About the customer
The customer is a US-based crowdfunding tech company that connects donors to political causes via a digital platform. Since its launch in the early 2000s, the platform has enabled thousands of campaigns and organizations to raise billions of dollars.
Executive summary
Facing increasing security challenges, this organization’s security team sought to reduce manual toil, enhance efficiency, and strengthen its ability to respond to evolving threats through workflow orchestration and automation. With Tines, they’ve bolstered organizational resilience by automating patch management, device management, and MFA policy enforcement, while fostering a stronger culture of cybersecurity, freeing up time for high-impact security work, and strengthening collaboration with the IT team. Tines has acted as a catalyst for innovation, helping the team move forward with impactful projects that had previously stalled in the backlog.
The challenge
Handling high-value political and financial data makes this organization a prime target for attackers motivated to disrupt democratic processes - especially during election-cycle surges. To keep up with this complex and ever-changing threat landscape, the security team turned to workflow orchestration and automation to help them work more efficiently and improve organizational resilience.
Why Tines
Supported by an organization-wide push for more automation, the team looked for a solution that everyone could use, from automation experts to newcomers. With its low barrier to entry, Tines proved to be an effective and infinitely scalable solution, according to Security Engineer Thierry Pelissier. “We were looking for a tool that would allow people who haven't worked in the automation world to easily build automations, alongside more experienced team members. Tines was a perfect tool for that.”
Prioritizing orchestration has driven our purchasing decisions for other platforms - we’ve started to look for API-first tools.
Thierry Pelissier, Security Engineer
The Impact
The organization has used Tines to reduce risk exposure, improve employee security awareness, and enhance collaboration between IT and security teams.
Risk mitigation and improved resilience to threats
With Tines driving patching reminders for employees, Thierry and his team reduced unpatched vulnerabilities from 3,000 to 1,500 per month in just 45 days—and have since brought that number down to 500. They’re also using Tines to enforce stronger multi-factor authentication (MFA) with YubiKeys to minimize phishing and account takeover risks, systematically remove sensitive information from Zendesk, and mitigate security gaps posed by old or unmanaged devices.
Unblocking stalled projects and driving cost savings
The security team had been exploring a tool to automate patch management when spending on new tools was paused. Determined not to let this critical project fall further behind, Thierry explored whether Tines could be used instead. The resulting workflow not only met but exceeded their expectations - without incurring additional costs for the business. Even more valuable are the potential cost savings from quickly implementing these enhancements, ensuring there were no delays in reducing risk. Without Tines, this crucial project might have remained stuck in the backlog.
Freeing up time for high-impact security work
Tines has helped Thierry’s team reclaim time previously spent on repetitive, manual tasks, allowing them to focus on more strategic security projects. For example, instead of reaching out to individual users, they can now prioritize workflow building and respond to security events more efficiently using data from Tines workflows.
We’ve been able to focus on security work rather than the mundane tasks behind it. The time saved is a huge one - I can't say that enough.
Thierry Pelissier, Security Engineer
Stronger IT-security collaboration
Tines has helped bridge gaps between IT and security teams, enabling faster responses to vulnerabilities, streamlined device management, and improved threat response times, Thierry says. This was particularly evident during the creation of the vulnerability management workflow, which required coordination on a naming standard for machines and a way to track and trace their owners or users. Both teams also benefited from a workflow that identifies unmanaged machines.
Tines has definitely helped us work more efficiently with IT. It saves both teams time and makes our meetings more productive.
Thierry Pelissier, Security Engineer
Fostering a culture of cybersecurity
By putting patching back in employees’ hands, this organization is strengthening cybersecurity awareness and best practices.
"At first, people had a lot of questions about the new process because it was unfamiliar. But now, we’re seeing fewer questions and more action," Thierry says. "It’s becoming part of the culture - everyone’s getting used to it."
This shift creates a more flexible approach that balances security with user productivity.
“There are some use cases where employees need to be on a particular version of the software, and this gives them the flexibility to do so when there's a legitimate reason,” Thierry explains. "Some people aren’t aware that certain software is on their machine. We encourage them to uninstall it if they don’t use it, which helps reduce our attack surface. Both outcomes have a very positive impact."
