Can you remember the moment when you heard your calling to cybersecurity? Matt Dobbs, chief integration architect at IBM’s X-Force Threat Intelligence and Integration Lab in Atlanta, GA, can.

He was working as an IT consultant in the early 2000s, following a brief stint as a Java developer in a “dot-bomb,” when one of his customers called for help. Turned out that their server — the main server for the company — had been used to build a torrent site; the perpetrator had filled up the hard drives and was maxing out bandwidth. Working to clean it up and get the customer operational again was enough for Matt — one taste of the security world was all he needed.

He focused his efforts on cybersecurity consulting until a role opened up at Internet Security Systems. He grabbed it with both hands, eventually ending up at IBM through an acquisition. When IBM pooled its various teams to create IBM Security, Matt was asked to lead the Integration Lab to make the various pieces of the puzzle fit together seamlessly as a unified system for customers.

Building the Building Blocks

“The goal is to take all the IBM products and figure out better ways for those to work together to enhance security,” Matt said. “We have a bunch of point products that are very good at data or they’re very good at identity and access management and things like that, and so our group works with the development teams and offering manager to come up with ways to have these components work together.”

In practice, that means a lot of proofs of concept and proofs of technology as the team comes up with new ideas for the building blocks. If they work, they’ll either create the documentation to help customers integrate them on their own, or they’ll work directly with the engineering and product teams to customize.

However, Matt’s built such a well-oiled machine that these days he spends the bulk of his time in the X-Force Cyber Range building out the technical infrastructure for the stories run in its gamified scenarios and helping to create the experience that puts clients through their paces.

From Dot-Com Bubble to Global Cybersecurity

“Everybody struggles in their own way,” Matt says of the customers he works with. “What I find is that those who are more likely to be financially impacted directly from cybersecurity issues tend to be quicker about or spend more money, time, resources, policies, procedures on it.”

He said that means financial services are “all over it,” allocating a lot of people and money to their cybersecurity, while in the healthcare industry they’re more concerned with patients than firewalls. Working to protect companies across industries all over the world, it’s clear Matt has come a long way since the early days of the new millennium working in a fledgling cybersecurity market.

“There will always be room to grow just because adversaries are always growing, always changing,” he said. “They’re coming up with new techniques and new strategies, so the security industry always has to evolve. There will never be a point where a company is like ‘OK, I’ve got my security in place. We’re good.'”

That, he says, is precisely the purpose of the Cyber Range: to keep clients’ skills sharp and up-to-date. “Wash, rinse, repeat, because things are going to change every day and companies have to keep up with those changes.”

Matt believes the danger of complacence is the greatest threat to security today. He stresses that just because you have a plan doesn’t mean it will always work. “You have to lean forward, jump in, be on your toes and constantly evolve your practices.”

And considering this is a guy who survived the dot-com bubble, he knows a thing or two about what can happen when companies get complacent.

Meet IBM distinguished engineer and master inventor Mike Spisak

More from Security Services

The One Place IT Budget Cuts Can’t Touch: Cybersecurity

If IT spending is slowing, will business leaders follow a similar approach for cybersecurity budgets? Probably not. Gartner predicts that end-user spending on both security technology and services will see an annual growth rate of 11% over the next four years. And the market is anticipated to reach $267.3 billion in 2026. Many security professionals agree that security spending cuts aren’t likely. Given the current threat landscape, strong security has quickly become a business imperative. Security has become the highest…

Defining the Cobalt Strike Reflective Loader

The Challenge with Using Cobalt Strike for Advanced Red Team Exercises While next-generation AI and machine-learning components of security solutions continue to enhance behavioral-based detection capabilities, at their core many still rely on signature-based detections. Cobalt Strike being a popular red team Command and Control (C2) framework used by both threat actors and red teams since its debut, continues to be heavily signatured by security solutions. To continue Cobalt Strikes operational usage in the past, we on the IBM X-Force…

What is a Red Teamer? All You Need to Know

A red teamer is a cybersecurity professional that works to help companies improve IT security frameworks by attacking and undermining those same frameworks, often without notice. The term “red teaming” is often used interchangeably with penetration testing. While the terms are similar, however, there are key distinctions. First and foremost is the lack of notice from red teams. Pen testing may be scheduled in advance to assess the ability of specific security measures to handle a simulated attack; red team…

What is a Blue Teamer, and How Can They Protect Your Data?

Modern-day cybersecurity isn't just about preventing and responding to threats; it's about setting up defenses that can detect and respond to suspicious activity before it can do any damage. But to adequately protect an organization's systems, a team of cybersecurity professionals needs to work together to put their security protocols to the test. To do this effectively, teams are divided into two distinct groups: red and blue. The blue team comprises various specialists, including security analysts, penetration testers and incident…