Staying Ahead with Threat Intelligence: Kevin O’Connor Of Adlumin On How to Stay Informed and Agile About New Cyber Security Threats

Keep Up to Date on Known Vulnerabilities

Most cybercriminals exploit known vulnerabilities and attack organizations with vulnerabilities they consider low-hanging fruit. The Cybersecurity and Infrastructure Security Agency (CISA) publishes a Known Exploited Vulnerabilities catalog. This catalog is continuously updated and can be a great way for organizations to ensure they are aware of their own pain points and weaknesses, making them better prepared for an attack.

In the ever-evolving landscape of cybersecurity, keeping abreast of the latest threats, vulnerabilities, and emerging trends is paramount. This becomes increasingly significant as malicious AI poses new challenges. How do Chief Product Security Officers (CPSOs) stay informed about these factors relevant to their organization’s products? More importantly, how do they integrate this vital threat intelligence into their security strategies? As a part of this series, I had the pleasure of interviewing Kevin O’Connor.

Kevin is a cyber ssecurity expert with experience in both defensive solutions, information system security engineering, secure mobile computing solutions, and offensive cyber-operations. His passion is working to solve hard problems along with building and working with great technical and cross-functional teams. Kevin currently works as Director of Threat Research at Adlumin.

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?

I grew up in New York City and attended public school. My interest in technology started at an early age and by the time I graduated high school, I had a pretty good idea of the type of career I wanted to pursue. When it came time to look at colleges Penn State ended up being a good fit. I went there for undergrad and ended up double majoring in areas that lent themselves really well to a career in cyber security. I graduated with a BS in security and risk analysis, and BS in computer and information systems security.

During my time at Penn State I was recruited by the National Security Agency (NSA) as a summer hire while still attending university.I joined full-time after graduating and decided to continue my education by attending the Naval Postgraduate School’s information systems security engineering program through an Agency sponsored development program. That program did a lot to further my cyber security skills. After completing the program,. I served in various cybersecurity-type analyst roles for eight years working in both defensive missions, Commercial Solutions for Classified programs, and computer operations. That time was invaluable and absolutely grew my interest in working in the threat research space. After I left the military, I began working at CrowdStike as a senior security researcher, where I got my first real taste of the private sector world.

Eventually, I was approached to join Adlumin, and the opportunity was an awesome fit. I’m really passionate about the work we do protecting mid-market organizations. As I’ve learned over the course of my career, those organizations often face the same cyber threats as their larger counterparts, but don’t have comparable resources to protect themselves.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

I’ve always been fascinated by technology and an experience I had in middle school really set me on the path to having a career in cybersecurity. I started hacking computers at the public school I went to in New York City — it was a good way to show off in front of friends or get a laugh, but ultimately I got caught. Fortunately, instead of expelling me from school, my teachers and administrators recognized my talent and entered me into a program run in conjunction with Columbia University. The program was focused on tech education, and taught tech-savvy kids how to run networks and computers. We were basically a second level of tech support for the public schools. Participating in this program led me to look into the cyber security program I pursued at Penn State.

Can you share the most interesting story that happened to you since you began this fascinating career?

I’m sorry, that’s classified. But in all seriousness, I would say the most interesting thing that’s happened to me making my career in cybersecurity would be getting recruited to work at the National Security Agency and being able to work in the operations mission.

The NSA had some of the most truly talented and capable experts I have ever met. Every day I was learning something new and often amazing while being able to support the warfighter and national defense mission. The people there had a passion and operations tempo unlike anything I’ve seen in the private sector, and it was the privilege of a lifetime to work with them.

It’s such an interesting experience, because while the field of cybersecurity has a lot of offensively positioned roles such as red-teams and penetration testers — there’s very few people, at least non-criminals, who get to experience ‘hacking’ and operations in a legal and sanctioned way — the real deal. There are a small handful of places, mostly inside the Department of Defense, Department of Justice / Federal Bureau of Investigation, and Intelligence Community where you can really gain and test these skills. I’d recommend anyone out there just starting their cybersecurity journey to consider public service as it’s a great way to up-level your skills while giving back.

You are a successful leader. Which three-character traits do you think were most instrumental to your success? Can you please share a story or example for each?

I think there are definitely a few distinct traits that are an important part of being a successful cybersecurity professional.

Curiosity: the landscape of cyber threats is always changing. To be successful in a career in cybersecurity, and especially for any role involving threat research, you need to bring an insatiable curiosity to your work. At a basic level, careers in cybersecurity and threat research are about problem solving — finding clues and piecing them together. Bringing curiosity and a willingness to learn to your work every day is important, because in the world of cyber security, things are always changing. Everything from new software and services to updated operating systems can present new vulnerabilities and challenges that cyber security professionals need to stay on top of.

