FinOps for Cybersecurity at Scale: Balancing Cost, Speed, and Safety at HSBC

When HSBC's cybersecurity team adopted Databricks to power threat detection and security analytics, we knew scale would come fast. What we didn't anticipate was just how fast, or the cost challenges that would follow. We grew from a small pilot to hundreds of security analysts and data engineers, processing massive volumes of security telemetry data daily.

The challenge: Most of our users could detect cyber threats but didn't know which queries were scanning terabytes unnecessarily or whether cluster configurations were burning through budget. Traditional approaches said costs were rising but couldn't teach us as the users how to use Databricks efficiently. We share an approach that turns every inefficiency into a teaching moment and empowers security teams to self-optimize without becoming data engineering experts. I'll share the framework and automations we used to grow Databricks usage while flattening the cost curve, all while maintaining rapid threat detection capabilities.