Can you remember the moment when you heard your calling to cybersecurity? Matt Dobbs, chief integration architect at IBM’s X-Force Threat Intelligence and Integration Lab in Atlanta, GA, can.

He was working as an IT consultant in the early 2000s, following a brief stint as a Java developer in a “dot-bomb,” when one of his customers called for help. Turned out that their server — the main server for the company — had been used to build a torrent site; the perpetrator had filled up the hard drives and was maxing out bandwidth. Working to clean it up and get the customer operational again was enough for Matt — one taste of the security world was all he needed.

He focused his efforts on cybersecurity consulting until a role opened up at Internet Security Systems. He grabbed it with both hands, eventually ending up at IBM through an acquisition. When IBM pooled its various teams to create IBM Security, Matt was asked to lead the Integration Lab to make the various pieces of the puzzle fit together seamlessly as a unified system for customers.

Building the Building Blocks

“The goal is to take all the IBM products and figure out better ways for those to work together to enhance security,” Matt said. “We have a bunch of point products that are very good at data or they’re very good at identity and access management and things like that, and so our group works with the development teams and offering manager to come up with ways to have these components work together.”

In practice, that means a lot of proofs of concept and proofs of technology as the team comes up with new ideas for the building blocks. If they work, they’ll either create the documentation to help customers integrate them on their own, or they’ll work directly with the engineering and product teams to customize.

However, Matt’s built such a well-oiled machine that these days he spends the bulk of his time in the X-Force Cyber Range building out the technical infrastructure for the stories run in its gamified scenarios and helping to create the experience that puts clients through their paces.

From Dot-Com Bubble to Global Cybersecurity

“Everybody struggles in their own way,” Matt says of the customers he works with. “What I find is that those who are more likely to be financially impacted directly from cybersecurity issues tend to be quicker about or spend more money, time, resources, policies, procedures on it.”

He said that means financial services are “all over it,” allocating a lot of people and money to their cybersecurity, while in the healthcare industry they’re more concerned with patients than firewalls. Working to protect companies across industries all over the world, it’s clear Matt has come a long way since the early days of the new millennium working in a fledgling cybersecurity market.

“There will always be room to grow just because adversaries are always growing, always changing,” he said. “They’re coming up with new techniques and new strategies, so the security industry always has to evolve. There will never be a point where a company is like ‘OK, I’ve got my security in place. We’re good.'”

That, he says, is precisely the purpose of the Cyber Range: to keep clients’ skills sharp and up-to-date. “Wash, rinse, repeat, because things are going to change every day and companies have to keep up with those changes.”

Matt believes the danger of complacence is the greatest threat to security today. He stresses that just because you have a plan doesn’t mean it will always work. “You have to lean forward, jump in, be on your toes and constantly evolve your practices.”

And considering this is a guy who survived the dot-com bubble, he knows a thing or two about what can happen when companies get complacent.

Meet IBM distinguished engineer and master inventor Mike Spisak

More from Threat Intelligence

Phishing kit trends and the top 10 spoofed brands of 2023

4 min read -  The 2024 IBM X-Force Threat Intelligence Index reported that phishing was one of the top initial access vectors observed last year, accounting for 30% of incidents. To carry out their phishing campaigns, attackers often use phishing kits: a collection of tools, resources and scripts that are designed and assembled to ease deployment. Each phishing kit deployment corresponds to a single phishing attack, and a kit could be redeployed many times during a phishing campaign. IBM X-Force has analyzed thousands of…

Grandoreiro banking trojan unleashed: X-Force observing emerging global campaigns

16 min read - Since March 2024, IBM X-Force has been tracking several large-scale phishing campaigns distributing the Grandoreiro banking trojan, which is likely operated as a Malware-as-a-Service (MaaS). Analysis of the malware revealed major updates within the string decryption and domain generating algorithm (DGA), as well as the ability to use Microsoft Outlook clients on infected hosts to spread further phishing emails. The latest malware variant also specifically targets over 1500 global banks, enabling attackers to perform banking fraud in over 60 countries…

Threat intelligence to protect vulnerable communities

2 min read - Key members of civil society—including journalists, political activists and human rights advocates—have long been in the cyber crosshairs of well-resourced nation-state threat actors but have scarce resources to protect themselves from cyber threats. On May 14, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) released a High-Risk Communities Protection (HRCP) report developed through the Joint Cyber Defense Collaborative that addresses the threat to these vulnerable groups, with findings contributed by the X-Force Threat Intelligence team.Cyber criminals seek stolen credentialsThe HRCP…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today