Levelheadedness: cybersecurity can be a stressful and challenging industry, and it is important to approach threat research and security response work with a calm demeanor. Some cyber-attacks are designed to elicit emotional responses from targets, so it’s important to stay objective and approach every task thoughtfully and deliberately. Responding to an attack or breach can also be time sensitive and high-pressure, making it important to keep cool at all times.

Skepticism: Oftentimes, the most dangerous cyber criminals are those who can blend in with an environment. For example, they might use social engineering methods to trick users into clicking a link or opening an email that looks like it comes from a trusted contact. Or, attackers might know how to “live off the land” by using existing elements of an IT environment to achieve their goal without deploying malware that could be easily detected. That’s why a healthy sense of paranoia and skepticism about everything is a good trait for anyone in the cybersecurity field. I try to keep Locard’s Exchange Principle in mind when I do my work. It’s a forensic investigative principle developed by Dr. Edmond Locard that states that every step taken during an investigation creates new evidence, which encourages me to question everything and look at problems from new, previously unexplored angles.

Are you working on any exciting new projects now? How do you think that will help people?

At Adlumin we understand cyber criminals never stop evolving, and we take the same approach to our work. In just the past few months, we’ve unveiled new solutions aimed at better protecting our customers, including a subscription-based incident response offering, and new cyber warranty and insurance options through a partnership with Cysurance. We’re also very mindful of improving user experience. Most of our end-customers are small and medium sized organizations where time and manpower are a valuable commodity. Figuring out ways to offer powerful tools that are as user friendly as possible is important to them, which makes it important to us.

Adlumin also releases quarterly threat research reports that serve as an educational tool for our partners and customers. Many of the folks we work with are not cybersecurity experts, but since they wear many different hats in the IT department, they’re still responsible for their organization’s cyber security. By highlighting and explaining emerging cybersecurity threats we hope to help them with the overwhelming task of protecting their organization’s data. Recent threat reports have focused on challenges that financial and educational institutions face, giving professionals in those spaces specific and concrete examples of the unique ways they could be targeted.

We’re always developing new products and services in direct response to the most common challenges our clients face. Right now, we’re seeing a big push into credential harvesting attacks. Bad actors are setting up sophisticated fake websites for organizations and businesses to lure users into inputting their credentials. Once that happens, the criminals use the information they’ve gathered to access and attack the real business or organization they imitated online. While I can’t say too much, we’re doing some exciting work with a brand monitoring solution that we think could help minimize these attacks.

How do emerging technologies like AI and machine learning influence the risk to the cybersecurity landscape?

Emerging technologies like AI and machine learning are sort of a double-edged sword in terms of their impact on the cybersecurity landscape. When implemented effectively by vendors or end-user organizations, these technologies can be utilized to quickly address threats, ultimately boosting an organization’s security posture. Unfortunately, bad actors are also using technology like AI to strengthen their capabilities and make their attacks more effective.

The biggest impact we’re seeing is through AI’s ability to lower the barrier of entry for cyber criminals. Large language models (LLMs) can augment someone’s skills and make them a better programmer, which makes it easier to design malicious code. Because they can improve writing and analyze information very quickly, LLMs can also strengthen social engineering attacks. Making cybercrimes more accessible is a serious security risk, and something we all need to adapt to as AI becomes increasingly ubiquitous.

Could you highlight the types of cyber attacks that you find most concerning today, and why?

There are a few different types of attacks that we see as consistent threats. Some of these attacks are simple and what you’d expect. Attacks involving compromised email accounts or VPNs are continuing to grow and pose serious risks for companies. Once a bad actor has access to login credentials, they can be very patient. They might try to move laterally into other accounts or areas of a network to gain more data. And if ransomware is their end goal, they might be exfiltrating large amounts of data before executing the encryption. Over the summer, the “Play” ransomware attack hit state and local governments, and MSPs, largely by exploiting vulnerabilities in Microsoft Exchange and using stolen credentials.

Attacks targeting third-party providers are also a major concern in our current threat environment and can be a place where company data (or credentials that can be used to access company data) is at risk. The other thing we see evolving in this space is the parties behind these attacks. While ransomware gangs and other criminals are very much still active, we’ve also seen an increase in state-sponsored cyber-attacks.

Can you share an example of a real-world incident or threat related to malicious AI that you’ve encountered, and how you responded to it? What lessons did you learn from that experience?

The real-world example of a threat enhanced by AI that I most often encounter is spear-phishing attacks. LLMs like ChatGPT can help criminals write more detailed and accurate socially engineered emails. This includes things like limiting the number of grammar and spelling mistakes in a message that often serves as a giveaway that the email is a phishing attempt. AI tools can also help attackers add details about an organization, or even an individual’s personal and professional connections to make a message more believable.

My biggest takeaway from responding to these threats is that proactive cybersecurity training has never been more important. For years, we’ve told our customers and partners about how important informed and engaged employees are to an organization’s overall security posture. With phishing attempts becoming increasingly sophisticated, doing due diligence to ensure that an organization’s staff is aware of common phishing techniques, and constantly vigilant is the first line of defense.

