This document discusses operationalizing big data security analytics. It provides lessons learned from case studies of implementing security analytics at various organizations. The key lessons are: 1) Security analytics should help analysts deal with fewer, higher-quality alerts rather than more alerts. 2) It is important to test the mathematical models on historical data to validate the analytics can surface useful threats. 3) Metrics must be defined to measure the impact and ensure the analytics are optimized over time for the organization's needs. The document advocates agreeing on use cases, evaluating results, assessing risk level, and ensuring feedback for continuous improvement.