From 16 Hours to 2: How Sophos Scales Agentic Data Engineering with Maia

July 1, 2026
Customer Stories
Share:

Inside Sophos' Agentic Data Engineering Evolution

In cybersecurity, speed and accuracy are operational requirements. For Sophos, a global cybersecurity leader protecting 600,000 organizations from cyberattacks, an aging data infrastructure stretched across two legacy data integration platforms was struggling to keep pace with a business that was growing, modernizing, and absorbing a major acquisition simultaneously.
10-16 hours → 2-5 hours
Pipeline delivery savings across the full development lifecycle.
Dark green background with a thin curved light gray line on the left side.
100% / 95%+
Standards compliance and first-time deployment success on Maia-generated pipelines.
Dark green gradient background with subtle diagonal shading.
800+
Pipelines in migration across two legacy platforms.
Abstract dark teal geometric shapes overlapping creating a smooth gradient background.
So many people talk about AI helping generate code faster. All that's true, but it's really the full life cycle (...) where you start to see those gains."
Jason Mulvin
Director of Enterprise Data at Sophos

TL;DR

Sophos relied on Matillion to manage 800+ production pipelines across a global Snowflake environment, powering the revenue forecasting, HR operations, and business analytics its teams depend on daily. But two legacy platforms were running out of road, and when the company's largest acquisition doubled the migration workload overnight, the engineering team needed a faster path to production.

By adopting Maia and agentic data engineering, Sophos automated pipeline delivery across the full development lifecycle, cut proof-of-concept pipeline time from 3 days to under an hour, and is now modernizing 800+ pipelines with 100% standards compliance and a 95%+ first-time deployment success rate.

Challenge

Replacing Informatica and Legacy ETL at Scale

Jason Mulvin, Director of Enterprise Data at Sophos, leads the team responsible for that platform- engineering, architecture, and analytics roles distributed across regions, organized in a hub-and-spoke model with reporting teams embedded across the business. Their charter: deliver trusted, governed data products to every function, reliably and at speed. By 2024, the infrastructure underneath that team was under serious pressure.

Sophos was running two legacy data integration systems: Informatica, which had grown expensive and operationally complex, and an earlier version of Matillion (METL) that had served them well but was hitting real technical limits as the business scaled. Together, they underpinned over 800 production pipelines. Scaling pressure, governance gaps, and an architecture that couldn't support AI-driven automation made clear the platform had reached its ceiling.

Migrating to a modern, AI-native platform was already on the roadmap. Then Sophos completed the largest acquisition in its history and the scope of that migration doubled overnight.

"We had a lot going on. Frankly, if you think about trying to do an upgrade at the same time…not really a great idea. But we did it." — Jason Mulvin, Director of Enterprise Data

Approach

From Pilot to Production

The team first encountered Maia at Snowflake Summit 2025. Before any of that could progress to pilot, there was one obstacle: Sophos's internal GenAI Council.

The company had a clear policy: no customer or employee data goes to a third-party AI tool. Applied to content copilots and chatbots, the rule is straightforward. Applied to ETL, the problem is immediate — the data team's pipelines move HR and workforce data, customer records, and financial information across systems. PII handling is the work, not the exception.

The answer was architectural. Because Maia runs as a Snowflake Native App, pipeline execution happens entirely inside Sophos's own cloud environment. No data crosses to a third-party endpoint. For a security company, keeping execution inside their own perimeter was the condition for moving forward at all.

"Once the data lands in our environment, Maia is executing that within our Snowflake perimeter, and the data never has to leave until it's ready to be consumed. That was a huge win for us." — Jason Mulvin, Director of Enterprise Data

After several months of review, the GenAI Council approved in October 2025.

With approval secured, Sophos moved into implementation as an early adopter. The initial setup involved configuring permissions, security, and source control integration across Sophos's environment. 

