September 7, 2018 By Security Intelligence Staff 4 min read

Brad Olive, learning services program director at IBM Security, uses knowledge to fight fires.

Since the advent of the internet, Brad has been spreading security awareness — which he thinks it makes him sound ancient. The reality: Brad is a wise force to be reckoned with.

Back in the 1980s — before Tim Berners-Lee ever conjured up the World Wide Web — Brad decided to study computer science and mathematics at the University of California, Riverside. It was a growth industry: The computer was downsizing from giant mainframes to desktop-sized units. The home computer was going through its boom period.

Everyone wanted to know more about technology, and it was an exciting industry for a young man in search of a career.

Getting His Hands Dirty With Security

Brad was (and still is) a hands-on kind of guy. He didn’t just want to learn the theory — he wanted to get his hands dirty. To earn his degree, he built computers and networks and wrote operating systems, compilers, languages and more. He learned everything there was to know about computers — how to build them, how to break them and how to probe their weaknesses and make them secure.

Brad hit the workforce at a crossroads for his industry: When he started at computer technology company Oracle in 1989, the firm only had bridged networks. When routers came out, he thought that was the “best thing in the world.”

As networks evolved — and the world became more connected — Brad began working with some other impressive names. He wrote security policies for NASA and even helped launch first interactive Disney website, Disney’s Daily Blast. Brad’s history within the industry allows him to reflect on the evolution of technology as a whole.

“I think web presence has been an awesome thing, but it’s also opened the highway up right into your house, and into businesses as well,” Brad said.

A Seasoned Expert Brings Security Awareness to the Masses

You’d think that today, more than two decades after Brad began his career, organizations would be better at following security best practices and wouldn’t need to do as much firefighting. Unfortunately, that’s often not the case. Brad worked on early versions of a three-point firewall and has seen firsthand the impact that connectivity can have on a business that lacks security awareness.

In light of his long history in the industry, it seems fititng that Brad ended up building the IBM Security Learning Academy.

The Security Learning Academy is transforming the way IBM educates and upskills not only its own people but its partners and customers as well. In just three short years, it has grown to an average of 32,000 visits per month — with 22,500 registered users taking part in 1,500 courses and 500 hands-on labs. Those are pretty good numbers as far as Brad is concerned.

Initially designed for post-sales to facilitate self-learning and reduce the need for support tickets, the IBM Security Learning Academy has taken on a life of its own. The team Brad leads develops personalized learning road maps aimed at various roles and user types.

The IBM Security Learning Academy was born out of the IBM Think conference. Every year at the conference, students would flock to IBM — and IBMers invested a lot of resources creating labs for them to experience new technology. Once the conference was over, however, the lab was gone.

Knowing the work it took to put those temporary labs together, Brad looked at it from a financial perspective and wanted to get more value out of the work his team was doing. He also foresaw the trend of microlearning. Gone are the days of paying for a week-long course — today, students want snapshots they can learn from on their own time.

“We created what we called a ‘golden ticket’ for the conference. We put the content online post-event and intended to shut it down after three months,” Brad explained. “We figured we’d get around 500 people using it, but we had 2,000 courses taken. It was kind of a no-brainer to turn this from a one-week event to just have it available year-round, all the time, for everybody.”

Ever humble, Brad insists there’s “definitely room for improvement” because they’re trying to cover both the fundamentals and deep-dive content at the same time — and due to the speed of technology, there are always new areas requiring new content. His team works hard to keep up with the demand.

“Security is such a huge topic, of course, and we can’t cover everything,” he said. “Obviously the Academy isn’t the end-all, but we definitely need education out there.”

Why Comprehensive Education Is Crucial to Extinguishing Security Fires

Recently, Brad has noticed a distinct change in the industry. In decades past, organizations had a designated “security guy” who enrolled in IT systems and learned about everything end to end. Today, security teams are much larger, and IT professionals’ roles often require them to master only a single subset of the infrastructure.

After many years of watching technology and security develop, Brad said he’s worried about this move to a task-oriented workforce. While it’s great that technology has advanced to a point where a router is no longer groundbreaking, he wants to make sure great technology remains robust.

To do so, Brad stressed that organizations need strong IT leaders and staffers who understand how the whole security ecosystem fits together. If team members focus solely on their own tasks, they can potentially expose the company to vulnerabilities and compliance issues.

“We’re rolling out so many new processes to protect our world that we’re going to leave holes,” Brad said. “There’s going to be a next leap, and every time there’s a next leap in something, it opens a bunch of new fires. There are so many attacks and so many threats that we’re focusing on putting the next fire out and not worried about collecting up all the matches to stop fires in the first place.”

Meet Technical Support Engineer Alex Rombak

More from Security Services

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Ermac malware: The other side of the code

6 min read - When the Cerberus code was leaked in late 2020, IBM Trusteer researchers projected that a new Cerberus mutation was just a matter of time. Multiple actors used the leaked Cerberus code but without significant changes to the malware. However, the MalwareHunterTeam discovered a new variant of Cerberus — known as Ermac (also known as Hook) — in late September of 2022.To better understand the new version of Cerberus, we can attempt to shed light on the behind-the-scenes operations of the…

ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware

12 min read - As of December 2023, IBM X-Force has uncovered multiple lure documents that predominately feature the ongoing Israel-Hamas war to facilitate the delivery of the ITG05 exclusive Headlace backdoor. The newly discovered campaign is directed against targets based in at least 13 nations worldwide and leverages authentic documents created by academic, finance and diplomatic centers. ITG05’s infrastructure ensures only targets from a single specific country can receive the malware, indicating the highly targeted nature of the campaign. X-Force tracks ITG05 as…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today