Brad Olive, learning services program director at IBM Security, uses knowledge to fight fires.

Since the advent of the internet, Brad has been spreading security awareness — which he thinks it makes him sound ancient. The reality: Brad is a wise force to be reckoned with.

Back in the 1980s — before Tim Berners-Lee ever conjured up the World Wide Web — Brad decided to study computer science and mathematics at the University of California, Riverside. It was a growth industry: The computer was downsizing from giant mainframes to desktop-sized units. The home computer was going through its boom period.

Everyone wanted to know more about technology, and it was an exciting industry for a young man in search of a career.

Getting His Hands Dirty With Security

Brad was (and still is) a hands-on kind of guy. He didn’t just want to learn the theory — he wanted to get his hands dirty. To earn his degree, he built computers and networks and wrote operating systems, compilers, languages and more. He learned everything there was to know about computers — how to build them, how to break them and how to probe their weaknesses and make them secure.

Brad hit the workforce at a crossroads for his industry: When he started at computer technology company Oracle in 1989, the firm only had bridged networks. When routers came out, he thought that was the “best thing in the world.”

As networks evolved — and the world became more connected — Brad began working with some other impressive names. He wrote security policies for NASA and even helped launch first interactive Disney website, Disney’s Daily Blast. Brad’s history within the industry allows him to reflect on the evolution of technology as a whole.

“I think web presence has been an awesome thing, but it’s also opened the highway up right into your house, and into businesses as well,” Brad said.

A Seasoned Expert Brings Security Awareness to the Masses

You’d think that today, more than two decades after Brad began his career, organizations would be better at following security best practices and wouldn’t need to do as much firefighting. Unfortunately, that’s often not the case. Brad worked on early versions of a three-point firewall and has seen firsthand the impact that connectivity can have on a business that lacks security awareness.

In light of his long history in the industry, it seems fititng that Brad ended up building the IBM Security Learning Academy.

The Security Learning Academy is transforming the way IBM educates and upskills not only its own people but its partners and customers as well. In just three short years, it has grown to an average of 32,000 visits per month — with 22,500 registered users taking part in 1,500 courses and 500 hands-on labs. Those are pretty good numbers as far as Brad is concerned.

Initially designed for post-sales to facilitate self-learning and reduce the need for support tickets, the IBM Security Learning Academy has taken on a life of its own. The team Brad leads develops personalized learning road maps aimed at various roles and user types.

The IBM Security Learning Academy was born out of the IBM Think conference. Every year at the conference, students would flock to IBM — and IBMers invested a lot of resources creating labs for them to experience new technology. Once the conference was over, however, the lab was gone.

Knowing the work it took to put those temporary labs together, Brad looked at it from a financial perspective and wanted to get more value out of the work his team was doing. He also foresaw the trend of microlearning. Gone are the days of paying for a week-long course — today, students want snapshots they can learn from on their own time.

“We created what we called a ‘golden ticket’ for the conference. We put the content online post-event and intended to shut it down after three months,” Brad explained. “We figured we’d get around 500 people using it, but we had 2,000 courses taken. It was kind of a no-brainer to turn this from a one-week event to just have it available year-round, all the time, for everybody.”

Ever humble, Brad insists there’s “definitely room for improvement” because they’re trying to cover both the fundamentals and deep-dive content at the same time — and due to the speed of technology, there are always new areas requiring new content. His team works hard to keep up with the demand.

“Security is such a huge topic, of course, and we can’t cover everything,” he said. “Obviously the Academy isn’t the end-all, but we definitely need education out there.”

Why Comprehensive Education Is Crucial to Extinguishing Security Fires

Recently, Brad has noticed a distinct change in the industry. In decades past, organizations had a designated “security guy” who enrolled in IT systems and learned about everything end to end. Today, security teams are much larger, and IT professionals’ roles often require them to master only a single subset of the infrastructure.

After many years of watching technology and security develop, Brad said he’s worried about this move to a task-oriented workforce. While it’s great that technology has advanced to a point where a router is no longer groundbreaking, he wants to make sure great technology remains robust.

To do so, Brad stressed that organizations need strong IT leaders and staffers who understand how the whole security ecosystem fits together. If team members focus solely on their own tasks, they can potentially expose the company to vulnerabilities and compliance issues.

“We’re rolling out so many new processes to protect our world that we’re going to leave holes,” Brad said. “There’s going to be a next leap, and every time there’s a next leap in something, it opens a bunch of new fires. There are so many attacks and so many threats that we’re focusing on putting the next fire out and not worried about collecting up all the matches to stop fires in the first place.”

Meet Technical Support Engineer Alex Rombak

More from Security Services

The One Place IT Budget Cuts Can’t Touch: Cybersecurity

If IT spending is slowing, will business leaders follow a similar approach for cybersecurity budgets? Probably not. Gartner predicts that end-user spending on both security technology and services will see an annual growth rate of 11% over the next four years. And the market is anticipated to reach $267.3 billion in 2026. Many security professionals agree that security spending cuts aren’t likely. Given the current threat landscape, strong security has quickly become a business imperative. Security has become the highest…

Defining the Cobalt Strike Reflective Loader

The Challenge with Using Cobalt Strike for Advanced Red Team Exercises While next-generation AI and machine-learning components of security solutions continue to enhance behavioral-based detection capabilities, at their core many still rely on signature-based detections. Cobalt Strike being a popular red team Command and Control (C2) framework used by both threat actors and red teams since its debut, continues to be heavily signatured by security solutions. To continue Cobalt Strikes operational usage in the past, we on the IBM X-Force…

What is a Red Teamer? All You Need to Know

A red teamer is a cybersecurity professional that works to help companies improve IT security frameworks by attacking and undermining those same frameworks, often without notice. The term “red teaming” is often used interchangeably with penetration testing. While the terms are similar, however, there are key distinctions. First and foremost is the lack of notice from red teams. Pen testing may be scheduled in advance to assess the ability of specific security measures to handle a simulated attack; red team…

What is a Blue Teamer, and How Can They Protect Your Data?

Modern-day cybersecurity isn't just about preventing and responding to threats; it's about setting up defenses that can detect and respond to suspicious activity before it can do any damage. But to adequately protect an organization's systems, a team of cybersecurity professionals needs to work together to put their security protocols to the test. To do this effectively, teams are divided into two distinct groups: red and blue. The blue team comprises various specialists, including security analysts, penetration testers and incident…