These days, Nick Bradley is policing the world of cyberthreats in his role as practice lead of the IBM X-Force Incident Response and Intelligence Services (IRIS) Threat Analysis Group — but that wasn’t always the plan.

Nick comes from a multigenerational military family — his daughters are currently about to enter the service. Growing up in “middle of nowhere Florida,” there weren’t many options for Nick; he could either follow his family into the military or go to work at the local federal prison as a correctional officer. He pursued the best of both worlds by entering active duty with the Army military police, working his way to sergeant and switching to Reserves so he could study and become an officer, all the while maintaining a private hobby building computers and gaming.

One day, Nick came into work at the dispatch desk to find the computer switched off; it had a virus, the desk sergeant said, and they needed to wait for IT to come and fix it tomorrow.

“So I cleaned it up because I knew how to,” remembers Nick. “And it was something simple, too — it wasn’t some bleeding edge virus, it was one that had been out there forever. Back then, people had viruses on machines all the time. So I cleaned that up and went to work, didn’t think anything more of it.

“Then the next morning when all of the brass came in, I got called into the sergeant major’s office, and he wanted to know how I knew how to fix that computer.”

Changing Careers Under Orders

Nick’s personal tech interests ended up causing a major turn in his career. The brass told him he had a new job as a system administrator in the provost marshal’s office, and the rest is history.

“The thing was, in my mind, I still wanted to be military police, and so I was just doing this because that’s what they ordered me to do,” he says. “I even got accepted into the SWAT, or what the Army calls the SRT, and I did that on weekends so I could still be a cop.”

Nick later went to the Army Reserve and joined the Army R.O.T.C. program with the goal of becoming a commissioned officer. During that time, he also picked up some contract IT work to help pay the bills. Ultimately, it was this part-time job that led to a full-time career with Internet Security Systems — later acquired by IBM — and Nick decided not to commission back into active duty.

“It was an extremely hard decision because I love the military, but I realized I was going to be able to make a difference in this field that I never even knew existed, and that I was going to be able to provide a better life for my wife and kids.”

These days, Nick is still patrolling and protecting — he’s just a bit more desk-bound than he was while on active duty. Running the threat analysis group inside X-Force IRIS means Nick is in charge of the team that scours the net for signs of threats, turning it all into actionable intelligence not just for IBM clients, but for the world at large.

Quick to point out their role within a larger team — and that a lot of other groups contribute to the threat analysis — Nick explains how he and his X-Force IRIS colleagues identify issues. Using proprietary tools, the team scrapes the internet for text featuring keywords and information they find important: security patches being released, vulnerabilities exposed, breach disclosures and other info. They also have other groups within IBM they use as trusted sources, such as the incident response side of X-Force IRIS and IBM Trusteer, as well as external companies including Cisco Talos, Palo Alto Networks, Trend Micro and others.

Actionable Security Intelligence Beats the Bad Guys

“Our primary goal is to parse through all that noise and sort out what is hot versus what is just hype,” Nick says, explaining that the important information is made available through the team’s daily newsletter and through X-Force Exchange Collections.

“We don’t just want to be the person running around screaming ‘the sky is falling’ — we want to be the one telling you here’s where you go so you don’t get hurt. So we are always trying to share not just the intel, but also some form of action that can be taken, or actionable intelligence. That ranges from mitigation recommendations to actual indicators of compromise, what’s called IoC, and those can usually be directly loaded into protection platforms or into SIEMs.”

After nearly two decades watching threats and developing mitigations, Nick says the biggest thing that’s changed in cybersecurity is that the world now (finally!) takes it seriously. It used to be difficult to get a company to spend money on security; once they started seeing competitors suffer financial and reputational damage, though, that all changed.

But if the good news is that everyone has become more security-savvy, flip side is that the “bad guys are getting more sophisticated as well,” Nick says. Plus, there’s now there’s a “trickle-down” effect where high-level threat actors and advanced persistent threat (APT) groups release their tools onto the web, and lesser groups then access them to wreak their own havoc.

“One thing I think has significantly changed is the idea of hacking for infamy and glory,” says Nick. “For the longest time it was about compromising somebody and defacing their website — ‘you’ve been hacked, haha.’ It still happens, but that’s not the focus anymore. The focus now is espionage; it’s about money, sabotage, political agendas.”

All that must be hard for a guy from a law enforcement background. Nick says it was difficult at first to get used to mitigating, defending and protecting instead of directly going after the bad guys.

“That is a stark difference,” he says, “but I still think you make a better impact with protecting and defending than you would trying to go after individuals. We leave that to the FBI.”

Meet IBM X-Force incident command leader Mike Barcomb

More from Incident Response

SOCs Spend 32% of the Day On Incidents That Pose No Threat

4 min read - When it comes to the first line of defense for any company, its Security Operations Center (SOC) is an essential component. A SOC is a dedicated team of professionals who monitor networks and systems for potential threats, provide analysis of detected issues and take the necessary actions to remediate any risks they uncover. Unfortunately, SOC members spend nearly one-third (32%) of their day investigating incidents that don't actually pose a real threat to the business according to a new report…

4 min read

Poor Communication During a Data Breach Can Cost You — Here’s How to Avoid It

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…

5 min read

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

2 min read - Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last…

2 min read

Expert Insights on the X-Force Threat Intelligence Index

5 min read - Top insights are in from this year’s IBM Security X-Force Threat Intelligence Index, but what do they mean? Three IBM Security X-Force experts share their thoughts on the implications of the most pressing cybersecurity threats, and offer guidance for what organizations can do to better protect themselves. Moving Left of Boom: Early Backdoor Detection Andy Piazza, Global Head of Threat Intelligence at IBM Security X-Force, sat down with Security Intelligence to chat with us about the rise in the deployment…

5 min read