IBM X-Force Red marked its first-year anniversary with the addition of security specialists, including Space Rogue, who increases the team’s impressive roster of talent.

Hello, my name is Space Rogue. Well, actually, it’s Cris Thomas, but the security community is most likely to recognize my work over the past two decades under my pseudonym.

The name dates back to the early 1990s, when a few friends and I founded L0pht Heavy Industries, one of the first hacker collectives, based in the Boston area. You may remember us as the seven guys who testified before the U.S. Congress on May 19, 1998, to shed light on the vulnerabilities of the internet.

We said something to the effect of, “Any of the seven individuals seated before you could take down the internet within 30 minutes and we need to do something about it now.” We didn’t know it then, but we were just scratching the surface of what has since transpired in the cybersecurity space.

IBM X-Force Red Welcomes Space Rogue

Since then, I’ve spent much of my time working with startups and small- to medium-sized organizations to uncover cybersecurity vulnerabilities and support the development of security strategies and programs.

One of the companies I worked with over the years was security firm Trustwave. Specifically, I worked with the Spiderlabs Research division, which explored then-new security domains such as threat intelligence and malware analysis.

That’s where I met Charles Henderson, now global head of IBM’s X-Force Red, and Steve Ocepek, regional lead of North America for IBM. They are why I’m here today as one of the newest members of the elite security research and testing X-Force Red team.

I’ll admit, I harbored some concerns around joining a large, global organization such as IBM — a bit of a 180-degree turn from the much smaller shops I’ve worked with in the past. However, after speaking with Charles and Steve, and meeting with the team, I quickly found that X-Force Red has the best of both worlds: We’ve got the ingenuity of a startup, but with the backing and resources of a multinational company that just happens to be a household name.

This recipe for success isn’t going unnoticed and, at a time when cybersecurity skills are scarce and the need for personnel is plentiful, the X-Force Red team is attracting the best of the best. This meeting of the minds, backed by the IBM network, is allowing us to turn seemingly improbable ideas into executable realities.

Cybersecurity Is Everyone’s Problem

As one of the newest members of the X-Force Red team, I’ll be playing a dual role on both the client consultation and solution design/development sides of the team. While I’m more comfortable working in the background — conducting research, testing and developing technology — I’ve had a lot of experience working directly with clients.

I’ve had to be the bearer of bad news, uncovering major security flaws within organizations. I learned a lot about the different perspectives and motivations within a company, from the IT specialist all the way up to the CEO.

Cybersecurity is no longer an IT problem; it’s not even a business problem. It has become just a general problem that every individual and organization needs to address.

This is the problem IBM X-Force Red is helping to solve by promoting a model of continuous testing — not just checking the security box on the quarterly checklist. The best way to maintain security hygiene and stay ahead of the bad guys is to hire dedicated experts who are doing testing all the time. Unfortunately, most organizations don’t have the resources to do that in-house.

That is where X-Force Red comes in. We do the testing for you, constantly and continuously. By partnering with X-Force Red, organizations can leverage our expertise and personnel as opposed to trying to halfheartedly execute the processes internally.

A New Chapter

Sounds like good news for businesses and bad news for cybercriminals, right? Exactly. The X-Force Red team is growing rapidly and continuing to attract new talent, and we aren’t just looking for decades of cybersecurity experience to build out our team.

New security challenges also require new ways of thinking. That’s why IBM Security takes a new collar approach to hiring, in which skills and aptitudes are considered over traditional four-year degrees. If you have an appetite or interest in cybersecurity, I encourage you to explore that passion and find a niche within this expansive industry on which to hang your hat.

Sharing is caring in this industry, so share what you’re working on and become a member of the cybersecurity community. Blog, tweet and network with like-minded individuals. You might find that the connections you make today could lead you to a career securing some of the world’s most important organizations with some of the brightest minds in cybersecurity tomorrow.

I’m looking forward to sharing the latest and greatest coming from the team as we write year two in the book of IBM X-Force Red’s history.

Learn More About X-Force Red

more from Application Security

Why Your Success Depends on Your IAM Capability

It’s truly universal: if you require your workforce, customers, patients, citizens, constituents, students, teachers… anyone, to register before digitally accessing information or buying goods or services, you are enabling that interaction with identity and access management (IAM). Many IAM vendors talk about how IAM solutions can be an enabler for productivity, about the return on investment (ROI) that can be…

Controlling the Source: Abusing Source Code Management Systems

For full details on this research, see the X-Force Red whitepaper “Controlling the Source: Abusing Source Code Management Systems”. This material is also being presented at Black Hat USA 2022. Source Code Management (SCM) systems play a vital role within organizations and have been an afterthought in terms of defenses compared to other critical enterprise systems such as Active Directory.…