IBM X-Force Red marked its first-year anniversary with the addition of security specialists, including Space Rogue, who increases the team’s impressive roster of talent.

Hello, my name is Space Rogue. Well, actually, it’s Cris Thomas, but the security community is most likely to recognize my work over the past two decades under my pseudonym.

The name dates back to the early 1990s, when a few friends and I founded L0pht Heavy Industries, one of the first hacker collectives, based in the Boston area. You may remember us as the seven guys who testified before the U.S. Congress on May 19, 1998, to shed light on the vulnerabilities of the internet.

We said something to the effect of, “Any of the seven individuals seated before you could take down the internet within 30 minutes and we need to do something about it now.” We didn’t know it then, but we were just scratching the surface of what has since transpired in the cybersecurity space.

IBM X-Force Red Welcomes Space Rogue

Since then, I’ve spent much of my time working with startups and small- to medium-sized organizations to uncover cybersecurity vulnerabilities and support the development of security strategies and programs.

One of the companies I worked with over the years was security firm Trustwave. Specifically, I worked with the Spiderlabs Research division, which explored then-new security domains such as threat intelligence and malware analysis.

That’s where I met Charles Henderson, now global head of IBM’s X-Force Red, and Steve Ocepek, regional lead of North America for IBM. They are why I’m here today as one of the newest members of the elite security research and testing X-Force Red team.

I’ll admit, I harbored some concerns around joining a large, global organization such as IBM — a bit of a 180-degree turn from the much smaller shops I’ve worked with in the past. However, after speaking with Charles and Steve, and meeting with the team, I quickly found that X-Force Red has the best of both worlds: We’ve got the ingenuity of a startup, but with the backing and resources of a multinational company that just happens to be a household name.

This recipe for success isn’t going unnoticed and, at a time when cybersecurity skills are scarce and the need for personnel is plentiful, the X-Force Red team is attracting the best of the best. This meeting of the minds, backed by the IBM network, is allowing us to turn seemingly improbable ideas into executable realities.

Cybersecurity Is Everyone’s Problem

As one of the newest members of the X-Force Red team, I’ll be playing a dual role on both the client consultation and solution design/development sides of the team. While I’m more comfortable working in the background — conducting research, testing and developing technology — I’ve had a lot of experience working directly with clients.

I’ve had to be the bearer of bad news, uncovering major security flaws within organizations. I learned a lot about the different perspectives and motivations within a company, from the IT specialist all the way up to the CEO.

Cybersecurity is no longer an IT problem; it’s not even a business problem. It has become just a general problem that every individual and organization needs to address.

This is the problem IBM X-Force Red is helping to solve by promoting a model of continuous testing — not just checking the security box on the quarterly checklist. The best way to maintain security hygiene and stay ahead of the bad guys is to hire dedicated experts who are doing testing all the time. Unfortunately, most organizations don’t have the resources to do that in-house.

That is where X-Force Red comes in. We do the testing for you, constantly and continuously. By partnering with X-Force Red, organizations can leverage our expertise and personnel as opposed to trying to halfheartedly execute the processes internally.

A New Chapter

Sounds like good news for businesses and bad news for cybercriminals, right? Exactly. The X-Force Red team is growing rapidly and continuing to attract new talent, and we aren’t just looking for decades of cybersecurity experience to build out our team.

New security challenges also require new ways of thinking. That’s why IBM Security takes a new collar approach to hiring, in which skills and aptitudes are considered over traditional four-year degrees. If you have an appetite or interest in cybersecurity, I encourage you to explore that passion and find a niche within this expansive industry on which to hang your hat.

Sharing is caring in this industry, so share what you’re working on and become a member of the cybersecurity community. Blog, tweet and network with like-minded individuals. You might find that the connections you make today could lead you to a career securing some of the world’s most important organizations with some of the brightest minds in cybersecurity tomorrow.

I’m looking forward to sharing the latest and greatest coming from the team as we write year two in the book of IBM X-Force Red’s history.

Learn More About X-Force Red

More from X-Force

Widespread exploitation of recently disclosed Ivanti vulnerabilities

6 min read - IBM X-Force has assisted several organizations in responding to successful compromises involving the Ivanti appliance vulnerabilities disclosed in January 2024. Analysis of these incidents has identified several Ivanti file modifications that align with current public reporting. Additionally, IBM researchers have observed specific attack techniques involving the theft of authentication token data not readily noted in current public sources. The blog details the results of this research to assist organizations in protecting against these threats. Key Findings: IBM research teams have…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Audio-jacking: Using generative AI to distort live audio transactions

7 min read - The rise of generative AI, including text-to-image, text-to-speech and large language models (LLMs), has significantly changed our work and personal lives. While these advancements offer many benefits, they have also presented new challenges and risks. Specifically, there has been an increase in threat actors who attempt to exploit large language models to create phishing emails and use generative AI, like fake voices, to scam people. We recently published research showcasing how adversaries could hypnotize LLMs to serve nefarious purposes simply…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today