Geoff McDonald

Principal Research Manager @ Microsoft Defender for Endpoint

Vancouver, British Columbia, Canada

About

I am a data scientist and cybersecurity researcher at Microsoft Defender for Endpoint, where I manage a machine learning security research team. Our primary responsibility is to use machine learning and automation techniques to protect over a billion users from emerging cybersecurity threats. My expertise includes constructing machine learning pipelines, building automation pipelines, and cybersecurity. Beyond technical responsibilities, I prioritize creating a collaborative team environment, offering mentorship, and leading projects that directly contribute to enhancing customer security and satisfaction. You can find some my personal machine learning and reverse-engineering tools on GitHub and my personal website: https://github.com/glmcdona https://www.split-code.com/

Experience

  • Microsoft (13 yrs 4 mos)
    • Principal Security Research Manager
      Jun 2025 - Present · 1 yr 1 mo

      Leading ML and AI organization at Microsoft Defender for Endpoint implementing cybersecurity protection solutions.

    • Principal Research Group Manager @ Microsoft Defender for Endpoint
      Apr 2022 - Jun 2025 · 3 yrs 3 mos

      Leading ML and automation organization at Microsoft Defender for Endpoint implementing cybersecurity protection solutions.

    • Principal Research Manager @ Microsoft Defender for Endpoint
      Oct 2019 - Apr 2022 · 2 yrs 7 mos

      As Principal Research Manager, I directed a team specializing in data science and cybersecurity. We focused on employing machine learning and automation at scale to protect more than a billion devices using Microsoft Defender for Endpoint AntiVirus and Network Protection.

  • Symantec (1 yr 8 mos)
    • Threat Analyst Engineer
      Jan 2012 - Mar 2013 · 1 yr 3 mos

      Analyzing and investigating malware security threats as part of Symantec's Security Technology and Response Attack Investigation Team. Work involves reverse-engineering high-profile malware attacks and authoring whitepapers. General tasks include: - Reverse engineering malware - Programming analysis tools in python and C++ - Writing detailed technical reports on malware

    • Threat Analyst
      Aug 2011 - Jan 2012 · 6 mos

      Threat Analyst for Symantec as part of the DeepSight team. Work involved reverse engineering computer viruses and vulnerabilities while writing reports on their inner-workings.

  • Process Engineering Intern at ABB Semiconductors Switzerland
    May 2007 - Apr 2008 · 1 yr

    Worked as a process engineering intern at the ABB high-voltage insulated-gate bipolar transistor semiconductor module production facility in Lenzburg, Switzerland. Work involved project management, design, software development, R&D, and I was responsible engineer for several industrial production equipment. The software development aspects involved primarily C#, LabView, and VBA.