This document discusses operationalizing big data security analytics. It provides lessons learned from case studies of using advanced analytics to detect security threats. The key lessons are: 1) Ensure the analytics math is tested using historical data, 2) Solutions should reduce alerts rather than generate more, 3) Systems should allow for automated responses to different risk levels, and 4) Metrics should be meaningful for measuring the analytics impact over time. The document recommends agreeing on use cases, evaluating results with and without analytics, assessing risk levels, and ensuring feedback and response integration. Overall it advocates testing analytics effectiveness and focusing on reducing security teams' workloads.