Rapid7 is a cybersecurity platform trusted by thousands of organizations worldwide to unify endpoint-to-cloud exposure management and detection and response. When you're responsible for protecting other companies' infrastructure, there's no margin for error. For Director of Engineering Elaine Hardwick and Program Manager Amanda Jackson, maintaining that rigor at scale meant equipping their 1,000-person engineering organization with tools to move fast without breaking things.
To drive efficiency and accelerate key initiatives at that scale, the team turned to Cortex and achieved significant results:
Migrated 3,000 RDS instances across multiple regions in under two weeks. What would have taken months with manual tracking was completed in days with automated ownership identification and progress tracking.
Eliminated manual spreadsheet tracking across all major initiatives. The team replaced error-prone, constantly stale spreadsheets with a single source of truth that updates automatically.
Accelerated delivery timelines by weeks. By eliminating repetitive manual work and context switching, developers can focus on building secure, high-quality software.
Cut incident response time significantly. Engineers can now find ownership, dependencies, and runbooks from a single page, even if they lack historical context.
The challenge: A critical gap in information discovery
In late 2021, Log4shell ground engineering productivity to a halt. Teams everywhere spent days digging through git repositories, spreadsheets, and wikis, desperately trying to surface potentially affected software and figure out who owned what.
"Log4shell took up a ton of the Platform team's time," Elaine recalls. "We were trying to piece together package and ownership information without knowing whether this information was up to date. This sent us into a deep dive of service catalogs like OpsLevel and Backstage to shore up information and shorten time-to-find ownership."
But Log4shell was just the spark. The real need ran much deeper than incident response. The team needed a central place to track not just information about software, but information about how it's built.
"We wanted to ask which software was meeting the highest levels of operational maturity," Elaine says. "Has everyone made the switch from core infrastructure to newer modules? Are vulnerabilities actioned on within our SLAs? We wanted this information all in one place, updated automatically, without juggling multiple spreadsheets. That's when we found our way to Cortex."
The solution: A single source of truth that stays up to date
Rapid7 needed to solve three interconnected problems: how do you accelerate migrations without losing track of progress? How do you streamline incident response when the person on call might not have all the context? And how do you speed up delivery without developers spending half their time hunting for information?Amanda says that the challenge ultimately boiled down to a simple, yet maddening reality about manual tracking.
"Walk away from a spreadsheet for a minute, and it's already stale, making program and software tracking really difficult and noisy for developers. With Cortex, we never have that issue. I can just trust that information is always up to date. Everything is transparently tracked, and we can leave devs alone that have already done what they need to do." — Amanda Jackson, Program Manager, Rapid7
By centralizing their approach to tracking ownership, system health, and operational priorities, Rapid7's engineering leadership unlocked a new level of operational effectiveness. Instead of spending cycles maintaining spreadsheets, they could finally focus on executing high-impact initiatives.
The results: Weeks of work completed in days
Since adopting Cortex, the production platform team's execution speed has transformed. The most striking was a database upgrade initiative that would have previously taken months.
When upgrading 3,000 RDS instances across multiple regions, Cortex identified the right owners, tracked progress in real time, and notified only affected developers with clear instructions and deadlines.
"We went from what would have been months of work to under two weeks," Amanda says. "We could see exactly which instances were left and which teams were responsible."
"Without Cortex, we might have missed an upgrade and caused an outage. Since Cortex pulls directly from resource metadata, we always have the most accurate information without distracting developers." — Elaine Hardwick, Director of Engineering, Rapid7
Cortex has also transformed how Rapid7 handles incident response. Now, anyone on call can quickly find what they need about incidents and vulnerabilities, and make sure the right follow-up happens, even if they're relatively new to the team.
"When we have an incident, the person receiving the notification can head straight to Cortex to view everything they need to know. They can drill down into ownership, on-call, and dependencies, check recent events across all connected tools, and access ReadMes and runbooks, all from one page." — Amanda Jackson, Program Manager, Rapid7
Without Cortex, Rapid7 would need to rely on the institutional knowledge held by long-tenured employees, a common but problematic approach at many organizations. Instead, Cortex automatically updates this information and houses it in a central location accessible to everyone, regardless of how long they've been with the company.
Building a culture of continuous readiness
Rapid7 uses Cortex Scorecards to keep critical initiatives on track. During the RDS migration, they tracked 3,000 multi-region instances and wrapped up the upgrade in under two weeks. For vulnerability remediation, they track vulnerability volume and SLA compliance by severity, which means fewer missed fixes and less scrambling during audits.
When you're protecting other companies' infrastructure, readiness isn't optional. With Cortex, the engineering team has a single source of truth for ownership, system health, and operational priorities, allowing them to respond faster, migrate sooner, and deliver more securely.
"Cortex allows us to move faster and more securely. Without it, we're chasing down details during an incident, throughout a tool swap, or during day-to-day developer operations. There are all things which distract developers from building and shipping quickly. Now all these details are handed to us in a single place that's always up to date." — Amanda Jackson, Program Manager, Rapid7
Ready to accelerate your engineering initiatives? Book a demo today to see how Cortex can help your team drive efficiency.