Engaging with employees about MFA has helped to improve overall cybersecurity awareness, Thierry adds.
It's a great way to build partnerships with people, let them know that we're here to be their eyes, not stop them from doing their work. That’s been pretty awesome.
Thierry Pelissier, Security Engineer
Top use cases
Vulnerability management
IAM
Threat intelligence
Patch management
Top workflows
Exposure management
This workflow identifies medium or critical severity vulnerabilities flagged by their EDR platform in third-party software that have been unpatched for 30+ days. Once a week, it sends a Slack message to users of affected machines with patching instructions and a deadline to complete the update by the end of the week. The message also includes a direct link to the security support channels for any questions or troubleshooting.
In the first 45 days, we saw our unpatched vulnerabilities drop by 50%, which I’ve never seen anywhere I’ve worked.
Thierry Pelissier, Security Engineer
Detecting unmanaged machines
Tines reconciles data from their EDR and MDM platforms to identify “rogue” or unmanaged machines - devices that may belong to former employees or remain unused in employees’ homes.
"We use this in our monthly meetings with IT to flag machines that aren’t accounted for," Thierry explains. "They then investigate and determine the reason."
This workflow saves us a lot of time - before, we managed this manually with spreadsheets. Now, we just run it periodically in Tines whenever we need.
Thierry Pelissier, Security Engineer
MFA enforcement
This workflow ensures that new accounts are secured with MFA using YubiKeys by automating checks in their SSO. It retrieves user data from their SSO, verifies whether MFA is enabled, and alerts the security team via ChatOps if any accounts are missing MFA. If the employee doesn’t take action, their manager receives a follow-up notification. If the issue remains unresolved, it escalates to IT. Once a YubiKey is set up, the workflow automatically disables any other MFA methods, ensuring a standardized and secure authentication process.
Thierry shares that this involved a major migration from their previous process, which relied on Google Authenticator. With Tines, they automated as many manual tasks as possible and customized their MFA rollout in ways that their SSO platform couldn’t support. This gave them precise control over the rollout’s quality and user experience across the organization - leading to 100% adoption, from the CEO down, in just weeks.
“That was awesome because we went back and forth on, ‘How are we going to enforce this? How can we do it in a way that's not a pain point for users?’ How are we going to work with IT? What are our options on the Okta side?’ There was a lot of coordination between the three and Tines made it all possible.”
Removing sensitive data from their customer service platform
To minimize the risk of sensitive information exposure, this workflow automatically checks for and cleans up sensitive data as per their data retention policies across their customer service platforms. Tines allows them to implement more complex data retention policies than their customer service platform can do natively.
Automating training reminders
Using Tines, the security team automates ChatOps reminders for employees to complete their security training. If an employee doesn’t complete the training, their manager receives a follow-up notification, reducing manual effort for the IT team.
The workflow was inspired by a pre-built workflow from the Tines Library, Send KnowBe4 training reminders via Slack. Thierry has successfully repeated this process several times, leveraging existing workflows as a starting point.
"I usually start with the library," he says. "I'll check if there's a story related to our toolset, and if parts of it are useful, I'll keep it side by side as I build my own workflow."
Tines support
Thierry has been impressed by the hands-on support from the Tines team.
“I've always found that a tool is only as strong as the support team behind it. Whenever I have a problem, it's so easy to get a technical account manager or someone from support to explain and help me understand it,” he says. "I once reached out at 11pm, and someone from support stayed with me for an hour and a half until we figured out the problem."
I’m probably the person that works most with our vendors and Tines is at the top for me when it comes to customer support.
Thierry Pelissier, Security Engineer
What’s next
As more IT and security team members get familiar with Tines, the organization hopes to expand its use of the platform. Tines will continue to serve as an enabler of innovation, helping the team tackle new challenges more efficiently.
Thierry is particularly excited about building new workflows that leverage data from third-party threat intelligence specialists, as well as the potential in Tines-powered AI co-pilot Workbench.
"I’m still playing around with Workbench," he says, "but it’s something we’d like to explore further to see how we can build workflows even more efficiently."