Gartner Expert

Eric Ahlm

Sr Director Analyst

In 2020, Mr. Ahlm joined the GTP (Gartner for tech professionals) team. In this role, Mr. Ahlm focuses primarily on security operations and specializes in talking with SOC managers and architects.

Within security operations, Mr. Ahlm frequently takes calls on topics such as SIEM, SOAR, Incident response, SOC best practices, and Insider threat.

Outside of these mainstream technologies, Mr. Ahlm also follows tech trends that have an impact within security operations such as Machine Learning concepts for threat detection, application of General Data Science to security operations, AI and automation as a practice and how to think about the SOC of the future.

As part of the research process, Mr. Ahlm regularly talks with technologies and service providers in this space to understand the latest innovations from incumbent providers as well as emerging offerings from start up providers.

Often customers come to Mr. Ahlm with problems in their broader threat detection and response practice such as alert fatigue, detection challenges, poor SOC metrics, how to start a new initiative (such as a SOC, security monitoring, or IR practice), extend SOC functions to new environments, or general questions about monitoring architecture.

Previous experience

Prior to his role in GTP, Eric worked as a research director for Gartner on their TS&P team for 8 years. There Mr. Ahlm researched a broad range of security technologies such as SIEM, UEBA, SOAR, Firewalls, and deception. In that role, Mr. Ahlm primarily advised vendors about market trends.

Professional background

Cisco Systems

Security Specialist


Director of Emerging Technologies


Security Partner Channel Manager

Areas of coverage

Security Operations for Technical Professionals


Bachelor of Science, Electrical Engineering Technologies (BSEET), 1998

Read More Read Less

Top Issues That I Help Clients Address

1how to build a security operations center

2how to make a security operations center scale and perform

3how to use automation for security operations

4how to build an incident response plan for cyber security

5how to architect and use a SIEM for best results in various environments