The capability that made everything click was Maia Skills. Early on, the team had tried to fit all of Sophos's engineering standards into a single context file. At scale, it didn't hold. Skills let them break that context into modular, purpose-specific rules — one set for each pipeline type — and apply them consistently across every build.

Approach

Maia at Work

With the platform established, Sophos put Maia to work across three areas.

Informatica and legacy migration

The team is working through a phased migration on two fronts: converting Informatica mappings into cloud-native pipelines to fully sunset the platform, and modernizing over 800 pipelines off the earlier Matillion (METL) environment spanning SaaS sources, streaming data, and complex data orchestration workflows.

With Maia, the team is working through migrations by workflow type, prioritizing workloads to keep the business running throughout.

Operationalizing pipelines at scale

The real challenge ahead of an 800+ pipeline migration, including Informatica workloads, was getting generated pipelines reliably into production. Before Maia, generated outputs didn't fit cleanly into the team's CI/CD process, and aligning them with Git workflows took extra effort — slowing promotion across environments as volume increased.

With Maia, the team integrated generated pipelines into a Git-backed CI/CD workflow with automated actions, treating them as versioned, iterable artifacts rather than one-off deliverables. The result: pipelines moving to production at scale, without proportional overhead.

Governance and standards enforcement

Every pipeline Maia generates reflects Sophos's own engineering standards, enforced during the build rather than checked after. Issues surface earlier, reviews move faster, and the team maintains consistency across a growing volume of pipelines without relying on manual discipline to hold it together.

"Once the data lands in our environment, Maia is executing that within our Snowflake perimeter, and the data never has to leave until it's ready to be consumed. That was a huge win for us."

— Jason Mulvin, Director of Enterprise Data
Results

Where the Real Gains Compound

The gains Sophos measured ran across the full pipeline lifecycle: design, development, documentation, testing, and deployment:

"It's not just the development. So many people talk about AI helping generate code faster. All that's true, but it's really the full life cycle — the design, the development, the documentation, and the testing. That full life cycle is where you start to see those gains." — Jason Mulvin, Director of Enterprise Data

Across the full pipeline lifecycle, Sophos is now delivering in 2–5 hours what previously took 10–16 hours — approximately 4x faster, end to end. First-time deployment success sits above 95%. Standards compliance on Maia-generated pipelines is 100%.

Robman Balisi, a Principal Data Engineer on the team, put a number on what that means day-to-day:

"I can deliver a proof-of-concept pipeline in under 1 hour, compared to the typical 2–3 day turnaround."

When engineers are no longer spending the majority of their time on pipeline maintenance, the nature of the data engineering role shifts:

"The role of the data engineer is elevating. The blocking and tackling of ETL development goes away. They're free to look more at the big picture and understand the business context of what they're trying to do." — Jason Mulvin, Director of Enterprise Data

That reclaimed capacity is already being directed toward the next phase of the program: expanding what Maia supports and opening it up to more of the business.

Results

Building What's Next

Two expansions are already in motion.

The first is citizen development. As Maia Skills and Context Engine mature, Sophos plans to open pipeline creation to business teams under proper governance review.

"The use of Skills is going to allow us to get a consistency that will allow us to start with citizen developers. Maia with the Skills provides us a standard, because it's really easy to generate a whole ton of pipelines, but then you've got to maintain those over time." — Jason Mulvin, Director of Enterprise Data

The second is about who consumes data. Sophos is moving beyond reporting teams as the primary consumer: AI applications, autonomous agents, and operational systems all need access to the same governed data.

"We're moving from a reporting consumer to a multi-prong consumer — reporting, AI and apps, agents, all of these things. We're moving that security perimeter back into the Snowflake arena so that no matter who's consuming the data, they're following the same structured procedures in terms of access." — Jason Mulvin, Director of Enterprise Data

Every one of those consumer types needs governed, production-ready pipelines behind it. Maia is what makes that growth viable at scale.

Data management
made effortless

Enjoy the freedom to do more with Maia on your side.
Abstract dark teal geometric shapes background with diagonal lines and subtle gradients.