What advice do you have for organizations that are in the early stages of developing a security strategy for AI systems? What are the key or guiding principles they should follow? Could you walk us through the recommended steps to take immediately after a cyber-attack is detected?

One major thing to keep in mind when developing a security strategy for AI systems is the importance of logging. In the past there’s been a major push by security professionals and others to cut down on logging whenever possible since capturing too many data points can create a lot of noise. In theory, this means that excessive logging can also slow down a security team’s response to a cyber-attack by creating an overwhelming number of data points to sift through. However, AI can sift through huge amounts of information quickly. Unlike a human focused system, logging everything can actually be a benefit when working with AI, because increasing the amount of data tracked offers more avenues for the AI to discover a breach. This means people working to develop a cybersecurity strategy focused on AI should proactively take steps to log everything, even the stuff that you don’t necessarily think matters.

What are the “5 Things You Need To Stay Informed And Agile About New Cyber Security Threats” and why?

In the complex threat landscape we face, ensuring your organization’s data is protected has never been more challenging. However, there are simple steps that leaders can take, to ensure they and their colleagues are ahead of the curve and equipped to handle common threats.

1. Partner With Experts

Even the best equipped IT team often can’t handle the full scope of the security threats alone. That’s why one of the best ways to stay ahead of emerging threats is partnering with experts. This is especially important for small and mid-sized organizations that often don’t have the resources to run security operations on their own. For these organizations, partnering with an MSP or MSSP can be a great way to augment capabilities.

2. Employee Education

We’ve already spent a little time talking about the sophisticated tools that have revolutionized phishing and other socially engineered attacks. The reality is that even before hackers had these news tools, ensuring that employees are educated about the threat landscape and aware that they are likely being targeted, is an organization’s best tool for stopping attacks. Creating an organizational culture where employees say something when they see something that seems off is key — especially as improved phishing attempts lose some of the classic telltale signs of phishing.

3. Threat Intel

Staying up to date on the latest from cybersecurity threat research from teams like the one I run can be another valuable source of information. The information these teams uncover can be especially valuable for those looking to learn about new threats early. If possible, organizations could also join an Information Sharing and Analysis Center (ISAC) within their respective industries. These groups actively engage with their member organizations and consistently provide members with tools to mitigate risks and enhance resiliency.

4. News Sources

It sounds cliché, but keeping up with the news is also a great way to be aware of emerging cyber security threats. Like most other industry professionals, I read tech publications and the work of major tech reporters at outlets like The Wall Street Journal. I’ve also found that using an RSS reader like Feedly, or something similar, can be a great way to ensure that you never miss a headline.

5. Keep Up to Date on Known Vulnerabilities

Most cybercriminals exploit known vulnerabilities and attack organizations with vulnerabilities they consider low-hanging fruit. The Cybersecurity and Infrastructure Security Agency (CISA) publishes a Known Exploited Vulnerabilities catalog. This catalog is continuously updated and can be a great way for organizations to ensure they are aware of their own pain points and weaknesses, making them better prepared for an attack.

You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. :-)

Thank you for saying that. I think if I could inspire any movement, it would be focused on providing better equity in the tools organizations of all sizes have to protect themselves from cyberattacks. As I’ve mentioned, helping protect organizations that might not have the resources for a dedicated security team is Adlumin’s core business, so this is a movement I’m actively engaged in already and one that’s becoming increasingly more important. For example, Verizon pointed out this year in its annual Data Breach Investigation Report (DBIR) that organizations of all sizes have similar infrastructure and now face similar threats since everything is moving to the cloud. But small and midsized businesses that make up the backbone of the U.S. economy are often the least equipped to survive a business disruption event, like a ransomware attack. Having adequate cybersecurity protection is an existential concern for so many organizations that provide economic value and in many cases do good, so it’s absolutely the part of my day-to-day work that I am the most passionate about.

How can our readers further follow your work online?

I’m active on LinkedIn, that’s the best way to follow my work. You can find me at @Kevin O’Connor. Adlumin also has a blog, where you can find updates about the work my team and I are doing,

Thank you so much for joining us. This was very inspirational, and we wish you continued success in your important work.

About The Interviewer: David Leichner is a veteran of the Israeli high-tech industry with significant experience in the areas of cyber and security, enterprise software and communications. At Cybellum, a leading provider of Product Security Lifecycle Management, David is responsible for creating and executing the marketing strategy and managing the global marketing team that forms the foundation for Cybellum’s product and market penetration. Prior to Cybellum, David was CMO at SQream and VP Sales and Marketing at endpoint protection vendor, Cynet. David is a member of the Board of Trustees of the Jerusalem Technology College. He holds a BA in Information Systems Management and an MBA in International Business from the City University of New York.