Cybersecurity today is less about reacting and more about reading between the lines; of behavior, of data, of digital footprints we don’t even know we leave behind. In this delicate space between chaos and control, innovation has a new face.
That face belongs to Jordan Carpenter.
With a role that places her at the helm of offensive security and threat intelligence at Core Specialty Insurance Holdings, Jordan building systems that ask questions before an attacker even thinks of striking. With AI-driven tools and pattern-based defense models, she’s not just responding; she’s predicting. And in an industry dominated for years by convention and caution, her approach brings clarity, curiosity, and courage.
We were intrigued by her story, and even more by her perspective. So, we connected with Jordan to dive deeper into her world.
Jordan, let’s start with your quote: “We’re no longer defending the perimeter—we’re defending the pattern.” What inspired this shift in mindset, and how has it transformed the way your team approaches threat intelligence?
Cyber is an ever-evolving field. That is one of the things that attracts me most to my job. Cyber is never stagnant and every day is different. The threat actors are getting more sophisticated so that means we have to adapt and try to stay one step ahead. When I first started in cyber, we were worried about blocking IPs at the firewall, now we are trying to find identify the biggest threats against our company and put in the defenses to prevent these threats from entering our network.
You lead one of the most AI-integrated threat defense programs in the industry. Can you walk us through how you’re using models like LAMA and OpenAI to power autonomous detection engines?
We are currently working to develop our own Predictive Cyber Analytics model. We are using a variety of ML models as well as LLAMA and OpenAI to create a functional chat bot to help us analyze our logs and predict cyber events before they occur. The ML models are used to help detect the anomalies within the raw logs which we then feed into the LLM models to give us the ability to ask questions about our data. We are continuously building out this product though and each iteration adds more data sources and more value.
Darktrace AI is known for early detection based on behavioral baselining. How effective has it been in helping your team identify threats early in the kill chain, and can you share an example where it changed the course of an attack response?
Darktrace is a great tool to provide constant monitoring. It alerts our team on the things that aren’t normally observed behavior. We had an incident where a pending leaver was attempting to send large amounts of data to their personal email, but Darktrace alerted us immediately of a large amount of outbound data being sent and we were able to isolate the user and prevent any data exfiltration.
The blend of AI, behavioral analytics, and red-teaming is powerful—but complex. What challenges have you faced in operationalizing such an advanced, layered security model, especially in a highly regulated industry like insurance?
I think the hardest part is the change in mindset. We are moving towards looking at patterns and analyzing what is considered normal behavior in order to identify anomalous actions. This type of offensive security looks deeply at what users normally do and tries to pick out what actions are outside of that baseline. Our team’s first priority is always making sure we are inline with any regulations and creating our project plans around these regulatory requirements. Any vendor or product we plan to bring into our environment is subjected to our extensive third-party risk management process to ensure they align with all relevant regulatory bodies.
You’ve built an offensive defense model powered by AI and predictive analytics. How has AI evolved from being just a detection engine to becoming a strategic partner in outmaneuvering adversaries in real time?
AI is both a blessing and a curse. AI has allowed the bad guys to get smarter, faster and more evasive. On the offensive side, we can use it to enhance the data we have. Having millions of logs is only effective if you have a way to review them and find that one abnormality that leads to an incident. AI has enhanced our processing and detection time to seconds rather than hours.
Offensive security often feels like a chess match. What’s one strategy or mindset shift that has helped your team “stay a step ahead” of adversaries in the current threat landscape?
Staying a step ahead of adversaries is the only way to succeed in this field. I try to attend as many conferences, webinars, and trainings that I can to ensure I am always aware of the latest trends and tactics being used by threat actors. I start every day reviewing the latest threat intel news and reviewing social media feeds to stay educated on what is being observed in the cyber world. I think attending webinars and conferences allows insight into some other industries. There are threat actors that tend to target healthcare or finance, but that doesn’t mean they will stay in those industries. We must be prepared for any threat actor to decide if they want to shift their focus to our company.
You’ve built a modular, scalable architecture that supports both product innovation and cyber defense. For companies just starting to modernize their security stack, where should they begin?
I think the best approach companies can take is building a layered toolset. You can’t put all of your eggs in one basket in cyber security. It has become necessary to have tools that overlap in some functions to pick up where one tool may fall short. It is important to pick products that are suited for your needs and gaps.
What excites you most about the future of cybersecurity? Is there a specific innovation or threat model that you believe will redefine how we think about digital defense?
The most exciting thing about the future of cyber is that there is no way to predict the future. Technology is evolving rapidly and with each innovation comes more flaws. Cyber security is a field that is growing at an exponential pace and likely will never slow down. There is a massive shift from paper and pencil to the best and greatest technology in basically every sector of the world. There is technology everywhere you look and in every industry including manufacturing, education, healthcare, insurance, and even everywhere in our homes. With these advancements comes the need to protect all of the information. I love uncertainty and change, because it just means I will never be bored or out of a job!
For young women looking to enter the field of offensive security, what’s your advice on where to start—and what mindset to carry with them?
When I entered cyber, I learned it was a very male dominated field, but that is changing every day. I am seeing more and more women applying for internships and jobs I have posted as well as speaking at conferences I am attending. My advice would be to not be intimidated if you are standing in a room where you are the minority. Your thoughts and ideas are important and can bring great value to a team.
You’ve already reshaped how security operates at Core Specialty. Looking ahead, what legacy do you hope to leave in the world of threat intelligence and cyber leadership?
I hope to leave a legacy and impression on every company that I work at throughout my career. I want to show that women can be leaders and hold positions of power within IT. My hope would be that I paved the way for women to embrace leadership, innovation and change in this field and be known for staying one step ahead of the bad guys.
More about Jordan Carpenter
Jordan Carpenter is at the helm of one of the most future-focused cyber defense programs in the industry—where AI doesn’t just support security, it leads it. From dark web surveillance to predictive analytics, she’s building intelligent systems that think ahead of attackers. With a Master’s in IT and top-tier certifications from Microsoft, ISC2, Proofpoint, and Qualys, Jordan brings deep technical credibility to the table. Her expertise lies in architecting autonomous detection engines—leveraging advanced models like LLaMA and OpenAI to not just detect threats, but anticipate them.
