While most kids were bickering with siblings and fawning over the newest toys, young Nat Prakongpan was building an enterprise network for his school.

Before he became senior manager at the IBM Integration and Threat Intelligence Lab and built a state-of-the-art cyber range from the ground up, Nat spent his childhood in Thailand surrounded by computers. He started programming at age five. At 13, he was certified in network security by one of Thailand’s national labs.

Such was his passion for computing that he stopped going to school in grade six to teach himself at home and later earn a GED — though Nat is quick to point out that his old school let him hang around without attending class, so he was “socialized.”

“When everyone was in class, I was building the computer lab,” Nat laughs. “That’s how I gained experience in building an enterprise network when I was in grade seven.”

That’s right — Nat built his school’s entire network, deploying around 500 machines with everything an enterprise network needed at that time. But this was right as the internet was starting to boom, and, of course, the system was compromised.

“That’s how I quickly pivoted to learning security,” says Nat. “I took more certification classes when I was 15 and was ultimately able to secure that network.”

From Wunderkind to Network Security Expert

So how does a Thai child genius end up in Atlanta tinkering with IBM Security products to get them to talk to each other? If you ask Nat, it was a “total fluke” — in fact, he said much of his adult life is comprised of a series of happy accidents that led him to build IBM’s Cyber Range from the ground up.

The way Nat tells it, he had a few months between finishing his home-schooling and starting university, so he came to the U.S. to stay with his brother-in-law (who was then earning his master’s degree at the University of Florida) and attend an English-language school. His mother encouraged him to apply at the same university and, much to Nat’s surprise, he was accepted, so he stayed for the five years it took to earn his degree in computer engineering.

Like many of his classmates, he struggled to land a good job right out of school. Cue the next happy accident: A friend dragged him along to an information session by Internet Security Systems (ISS) at his alma mater. He had a chat with the team, and they called him at 7 a.m. the next day and asked him to come in for an interview “now.” He got the job and moved to Atlanta.

In an alternate universe, Nat would have led a very different life.

“I would probably have gone to a technical school somewhere in Thailand and worked at some corporation,” he says. “The U.S. and the job I’m in right now is more research and development, but a lot of jobs in Thailand or in Asia are more product users — looking for products to buy versus what we need to build to make things happen. It would be a lot less interesting.”

Home on the Cyber Range

Instead, Nat ended up at IBM Security following IBM’s acquisition of ISS. Still in Atlanta, he now leads the team that ensures all the individual products from IBM Security can work with and talk to each other to provide seamless end-to-end security for customers.

“We write the glue for those products that makes them work together,” he says. “None of them work together out of the box, but my team has the knowledge across all their areas of expertise to make one story from end to end.”

But Nat’s proudest achievement is the IBM Cyber Range in Cambridge, Massachusetts, the first-ever commercial cyber simulator offering a virtual environment in which companies can interact with real-world scenarios to bolster their threat protection and response capabilities. It’s his baby; he architected the technology, got the funding and designed the scenarios. Nat’s team then created a fictional global corporation with around 3,000 virtual workers, built an enterprise network and invented threats. The end result is a fully immersive simulation developed solely to help organizations and individuals learn about crisis situations and improve their incident response skills.

“The training in the Cyber Range is the ultimate success that I have so far: to be able to teach people and pass on the knowledge of best practices,” he says.

Nat may be among the few who built the facility, but he certainly isn’t the only one who recognizes its value. With the Cambridge location now booked more than half a year out, the IBM team set about its next challenge: taking the cyber simulator experience on tour.

Taking the Range on the Road

“One of the things we’ve learned is that our customers invest a lot of time and resources to come though the Cyber Range in Cambridge,” Nat reflects. “It is difficult for a client to bring all its high-level executives into the same location on the same day.

“We were also having a hard time deciding which IBM office would be the host of our next cyber range.”

At this point, the team began exploring more flexible options that would allow the greatest number of people to benefit from the cyber simulation experience. Ultimately, Nat and his colleagues built the first-of-its-kind IBM X-Force Command Cyber Tactical Operations Center (C-TOC).

The C-TOC is not just a state-of-the-art cyber simulation on wheels — Nat proudly explains that it is “a real security operations center (SOC) able to serve live events such as high profile conferences and sporting events.” And to top it all off, the C-TOC is designed to respond to a live attack.

“We can drive up to a client’s site and be able to monitor the attack, as well as perform forensic investigation on systems and networks,” Nat says.

Bringing the C-TOC from a dream to reality involved many of the same technical challenges as creating the Cambridge Cyber Range. The C-TOC, however, is a mobile unit built from the ground up, and Nat’s team therefore had a host of additional considerations to account for, including materials, lighting, electrical, air conditioning, ventilation and more. And to top it all off, they had to maintain compliance with motor vehicle regulations in the U.S. and Europe and ensure that all the technology deployed within the unit would be able to survive the twists and turns of the road.

Nat remembers the first time he heard the C-TOC idea mentioned by IBM Security VP Caleb Barlow.

“Obviously my first thought was that this is a great idea and there are so many possibilities for what we can do with this mobile platform,” he recalls. “My second thought, after I had a little more time, was, ‘Wow, I am going to be responsible for making this all happen!'”

To the surprise of none of his teammates, Nat overcame the obstacles associated with the project, and the C-TOC rolled into action in October 2018. This month, the mobile cyber range will begin a tour of Europe, bringing real-world cyber incident training across the continent.

For Nat, the most rewarding aspect of his involvement with both the Cambridge Cyber Range and the C-TOC has been the responses from IBM customers.

“The excitement we have seen over these projects was phenomenal,” he says. “I think the C-TOC especially also inspires the next generation of youngsters and college students to see what’s possible in cybersecurity and how they can be involved.”

Meet X-Force Command Center Creative Director Allison Ritter

More from Incident Response

How I got started: Incident responder

3 min read - As a cybersecurity incident responder, life can go from chill to chaos in seconds. What is it about being an incident responder that makes people want to step up for this crucial cybersecurity role?With our How I Got Started series, we learn from experts in their field and find out how they got started and what advice they have for anyone looking to get into the field.In this Q&A, we spoke with IBM’s own Dave Bales, co-lead X-Force Incident Command…

How Paris Olympic authorities battled cyberattacks, and won gold

3 min read - The Olympic Games Paris 2024 was by most accounts a highly successful Olympics. Some 10,000 athletes from 204 nations competed in 329 events over 16 days. But before and during the event, authorities battled Olympic-size cybersecurity threats coming from multiple directions.In preparation for expected attacks, authorities took several proactive measures to ensure the security of the event.Cyber vigilance programThe Paris 2024 Olympics implemented advanced threat intelligence, real-time threat monitoring and incident response expertise. This program aimed to prepare Olympic-facing organizations…

How CIRCIA is changing crisis communication

3 min read - Read the previous article in this series, PR vs cybersecurity teams: Handling disagreements in a crisis. When the Colonial Pipeline attack happened a few years ago, widespread panic and long lines at the gas pump were the result — partly due to a lack of reliable information. The attack raised the alarm about serious threats to critical infrastructure and what could happen in the aftermath. In response to this and other high-profile cyberattacks, Congress passed the Cyber Incident Reporting for Critical…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today