Extracting logs.......Please wait........

0 %
avatar
Steven Butterworth
Detection Engineer.
Noise Killer.
Log Tamer.
  • Base:
    United Kingdom
  • City:
    Manchester
  • Clients:
    Global
Splunk ES
LogScale
Detection Engineering
Alert Tuning
Parser Builds
CRIBL
Use Case Dev
Data Normalisation
SIEM Architecture
  • Vetted, Gov/Defence
  • Log Strategy
  • SIEM Strategy
  • DevSecOps Delivery

Turning noisy data into
clear insight

<code> I build </code>
Photo
10 +
Years Experience
20 +
Projects Finished
50
Happy Customers
0
Trouble

Meet LogSmith

I’m Steven — a log specialist, detection engineer, and trusted freelance partner to security teams who need clarity in the chaos.

I’ve spent 15+ years working across SIEM platforms, from Splunk to LogScale, helping government, defence, and private sector clients clean up their pipelines, fix what’s broken, and build trust in their alerts again.

What sets me apart? I don’t just write rules — I engineer the whole system around them. That means getting your logs clean, your extractions right, and your detection logic tight. No fluff, no noise — just the outcomes that matter.

UK-based. SC cleared. Ready to plug in.

Why teams bring me in

I cut through SIEM noise

You don’t need more alerts — you need better ones. I help teams reduce noise, suppress false positives, and focus on what actually matters.

I clean your logs at the source

Messy fields cause weak detections. I fix your parsers, clean up field extractions, and map everything to ECS or CIM.

I work across your whole toolset

Splunk, LogScale, syslog, Cribl — I adapt quickly and fit into your existing workflow without friction.

I align detection to real-world threats

I help clients map detection to frameworks like MITRE ATT&CK, NIST, and industry-specific threat models — so your rules are more than just logic; they’re risk-aligned, testable, and strategically sound.

I understand the whole detection pipeline

Good detection isn’t just about SIEM rules — it’s about knowing what data’s coming in, how it’s parsed, enriched, normalised, triggered, escalated, and surfaced. I work across the full stack to make sure every stage supports the signal, not the noise.

I’m SC cleared and delivery-ready

UK-based, SC-cleared, and used to Gov, Defence, and enterprise security work. I onboard fast and deliver with minimal handholding.

Build insight, not noise

Whether it’s parser issues, broken field mappings, or alert overload — I help clean the pipeline so your team can focus on real threats.

Talk to me

“Alert fatigue is a design problem. Detection should feel clean, not chaotic.”
My philosophy after seeing too many SOC teams burn out on bad logic.

Let's talk logs

Whether you’ve got broken extractions, noisy alerts, or detection rules you don’t trust — I’m here to help. I take on freelance and short-term contract work across the UK and beyond.

I’m UK-based, SC-cleared, and comfortable dropping into fast-moving teams or solo projects.

Connect
© 2025 LogSmith • SIEM Detection Engineering by Steven Butterworth
Email: steven@ukitguru.com