Can you remember the moment when you heard your calling to cybersecurity? Matt Dobbs, chief integration architect at IBM’s X-Force Threat Intelligence and Integration Lab in Atlanta, GA, can.

He was working as an IT consultant in the early 2000s, following a brief stint as a Java developer in a “dot-bomb,” when one of his customers called for help. Turned out that their server — the main server for the company — had been used to build a torrent site; the perpetrator had filled up the hard drives and was maxing out bandwidth. Working to clean it up and get the customer operational again was enough for Matt — one taste of the security world was all he needed.

He focused his efforts on cybersecurity consulting until a role opened up at Internet Security Systems. He grabbed it with both hands, eventually ending up at IBM through an acquisition. When IBM pooled its various teams to create IBM Security, Matt was asked to lead the Integration Lab to make the various pieces of the puzzle fit together seamlessly as a unified system for customers.

Building the Building Blocks

“The goal is to take all the IBM products and figure out better ways for those to work together to enhance security,” Matt said. “We have a bunch of point products that are very good at data or they’re very good at identity and access management and things like that, and so our group works with the development teams and offering manager to come up with ways to have these components work together.”

In practice, that means a lot of proofs of concept and proofs of technology as the team comes up with new ideas for the building blocks. If they work, they’ll either create the documentation to help customers integrate them on their own, or they’ll work directly with the engineering and product teams to customize.

However, Matt’s built such a well-oiled machine that these days he spends the bulk of his time in the X-Force Cyber Range building out the technical infrastructure for the stories run in its gamified scenarios and helping to create the experience that puts clients through their paces.

From Dot-Com Bubble to Global Cybersecurity

“Everybody struggles in their own way,” Matt says of the customers he works with. “What I find is that those who are more likely to be financially impacted directly from cybersecurity issues tend to be quicker about or spend more money, time, resources, policies, procedures on it.”

He said that means financial services are “all over it,” allocating a lot of people and money to their cybersecurity, while in the healthcare industry they’re more concerned with patients than firewalls. Working to protect companies across industries all over the world, it’s clear Matt has come a long way since the early days of the new millennium working in a fledgling cybersecurity market.

“There will always be room to grow just because adversaries are always growing, always changing,” he said. “They’re coming up with new techniques and new strategies, so the security industry always has to evolve. There will never be a point where a company is like ‘OK, I’ve got my security in place. We’re good.'”

That, he says, is precisely the purpose of the Cyber Range: to keep clients’ skills sharp and up-to-date. “Wash, rinse, repeat, because things are going to change every day and companies have to keep up with those changes.”

Matt believes the danger of complacence is the greatest threat to security today. He stresses that just because you have a plan doesn’t mean it will always work. “You have to lean forward, jump in, be on your toes and constantly evolve your practices.”

And considering this is a guy who survived the dot-com bubble, he knows a thing or two about what can happen when companies get complacent.

Meet IBM distinguished engineer and master inventor Mike Spisak

More from Threat Intelligence

“Authorized” to break in: Adversaries use valid credentials to compromise cloud environments

4 min read - Overprivileged plaintext credentials left on display in 33% of X-Force adversary simulations Adversaries are constantly seeking to improve their productivity margins, but new data from IBM X-Force suggests they aren’t exclusively leaning on sophistication to do so. Simple yet reliable tactics that offer ease of use and often direct access to privileged environments are still heavily relied upon. Today X-Force released the 2023 Cloud Threat Landscape Report, detailing common trends and top threats observed against cloud environments over the past…

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…