About Personio
Personio is a SaaS platform that offers all-in-one HR solutions that manage the entire employee lifecycle from contracts, payroll, performance reviews, and talent management. Founded in Munich, Personio serves over 12,000 customers across 70 countries.
Executive summary
The security team at Personio needed an intelligent workflow platform to support their growth without adding headcount. Manual scripting created fragile, outdated code that slowed threat response and consumed valuable engineering time. After evaluating multiple platforms, Personio selected Tines for its ease of use and faster time to value. With Tines, Personio has dramatically improved threat detection and response times, empowered their entire security team to build workflows, and unified their previously siloed security stack.
The challenge
As an HR platform, Personio manages highly sensitive data and needed to automate their workflows without sacrificing security. They previously relied on manual scripting, which led to slow debugging, fragile code prone to breaking, and scripts that quickly became outdated. According to Personio's Lead Security Engineer Victor Lima, "If I build a playbook within six months this playbook doesn't work anymore because we already changed the way the log structure works."
Personio was also growing rapidly, which demanded a solution that could reduce muckwork, enabling their team to handle increased volume without additional headcount while proactively responding to threats. Personio’s Engineering Manager for Security Operations, Andrew Wurster, shared that “We needed to automate multiple workloads at the same time to free up our team's time—not for keeping things running, but for focusing on what really matters: looking for signs of compromise and problems."
Why Tines
Personio evaluated Tines and Splunk before selecting Tines for its ease of use and faster time to value.
“It was way easier to work with Tines.” Victor shared. “The templates were very easy to use and integrate. The debugging capability is crucial for us since we have a programming mindset, and it's super easy to use. If I compare building the same workflow with Phantom versus Tines having worked with both, Tines was way easier and quicker to set up and put into production. Tines delivers more value compared to other platforms."
The Impact
With Tines, Personio has improved their response to threats, empowered their entire team to build workflows, and improved integration across their security stack.
Improved response to threats
By transitioning from manual scripts to Tines, Personio has dramatically accelerated their ability to detect and remediate security threats.
“We need to avoid and mitigate any issue to our brand and the company as fast as possible.” Victor shared “Any story that we build in Tines will decrease either the time to detect or the time to respond.”
Building without barriers
By removing the complexity or need to have an expert level knowledge of Python, Personio’s entire team can now build workflows. “It feels like Legos,” says Senior Security Engineer Sid Pillarisetty, “you're just dragging and dropping, connecting one block to another.”
Integration across their stack
Before adopting Tines, Personio's security tools operated in silos, connected only through custom scripts. Now, Tines serves as their central platform for security operations, seamlessly integrating with any API and unifying their workflows.
According to Andrew, “Tines has helped us scale by letting us step away from the burden of running and operating many disparate tools, and also the burden of having to adjust and marry up the output of many disparate tools that had been created over months and months and years of the team growing.”
Top workflows
Alert enrichment and triage
Personio’s alert workflows enrich all alerts they receive and add them to their ticketing system. “We have a process where we do the normalization of the alert and any kind of fields that need to be changed are changed, and are set into our event standard,” Sid shares, “Then we have an enrichment step where it looks through the related logs of the signal finds what kind of IOCs are in this associated with them, and then enriches it.”
Incident response
Victor built Personio's incident response program in Tines, which uses AI to automatically summarize incidents, generate cases, and recommend remediation steps.
"We fetch all the information, summarize it with AI, and then push that context into JIRA where analysts can act on it."
Favorite feature
When asked about his favorite feature, Sid highlighted Tines' drag-and-drop story builder and how it streamlines automation compared to writing code manually. “Having the drag and drop functionality helps create a webhook, immediately, where I do not have to figure out how to write Terraform code or write CDK code to create a web API in AWS.”
Victor appreciates the ability to bring their own AI model to Tines. “With Tines you can connect with whatever model you want and you don't need to stick to one model.”
Tines Support
The Tines team regularly collaborates with Personio, joining calls and helping build use cases. “The support has been super reliable,” says Victor, “We have building sessions together. If you don't understand something, the support is always helpful.”
What’s next
Personio plans to continue expanding their usage of Tines across their business. They're currently collaborating with their GRC team to build automated workflows for evidence collection, streamlining compliance processes that traditionally require significant manual effort.
We've chosen a great platform that will stay in front of things as opposed to waiting for the world to catch up in a few years.
Andrew Wurster, Engineering Manager for Security Operations, Personio