IBM X-Force Red marked its first-year anniversary with the addition of security specialists, including Space Rogue, who increases the team’s impressive roster of talent.

Hello, my name is Space Rogue. Well, actually, it’s Cris Thomas, but the security community is most likely to recognize my work over the past two decades under my pseudonym.

The name dates back to the early 1990s, when a few friends and I founded L0pht Heavy Industries, one of the first hacker collectives, based in the Boston area. You may remember us as the seven guys who testified before the U.S. Congress on May 19, 1998, to shed light on the vulnerabilities of the internet.

We said something to the effect of, “Any of the seven individuals seated before you could take down the internet within 30 minutes and we need to do something about it now.” We didn’t know it then, but we were just scratching the surface of what has since transpired in the cybersecurity space.

IBM X-Force Red Welcomes Space Rogue

Since then, I’ve spent much of my time working with startups and small- to medium-sized organizations to uncover cybersecurity vulnerabilities and support the development of security strategies and programs.

One of the companies I worked with over the years was security firm Trustwave. Specifically, I worked with the Spiderlabs Research division, which explored then-new security domains such as threat intelligence and malware analysis.

That’s where I met Charles Henderson, now global head of IBM’s X-Force Red, and Steve Ocepek, regional lead of North America for IBM. They are why I’m here today as one of the newest members of the elite security research and testing X-Force Red team.

I’ll admit, I harbored some concerns around joining a large, global organization such as IBM — a bit of a 180-degree turn from the much smaller shops I’ve worked with in the past. However, after speaking with Charles and Steve, and meeting with the team, I quickly found that X-Force Red has the best of both worlds: We’ve got the ingenuity of a startup, but with the backing and resources of a multinational company that just happens to be a household name.

This recipe for success isn’t going unnoticed and, at a time when cybersecurity skills are scarce and the need for personnel is plentiful, the X-Force Red team is attracting the best of the best. This meeting of the minds, backed by the IBM network, is allowing us to turn seemingly improbable ideas into executable realities.

Cybersecurity Is Everyone’s Problem

As one of the newest members of the X-Force Red team, I’ll be playing a dual role on both the client consultation and solution design/development sides of the team. While I’m more comfortable working in the background — conducting research, testing and developing technology — I’ve had a lot of experience working directly with clients.

I’ve had to be the bearer of bad news, uncovering major security flaws within organizations. I learned a lot about the different perspectives and motivations within a company, from the IT specialist all the way up to the CEO.

Cybersecurity is no longer an IT problem; it’s not even a business problem. It has become just a general problem that every individual and organization needs to address.

This is the problem IBM X-Force Red is helping to solve by promoting a model of continuous testing — not just checking the security box on the quarterly checklist. The best way to maintain security hygiene and stay ahead of the bad guys is to hire dedicated experts who are doing testing all the time. Unfortunately, most organizations don’t have the resources to do that in-house.

That is where X-Force Red comes in. We do the testing for you, constantly and continuously. By partnering with X-Force Red, organizations can leverage our expertise and personnel as opposed to trying to halfheartedly execute the processes internally.

A New Chapter

Sounds like good news for businesses and bad news for cybercriminals, right? Exactly. The X-Force Red team is growing rapidly and continuing to attract new talent, and we aren’t just looking for decades of cybersecurity experience to build out our team.

New security challenges also require new ways of thinking. That’s why IBM Security takes a new collar approach to hiring, in which skills and aptitudes are considered over traditional four-year degrees. If you have an appetite or interest in cybersecurity, I encourage you to explore that passion and find a niche within this expansive industry on which to hang your hat.

Sharing is caring in this industry, so share what you’re working on and become a member of the cybersecurity community. Blog, tweet and network with like-minded individuals. You might find that the connections you make today could lead you to a career securing some of the world’s most important organizations with some of the brightest minds in cybersecurity tomorrow.

I’m looking forward to sharing the latest and greatest coming from the team as we write year two in the book of IBM X-Force Red’s history.

Learn More About X-Force Red

More from X-Force

“Authorized” to break in: Adversaries use valid credentials to compromise cloud environments

4 min read - Overprivileged plaintext credentials left on display in 33% of X-Force adversary simulations Adversaries are constantly seeking to improve their productivity margins, but new data from IBM X-Force suggests they aren’t exclusively leaning on sophistication to do so. Simple yet reliable tactics that offer ease of use and often direct access to privileged environments are still heavily relied upon. Today X-Force released the 2023 Cloud Threat Landscape Report, detailing common trends and top threats observed against cloud environments over the past…

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…