Solving Problems as a Security Expert

Meet Craig Williams—security expert extraordinaire. As manager of Cisco's Talos Outreach team, he helps brings the fight to cyber crooks everywhere—and has fun doing it.

Craig Williams’ job is an unusual one—so unusual that he had no clue it even existed. While studying Computer Science at the University of Texas in Austin, Craig was angling for a job in development. Then one day he saw a job ad that asked, Do you know how exploits work? Do you understand how buffer overflow attacks function? He did—but was not sure if it was legal to admit it after a few interviews ended immediately after mentioning it. He subsequently got the job, which led to contract work with Cisco’s Intrusion Prevention System (IPS) Signatures team. Twelve years later, Craig is senior manager for the Talos Outreach team—the premier security research organization within Cisco. We sat down with him to learn more about his role.

What is Talos Outreach?
Craig: We are the people who find what new thing the bad guys are doing and figure out ways to stop them from functioning. Talos is not an acquisition, although people often think it is; it is a combination of three separate security research teams at Cisco—the IronPort SecApps team, the Sourcefire Vulnerability Research Team (VRT), and the Cisco Threat Research Analysis & Communications (TRAC) Team. By combining these teams, we have formed an organization that has even more capability than the component parts.

Did you know what you wanted to be as a child?
Craig: I always knew I wanted a career in technology. I was constantly trying to figure out how and why things worked. I was that kid they would catch with the computer in pieces and they would wonder why I did it. My dad was an engineer, and there is a long history of engineering in my family. I think it drove my mindset.

What was your first ever job and what did you learn from it that you still use today?
Craig: I worked at a coffee shop. I love caffeine—a good cup of coffee can help you learn anything you need to know. In the security field, every day we are looking at a new piece of technology, a new protocol, or some clever new attack that a bad guy built. That ability to detach, drink your coffee, and try and absorb this new information is really invaluable.

Tell us about your current role and responsibilities?
Craig: My role is to help protect our customers and inform them what is going on in the threat landscape. I run a team of researchers that looks every day at the number of threats we are blocking. If you exclude e-mail, right now it is just under 20 billion threats on a daily basis. The vast majority of these are threats we already know enough about. What we do is try to distill those 20 billion threats into that tiny fraction of a percentage that is doing something new and interesting.

Where do most threats come from? 
Craig: They come from criminals who are trying to obtain something that belongs to someone else, whether that is currency or intellectual property—things they can use to make money or sell to make money. Thanks to massively high profit payloads like ransomware the top threats are not necessarily state-owned anymore. Anyone with enough funding can hire a professional development team and design fairly advanced malware.

Any career highlights you would like to share?
Craig: One is my patent; “enhanced server to client session inspection,” which involves obfuscated traffic inspection. I also received a Google “Bug Bounty” after stumbling across a way to download paid digital content for free from the Google Play store. I quickly alerted Google and they gave me the bounty. A third highlight was being put in charge of a research team.

What do you love most about your job?
Craig: Every day when I come to work, it is always a surprise. Also, this is one of the very few jobs where we are working against someone. There is literally a person on the other side of the keyboard in some country who is trying to compromise the systems that I am protecting. That is something you just do not get anywhere else. It is challenging and fun.

Which of Cisco’s values means the most to you and why? 
Craig: Winning together. By helping keep the bad guys off the Internet, we not only protect everyone—employees, parents, friends, companies, and customers—we also help prevent the bad guys from profiting.

What advice would you give to someone looking to join Cisco?
Craig: Find your strengths. What is it you truly love doing and figure out how you might accomplish that. I would say the core values for a security researcher is a burning desire to understand and willingness to learn from others to help get there. No one is an expert on everything, but you can certainly have fun trying to get there.


NetAcad Advantage Reading Note: The digitization era demands individuals who are problem solvers that are able to use their innovative skills to create solutions. And are able to think out of the box and be ready for those jobs that we do not even know we need for the future. Be ready to take on those roles be improving your skills, so that you have the skills needed for the future.

This article was originally featured as part of the We are Cisco series on