Can you remember the moment when you heard your calling to cybersecurity? Matt Dobbs, chief integration architect at IBM’s X-Force Threat Intelligence and Integration Lab in Atlanta, GA, can.

He was working as an IT consultant in the early 2000s, following a brief stint as a Java developer in a “dot-bomb,” when one of his customers called for help. Turned out that their server — the main server for the company — had been used to build a torrent site; the perpetrator had filled up the hard drives and was maxing out bandwidth. Working to clean it up and get the customer operational again was enough for Matt — one taste of the security world was all he needed.

He focused his efforts on cybersecurity consulting until a role opened up at Internet Security Systems. He grabbed it with both hands, eventually ending up at IBM through an acquisition. When IBM pooled its various teams to create IBM Security, Matt was asked to lead the Integration Lab to make the various pieces of the puzzle fit together seamlessly as a unified system for customers.

Building the Building Blocks

“The goal is to take all the IBM products and figure out better ways for those to work together to enhance security,” Matt said. “We have a bunch of point products that are very good at data or they’re very good at identity and access management and things like that, and so our group works with the development teams and offering manager to come up with ways to have these components work together.”

In practice, that means a lot of proofs of concept and proofs of technology as the team comes up with new ideas for the building blocks. If they work, they’ll either create the documentation to help customers integrate them on their own, or they’ll work directly with the engineering and product teams to customize.

However, Matt’s built such a well-oiled machine that these days he spends the bulk of his time in the X-Force Cyber Range building out the technical infrastructure for the stories run in its gamified scenarios and helping to create the experience that puts clients through their paces.

From Dot-Com Bubble to Global Cybersecurity

“Everybody struggles in their own way,” Matt says of the customers he works with. “What I find is that those who are more likely to be financially impacted directly from cybersecurity issues tend to be quicker about or spend more money, time, resources, policies, procedures on it.”

He said that means financial services are “all over it,” allocating a lot of people and money to their cybersecurity, while in the healthcare industry they’re more concerned with patients than firewalls. Working to protect companies across industries all over the world, it’s clear Matt has come a long way since the early days of the new millennium working in a fledgling cybersecurity market.

“There will always be room to grow just because adversaries are always growing, always changing,” he said. “They’re coming up with new techniques and new strategies, so the security industry always has to evolve. There will never be a point where a company is like ‘OK, I’ve got my security in place. We’re good.'”

That, he says, is precisely the purpose of the Cyber Range: to keep clients’ skills sharp and up-to-date. “Wash, rinse, repeat, because things are going to change every day and companies have to keep up with those changes.”

Matt believes the danger of complacence is the greatest threat to security today. He stresses that just because you have a plan doesn’t mean it will always work. “You have to lean forward, jump in, be on your toes and constantly evolve your practices.”

And considering this is a guy who survived the dot-com bubble, he knows a thing or two about what can happen when companies get complacent.

Meet IBM distinguished engineer and master inventor Mike Spisak

More from Threat Intelligence

Strela Stealer: Today’s invoice is tomorrow’s phish

12 min read - As of November 2024, IBM X-Force has tracked ongoing Hive0145 campaigns delivering Strela Stealer malware to victims throughout Europe - primarily Spain, Germany and Ukraine. The phishing emails used in these campaigns are real invoice notifications, which have been stolen through previously exfiltrated email credentials. Strela Stealer is designed to extract user credentials stored in Microsoft Outlook and Mozilla Thunderbird. During the past 18 months, the group tested various techniques to enhance its operation's effectiveness. Hive0145 is likely to be…

Hive0147 serving juicy Picanha with a side of Mekotio

17 min read - IBM X-Force tracks multiple threat actors operating within the flourishing Latin American (LATAM) threat landscape. X-Force has observed Hive0147 to be one of the most active threat groups operating in the region, targeting employee inboxes at scale, with a primary focus on phishing and malware distribution. After a 3-month break, Hive0147 returned in July with even larger campaign volumes, and the debut of a new malicious downloader X-Force named "Picanha,” likely under continued development, deploying the Mekotio banking trojan. Hive0147…

FYSA – Critical RCE Flaw in GNU-Linux Systems

2 min read - Summary The first of a series of blog posts has been published detailing a vulnerability in the Common Unix Printing System (CUPS), which purportedly allows attackers to gain remote access to UNIX-based systems. The vulnerability, which affects various UNIX-based operating systems, can be exploited by sending a specially crafted HTTP request to the CUPS service. Threat Topography Threat Type: Remote code execution vulnerability in CUPS service Industries Impacted: UNIX-based systems across various industries, including but not limited to, finance, healthcare,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today