CTA Board of Directors Spotlight: Matt Watchinski, Vice President of Cisco Talos
What inspired you to be a part of founding CTA?
The ability to get all the security companies that had a similar security vision in the same place talking about the same problems. The truly important part we considered is, how do we share intelligence amongst each other? Who are the actors we’re tracking and what motivates them? Everyone has a unique view of the threats we face based on the products and services they provide. If you only have endpoint, you may never see anything in email. So, by bringing all these companies together and collaborate on all the things they share, we can learn to create a better, mutual outcome for all our customers and the internet.
What does it mean to be a member of CTA’s board of directors?
One thing I love to do is I get to do is talk to the other board members and understand how they view protecting their customers. What are their challenges? How do they see the world? With their views, they get different ideas than what we at Talos have. And that’s probably the most important thing. We are all on our own path. So, we don’t necessarily have external views about how other people see the world. I love being able to spend time with the other board members who run other companies — they all have different issues they’re trying to address, and we have different and unique challenges and opinions on how things go and it’s important to share those with one another.
What makes CTA different from other information-sharing agreements?
The depth. In many of our relationships, it’s a one-way or very technical two-way relationship. There’s not a lot of back-and-forth and it’s very machine-to-machine. With the CTA, we do a lot of human-to-human, where our analysts talk about problems they’re encountering. It’s not just a URL or a hash around why one thing is specifically bad. It’s talking about deeper things about what kind of policy can we implement to affect change. There’s a lot of trust that that builds. Also, I know we can exchange high-value data with other members because we trust them. That allows us to create deep sharing relationships around very complicated things that we don’t necessarily have elsewhere.
There are 100 million security organizations out there that are all focused on something. But they’re relatively fractured in their capability. When you look at the CTA, you’ve got 34 organizations working toward the same mission. I would put it out there that we should have fewer security sharing groups and alliances and we should all head toward a singular goal of working together rather than splintering our intelligence.
Today, ransomware is a prolific high-impacting threat. What do you see as CTA’s role in (deterring, disrupting, responding, etc.) to this beast?
It really is around policy. As we find more inroads through the Ransomware Task Force and some of these other pseudo-government advisory boards, it’s about creating incentives and disincentives. You don’t fix the ransomware problem by making the best, most secure software. You need to take the money out of it. And right now, there isn’t a great way of doing that. The CTA can find a way to find the options that do exist to disincentivize these actors, as we did after the Colonial Pipeline attack last year.
Who inspires you in the security community?
One of the guys I spent a lot of time with is H.D. Moore. I met him, probably in 1998, he was probably 16 at the time and I wasn’t much older. That’s a super smart dude, who’s had an interesting life, and he goes and creates Metasploit, he goes and works with Rapid7 and essentially creates the industry of selling a framework that helps penetration testers do a lot of interesting things and drive the art of exploitation, all in the realm of making the internet a safer place. There are a lot of other people I could name and go on and on, but then I’d feel bad for leaving someone out.
What keeps you motivated?
I believe that everyone should have a higher goal. You should have something that’s slightly beyond yourself, that’s related to the people around you. When you wake up in the morning, it shouldn’t be about serving yourself. While that should be some portion of your day, it can become unfulfilling. You need to have something that’s slightly above you to focus on as a goal. If we were to make the world 100 percent secure, the world would be a better place. Being able to eliminate the problem of security, I think, is highly motivating to a lot of people. And recently, you look at our work around Ukraine. These are a bunch of people who are fighting for their country and believe in freedom and democracy. The good and evil of the situation is obvious when you can clearly see the delineation. If we can help the good guys defeat evil, of course we’re going to work toward that.
What do you like to do for fun, or in your downtime outside of work?
My wife has a sailboat, and that’s a lot of fun. We’re working on getting ready to take it racing. It’s a complex math problem, but also this really interesting asset that sails on water — it shouldn’t work, but it does. You do everything in this hilarious system of knots that are somehow equivalent to miles per hour, and when you’re going 10 knots per hour you feel like you’re flying at 70 mph. I’m also a major shooting sports enthusiast.
Matt Watchinski is the vice president of Cisco Talos, the company’s global threat intelligence group. With over 300 security researchers globally, Talos is the largest commercial threat intelligence group in the world. As leader of Talos, Watchinski is responsible for ongoing intelligence activities necessary to ensure Cisco’s security products and services are up-to-date and consistently detecting the latest cybersecurity threats.