Many readers will have heard that I in handed my notice to IBM a few weeks back, and actually (finally) departed the company mid-last week. This week I begin my new role at Damballa as VP of Research.
By way of history, having worked for several NZ and UK-based companies previously, I rejoined ISS back in 2005 as Director of X-Force and relocated to Atlanta - just in time to pick up the reigns following Cisco-gate (funny true story - I was actually a backup speaker at Blackhat that year and if Mike Lynn hadn't got on stage I would have probably have been giving a replacement talk - even though at the time I was working NGS Software (so wasn't involved in ripping pages out of the conference books) - can't remember what topic I had submitted though). Then, in October 2006 IBM came along and gobbled up ISS, and I decided to shift in to a more strategic role - Chief Security Strategist.
I largely enjoyed my time with IBM, and got to work on many interesting (and HUGE) projects. However, as with any big company, I found myself moving further and further away from the coalface of security. And, for anyone thats known me for some time, they'll know that I'm deeply interested in the technical aspects of security evolution and cybercrime - which isn't something that IBM is typically associated with.
So, with that in mind, I decided to join Damballa (conveniently located in Atlanta - the Silicon Valley for security companies) and focus on the most important security threat affecting enterprises today - botnets and organized crimeware. If you're at least partially familiar with the threat, then you've probably already seen or heard about some of the leading research Damballa are doing in this area. Given all that, it was a no brainer for me to join Damballa and work to kick things up a notch or two in stopping the bad guys.
I obviously won't be posting to ISS' Frequency-X blog, but you'll be able to tune in to my botnet analysis and threat evolution opinions on Damballa's blog. For other security topics not specifically associated with Damballa and crimeware, I'll continue to post here in my personal security blog - and post new whitepapers over at my main Web site Technical Info.
If you're really interested in what I'm doing, the press announcement can be found here.
I'm really looking forward to diving deeper in to the rapidly evolving botnet threat and, just as importantly, having a a little more elbow room when discussing/publishing whats going on with the threat (without an entourage of PR bodyguards).