Our series “Scorecarder Spotlight” showcases our talented employees and the incredible work they do.
Name: Rob Ames
Job: Staff Threat Researcher
Tell us about yourself
I’ve lived on the East Coast for basically my entire life, and spent the early part of my career in cyber in New York, but the one-two punch of the pandemic and settling down to start a family led me to relocate to the far reaches of what I’d call the suburbs of NYC. I spend much of my free time with my family or trying to help out around the house, but I try to get out to run as my schedule permits. I also play guitar and bass and have been in a few bands, though none are particularly notable (the most recent one only played a single show).
How did you get into cybersecurity?
My path into the field was a bit non-traditional. In college, I was a history major, and became very interested in Middle Eastern history—so much so that I pursued it in grad school, where I also learned Persian and Arabic. My first job in threat intelligence was as a cybercrime intelligence analyst focusing on the Middle East drew heavily on my language skills–they were kind of my foot in the door.
Once I had that foot in the door, I pivoted a bit; my responsibilities expanded, somewhat as a matter of course, and as a result, I learned more about the technical side of cyber as those responsibilities expanded–customers or stakeholders would have questions, and I’d have to learn how to answer them for myself before I could answer them for anyone else.
My exposure to data comparable to what SecurityScorecard deals with came gradually as a result of those expanding responsibilities in my next few roles, where I started learn more about interpreting data like scan results (open ports, observations of possibly vulnerable software, etc.) and traffic metadata, and other signals that figure prominently in the work I do for SecurityScorecard..
What are you working on now?
A big part of my job is to try and look at any available data in our collections to find valuable and actionable insights—anything that can be of value to not only our customers but to the larger cybersecurity community as well. I work on a lot of threat intelligence reports that we regularly post to our website. I think this helps build trust in SecurityScorecard’s data by showing that there’s thoughtful people behind our data; and we’re continuously working to help people and organizations make more informed decisions.
Can you talk more about threat intelligence?
Two of my most recent reports are among the most interesting aha moments I’ve had during my time at SecurityScorecard. I started publishing reports on a new Chinese espionage group and looking at the indicators of compromise. Our SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team used SecurityScorecard’s Attack Surface Intelligence tool and was able to see additional assets they’re using and what else they’re doing.
And earlier this year, the Russia-aligned threat actor group Killnet conducted several DDoS attacks on several hospitals. As a result, our team released a proxy IP blocklist to the public to help organizations better defend themselves against that group and other ones like it.
Learn more about SecurityScorecard’s Threat Intelligence Team: https://securityscorecard.com/product/threat-and-risk-intelligence/