Bobby Acri is a cybersecurity analyst based in Winnetka, Illinois, who focuses on threat detection, incident response, risk mitigation, and secure systems design.
His work centres on protecting large, complex systems in environments where small weaknesses can create outsized risk.
Born on 17 May 1991 at Evanston Hospital, Bobby grew up on Chicago’s North Shore. He attended Hubbard Woods Elementary, Washburne Middle School, and New Trier Township High School. Early on, he gravitated towards how systems behave under pressure, not just how they look when everything is running smoothly. He built that mindset through computer science coursework, networking classes, and hands-on tech support for school events.
Bobby earned a B.S. in Computer Science from the University of Illinois Chicago in 2013, with a practical focus on operating systems, networking, and applied cryptography-type work. A 2012 internship with NorthShore University HealthSystem gave him early exposure to enterprise controls in a healthcare setting, where access and process matter.
He began his career in enterprise IT at CDW, then moved into systems administration at Aon, working closely with identity and endpoint workflows. In 2018, he transitioned into security operations at CME Group as a SOC analyst, investigating SIEM alerts, triaging phishing reports, and producing clean incident timelines. Since 2021, he has worked at United Airlines as a cybersecurity analyst, partnering across teams to improve detections, reduce alert fatigue, and strengthen controls before incidents escalate. Known for calm, methodical execution and strong documentation, Bobby leads through clarity, repeatable processes, and continuous improvement.
Where did your interest in cybersecurity begin?
It started with problem solving and systems thinking. Even early on, I cared less about surface level functionality and more about what happens when something breaks or gets stressed. That way of thinking stayed with me through school and into work.
How did your education shape your approach?
I studied Computer Science at the University of Illinois Chicago and finished in 2013. I focused on practical, systems-oriented classes like operating systems and networking, plus applied cryptography-type work. That foundation still shows up in how I investigate issues. I want to understand what the system is doing, not just what a tool says.
What did you learn from your first real enterprise experience?
In 2012, I interned with NorthShore University HealthSystem in IT support. I worked ticket queues, device imaging, and account and password issues. It was also my first close look at a setting where policy and access controls are taken seriously. You learn quickly that process is not optional when sensitive systems are involved.
How did your early career roles prepare you for security work?
I started at CDW as a service desk analyst supporting business clients. The work taught me how enterprise environments fail in everyday ways, and how users experience risk. I also built a habit of writing things down. If a fix works once, it should be repeatable. From 2015 to 2018 at Aon, I worked in systems administration with identity and endpoint support. That role put me close to account provisioning, group policy, patch coordination, and security-adjacent issues like phishing and compromised accounts. It was a clear view of how security, compliance, and business urgency collide.
What changed when you moved into a SOC role at CME Group?
The pace and the signal-to-noise problem got real. From 2018 to 2021, I monitored SIEM alerts, investigated endpoint and network anomalies, and triaged phishing reports. A big part of the job is working out what is just noisy and what is actually dangerous. I focused on clean timelines and clear incident notes. If the timeline is messy, the response is messy. I also started writing runbooks and checklists that other analysts used. That helped the team move faster and more consistently.
What does your role at United Airlines look like today?
Since 2021, I have worked as a cybersecurity analyst focused on threat detection and incident response. I investigate anomalies and support response work, but I also spend time on improvements that prevent repeat issues. That includes partnering with IT and engineering on hardening controls and reducing alert fatigue. If you do not address fatigue, you miss real problems because everything starts to look the same.
How would you describe your working style?
Methodical. Calm under pressure. I use precise language and I separate confirmed findings from suspected ones. I document as I go. I treat near misses as valuable because they show you where the gaps are, without the cost of a full incident.
What do you pay attention to as the field keeps changing?
Evolving attack vectors, cloud security trends, and the regulatory frameworks that shape large enterprises. Cybersecurity demands constant education. I do not treat learning as a side project. It is part of the job.
What keeps you grounded outside of work?
Endurance running along Lake Michigan, strategy board games, and reading history and behavioural science. Those interests connect back to the work in a quiet way. They reinforce patience, pattern recognition, and an understanding of the human side of risk.
Read more:
Bobby Acri: What Threat Detection Looks Like in a Large Organisation