manager

Google Threat Intelligence Group

  • Lead a team of engineers and data scientists building agentic systems that augment Google's global cyber threat intelligence workforce, now in production use by hundreds of analysts across espionage, financial crime, and influence operation tracking.
  • Drive innovation across the threat intelligence lifecycle, enabling delivery of a high-volume, subscription-based intelligence product.
  • Set the technical strategy for AI integration into Google's intelligence production, balancing analyst trust, hallucination risk, and human-in-the-loop design.
  • Manage hiring, performance, growth, and technical direction for the team.
Jul 2019 – Jan 2023
Pittsburgh, PA

Data Scientist

Mandiant (acquired by Google, 2022)

  • Applied machine learning and statistical methods to support analysts investigating state-sponsored information operations and coordinated inauthentic behavior across major social media platforms.
  • Trained and deployed a deep learning computer vision model to discriminate authentic from AI-generated profile photos, operationalizing detection of an emergent threat actor TTP at platform scale.
  • Designed Python and SQL pipelines for cross-platform threat actor tracking, abuse signal development, and intelligence enrichment in support of analyst workflows.
  • Promoted into people management following Mandiant's acquisition by Google Cloud.
Aug 2017 – Jul 2019
Herndon, VA

Data Scientist

IBM

  • Technical lead for a team of 6 on-site consultants embedded with a US Intelligence Community client; managed the full lifecycle of data science deliverables from requirements through deployment.
  • Built NLP-based internal tools that allowed analysts to triage massive document corpora for mission-relevant content, a direct precursor to the LLM-powered analyst workflows that came to dominate the field.
Aug 2015 – Aug 2017
McLean, VA

Data Scientist

Booz Allen Hamilton

  • Supported initial development of a U.S. government cyber security analytics program, integrating vulnerability scans, system authorization records, log files, and network device configurations into a unified analytics platform.
  • Applied graph analytics to network device configurations to identify critical nodes within router and switch infrastructure, providing novel risk evaluation capabilities to the client.
  • Provided analytical support to DARPA's Strategic Technology Office, gaining early exposure to the AI research frontier as applied to the national security domain.

Education

Dec 2022
M.S. Cyber Security Engineering George Mason University Capstone: Graph Embeddings for Augmenting Domain Attribution
Fairfax, VA
Dec 2016
M.S. Data Analytics Engineering George Mason University Capstone: Anomaly Detection to Defeat Insider Threats in Vulnerable Enterprises
Fairfax, VA
May 2014
B.A. Mathematics  ·  B.A. Economics Washington & Jefferson College (double major)
Washington, PA

Skills

AI / ML
Deep learning (TensorFlow / Keras), harness engineering, agentic system design, retrieval-augmented generation (RAG), context engineering, classical ML, graph-based ML, model evaluation.
Cybersecurity
Cyber threat intelligence, threats to and from AI, coordinated inauthentic behavior, dark web & underground ecosystem monitoring, malware reverse engineering, network analytics.
Languages & Tools
Python, SQL, Linux, GCP, AWS.
Leadership
Engineering management, hiring, technical strategy, cross-functional partnership, public speaking, executive communication.