Breaking the Mold
As a Principal Researcher for Palo Alto Networks’ threat intelligence division, Unit 42, I’m focused on hunting cybercriminal threats and providing timely analysis and actionable intelligence to our customers and global security community. I’m based in Amsterdam, and my team and I work in close collaboration with the international security and law enforcement community to stop threat actors, and we educate customers about potential threats and help them prioritize their resources to protect themselves.
Unlike many of my colleagues, who knew early in life that they wanted to pursue careers in cybersecurity or computer science, my background includes a variety of different, seemingly unrelated experiences. I grew up in Taiwan and was interested in international affairs and communications, so I attended college at National Chengchi University and earned my bachelor’s degree in diplomacy. After graduating, I gave myself two years to explore any career that interested me. I worked for a short time as a set designer with a filmmaking team, and then I worked as an editor for a company that published a design magazine and did public relations.
In 2008, I decided to return to school and earn a master’s degree at American University in international communication, and I was interested in the numerous opportunities available in the U.S. This was just as the global economic crisis was beginning.
During my master’s program, I actually had aspirations of becoming a film professor — film is still a huge passion of mine. However, after I completed my master’s program, the recession made it very difficult to obtain a job. The first job I could get was as a translator for a cybersecurity company. After learning the basics of the field, I realized there was a real need for cybersecurity research, and that was something I was very interested in, so I convinced my employer to train me in security research. In that role, I focused on Chinese financially motivated cybercrimes.
That experience helped me understand how to detect and diagnose threats, but I wanted to learn more about how to address that on the client side, so I took a position with Uber, managing a global fraud intelligence program that identified cyber tools and tactics used against us in the ride-sharing industry.
After doing that for a couple of years, I realized that I missed doing research, and I wanted to work with a visionary leader in the space. I was familiar with Unit 42 and Palo Alto Networks, having worked in cybersecurity, so when I got the opportunity to work here, I jumped at it.
Although it doesn’t at first seem that my education and background would fit well with my current role, I do believe that it all contributes to my work in some way. In my diplomacy and international relations studies, I learned about the relationships among nuclear powers and nation states, non-governmental organizations, public diplomacy, global economies, and technology-empowered individuals who make a drastic impact on international politics. Knowing what’s happening in international societies and their economic policies is extremely useful in providing context for and explaining certain cybercrime campaigns, such as why those crimes were executed in the ways they were and why specific victims were targeted.
Additionally, my intercultural communications training included a master’s thesis in which I reviewed a virtual group to examine how they communicated with each other. This has been helpful in analyzing the behaviors, patterns, and business models of threat actors, which enable security defenders to develop strategies based on threat actors’ weaknesses and limits.
In my experience studying intercultural communications, I’ve encountered three analogies for how people interact in their world. The first is the idea of the melting pot, in which everyone fuses together to become one. The second is the salad bowl, in which very different people and backgrounds mix together but remain intact. The third is the cookie cutter, in which individuals force themselves into an existing mold — sometimes cutting parts of yourself away to fit.
Many people think of technology as being a cookie-cutter setting — they believe there’s a mold you have to fit with a specific set of experiences, behaviors, and skills. But what I’ve found here at Palo Alto Networks is that people in tech appreciate the unique qualities each person brings to a role. They hire you with the expectation that you will enrich the role with your own personality, ideas, and perspectives, and diverse experiences are welcome. So if working in technology interests you, my advice is it to just be yourself!
My View from the Cybersecurity Frontlines
Ryan Olson, Vice President, Threat Intelligence (Unit 42), R&D
When I was a kid watching Star Trek, I used to imagine that someday in the future, life would be like that: People walking around with small computers, instant communication devices, on their chests that would give them access to any information they needed. I think a lot of us did. We’d fantasize about having devices that could obey our every command and, at any time, we could just ask them to give us any information we wanted. But in those episodes, there were few moments in which security threats arose — where the communication channels those devices used to retrieve that information were threatened. No one ever asked about the system’s firewall. We just took for granted that it was all secure. That might not have made exciting TV back then, but none of us would want to be on the Enterprise under a cyber attack.
My colleagues and I who work in Threat Intelligence for Palo Alto Networks are often thinking about the technology of the future, and we still get excited imagining all that’s possible. But it’s our job to understand that as we move closer to that space-age future of our imaginations, we also become more vulnerable to cyber threats. We are constantly working to anticipate the threats to come, understand how they operate, and share what we know with the cybersecurity community in order to make the digital world safer.
My Journey to Threat Intelligence
I wouldn’t say I was predestined to work in cybersecurity. I had been interested in technology and planned to begin a career in programming while I was in college. But in 2003, the National Security Administration established the National Centers of Academic Excellence in Cyber Defense to address the (correctly) anticipated shortfall of cybersecurity professionals that could present a serious global threat. Each of the designated schools offered a scholarship for service (SFS) program: If you agreed to work for the government for two years, the NSA would pay for two years of schooling to train you in cyber defense. At the time I was considering earning a master’s degree, and although for personal reasons I didn’t end up participating in that SFS program, I got excited about a career defending computer networks, so I eventually enrolled in a master’s degree program in security informatics at Johns Hopkins University.
When it was time for me to do my summer internship between the two years of the program, I was fortunate to find a great opportunity with a security intelligence company. I spent an entire summer learning malware analysis, which led me to my current career.
The Knowledge Leaders
Unit 42 was started in 2014 by Palo Alto Networks’ Chief Security Officer at the time, Rick Howard, and myself. Rick is one of the smartest people I know, but his greatest talent is his ability to boil complex ideas down into simple, understandable terms. The idea for Unit 42 was to take all of the data we were collecting from our platform, in particular the WildFire malware analysis system and use it to not just create new prevention controls for our customers, but to better understand how adversaries are targeting them. With a stronger understanding of the adversary, we can build better products but also expose threat actors in the public and educate the world about their tactics. Our team consists of malware and threat intelligence analysts who look at our collective data to understand how adversaries launch their attacks, what tools do they use and how do they change over time. Then we share this information through our blog, white papers and other channels. In some instances we can go from uncovering a threat to publishing information about it in less than 24 hours. We move as quickly as possible to capture the critical details of the threat and share them with those who can use it to defend themselves.
This runs counter to the way many companies do business, which is to hoard information so that competitors can’t get hold of it. For us, there’s obvious value in sharing this information because our primary goal is to make it harder for the bad guys to win. If a bad guy has been launching attacks for three years, he’s doing the same things repeatedly because it keeps working. But if we write a report about it and publish it for the entire world to see, it stops the cycle of the attack, making the world safer for all of us.
As part of our global efforts, we founded the Cyber Threat Alliance (CTA) several years ago. This consortium of 25 cybersecurity vendors operates under the idea that a rising tide floats all boats. We share important threat intelligence with each other explicitly so we can all translate it into protection controls in our various products. What I love most about my work is the astounding amount of cooperation that I get from other organizations. When we need help or we need to alert customers to a problem of some kind, everybody immediately jumps in because they want to go and help. We all realize that we’re on the same team, fighting the same fight.
But there’s additional value for Palo Alto Networks in publishing this information: It demonstrates to the world that we are knowledge leaders in cybersecurity, at the forefront of the industry. Unit 42 is one aspect of the careers available in our industry, and sharing information is a crucial part of our work. Although people may not immediately know our company name the way they do others in the technology space, we are the biggest enterprise security company in the world, with 60,000 customers globally. So I think it’s important to point out to anyone who is considering a career in technology that working for Palo Alto Networks really enables us to have an enormous impact on worldwide security, and that is incredibly rewarding.