Meet Craig Williams—Security Expert Extraordinaire
As manager of Cisco's Talos Outreach team, he helps brings the fight to cyber crooks everywhere—and has fun doing it.
Craig Williams’ job is an unusual one—so unusual that he had no clue it even existed. While studying Computer Science at the University of Texas in Austin, Craig was angling for a job in development. Then one day he saw a job ad that asked, Do you know how exploits work? Do you understand how buffer overflow attacks function? He did—but wasn’t sure if it was legal to admit it after a few interviews ended immediately after mentioning it. He subsequently got the job, which led to contract work with Cisco’s Intrusion Prevention System (IPS) Signatures team. Twelve years later, Craig is senior manager for the Talos Outreach team—the premier security research organization within Cisco. We sat down with him to learn more about his role.
What is Talos Outreach?
We’re the people who find what new thing the bad guys are doing and figure out ways to stop them from functioning. Talos is not an aquisition, although people often think it is; it’s a combination of three separate security research teams at Cisco—the IronPort SecApps team, the Sourcefire Vulnerability Research Team (VRT) and the Cisco Threat Research Analysis & Communications (TRAC) Team. By combining these teams, we’ve formed an organization that has even more capability than the component parts. For an in-depth look at Talos, read the feature story.
Did you know what you wanted to be as a child?
I always knew I wanted a career in technology. I was constantly trying to figure out how and why things worked. I was that kid they would catch with the computer in pieces and they’d wonder why I did it. My dad was an engineer, and there’s a long history of engineering in my family. I think it drove my mindset.
What was your first ever job and what did you learn from it that you still use today?
I worked at a coffee shop. I love caffeine—a good cup of coffee can help you learn anything you need to know. In the security field, every day we’re looking at a new piece of technology, a new protocol or some clever new attack that a bad guy built. That ability to detach, drink your coffee and try and absorb this new information is really invaluable.
Tell us about your current role and responsibilities?
My role is to help protect our customers and inform them what’s going on in the threat landscape. I run a team of researchers that looks every day at the number of threats we’re blocking. If you exclude e-mail, right now it’s just under 20 billion threats on a daily basis. The vast majority of these are threats we already know enough about. What we do is try to distill those 20 billion threats into that tiny fraction of a percentage that’s doing something new and interesting.
Where do most threats come from?
They come from criminals who are trying to obtain something that belongs to someone else, whether that’s currency or intellectual property—things they can use to make money or sell to make money. Thanks to massively high profit payloads like ransomware the top threats aren’t necessarily state-owned anymore. Anyone with enough funding can hire a professional development team and design fairly advanced malware.
Any career highlights you’d like to share?
One is my patent; “enhanced server to client session inspection,” which involves obfuscated traffic inspection. I also received a Google “Bug Bounty” after stumbling across a way to download paid digital content for free from the Google Play store. I quickly alerted Google and they gave me the bounty. More on that here. A third highlight was being put in charge of a research team.
What do you love most about your job?
Every day when I come to work, it’s always a surprise. Also, this is one of the very few jobs where we’re working against someone. There’s literally a person on the other side of the keyboard in some country who’s trying to compromise the systems that I’m protecting. That’s something you just don’t get anywhere else. It’s challenging and fun.
Which of Cisco’s values means the most to you and why?
Winning together. By helping keep the bad guys off the Internet, we not only protect everyone—employees, parents, friends, companies and customers—we also help prevent the bad guys from profiting.
What advice would you give to someone looking to join Cisco?
Find your strengths. What is it you truly love doing and figure out how you might accomplish that. I’d say the core values for a security researcher is a burning desire to understand and willingness to learn from others to help get there. No one is an expert on everything but you can certainly have fun trying to get there.
Are you ready to explore security opportunities at Cisco?
Did you know? You can share this story using the social media icons on the upper left. Please include the hashtag #WeAreCisco. You can also rate and comment on the story below.