Dan Rossell, VP of Incident Response at Edgewater, thrives on tackling the ongoing challenges of cyber defense. With nearly two decades of experience, he has built his career around detecting and deterring cyber threats, from his early days as a Cyberspace Operations Officer in the military to key roles at the NSA and U.S. Cyber Command. Dan specializes in solving the “threat detection problem,” developing innovative strategies to outmaneuver cyber adversaries and protect critical systems.
We sat down with Dan to discuss the biggest cybersecurity threats organizations face today, how organizations can improve their cybersecurity posture, and how Edgewater is advancing its cybersecurity capabilities to stay ahead of emerging risks.
Tell us a little bit about your background and what led you to a career in cyber security.
My career in cybersecurity started about 20 years ago when I was a Cyberspace Operations Officer in the military. I was exposed to a variety of offensive and defensive roles in military service. After that, I transitioned to doing similar types of work as an Army civilian, mostly in the NSA and U.S Cyber Command spaces. From there, I really found my niche around what I like to call the “threat detection problem.” There’s a saying in cybersecurity that attackers only have to be right once, but defenders have to be right every single time, and I think the challenge of that problem and coming up with new and innovative ways to deter cyber attacks is really interesting for me.
What are the biggest cybersecurity and incident response threats that organizations face today?
The number one threat to most organizations continues to be ransomware and other forms of cybercrime. Cyber criminals don’t really care. Whoever they can get money from, they will. We’ve seen these types of attacks consistently increase in volume throughout the past several years, and they continue to increase in sophistication as well. They’ve even increased the footprint of their targets to less mature organizations who are really just not prepared to handle a cyber attack of that magnitude, and they end up having a complete network shutdown as a result. So, I definitely think that’s the number one threat to most organizations.
I think the nation-state ATP-level threat are more of a challenge for Federal customers because there are a lot of concerns around intelligence collection activities. We’re seeing nation-state APT-level actors also increasing their sophistication in their capabilities to evade detection and really persist in networks for long periods of time undetected. Their goal is either to steal critical documents and intellectual property, or to embed themselves into a network in preparation for future cyber attacks.
How do you anticipate the nature of cyber threats and incident response evolving over the next three to five years?
Right now, everyone is worried about the rise of AI and the impact that it’s having on cybersecurity. To an extent, I think that’s a little bit alarmist and a little bit overblown. AI is definitely going to continue to play an increasing role in cybersecurity as it does in many other industries. But right now, what we’re seeing is that AI lowers the barrier of entry so that it’s easier for individuals to execute certain types of attacks. For example, if you’re not a native English speaker, you can use ChatGPT to craft more realistic phishing emails. Or you can ask it questions like, “How should I run this offensive framework to develop a remote access tool into this network?” So, it makes many things easier for cyber attackers. It speeds up the process in that way.
However, what we’re not seeing is AI that is capable of generating completely new attacks. I think it’s important to make that distinction. AI is not developing attacks or doing things that we, as cyber defenders, haven’t seen before. As long as we stick to our fundamentals and ensure that we’re following best practices, we should be able to stop any of those attacks, albeit they may come at a more frequent pace.
What is Edgewater doing to advance our cybersecurity capabilities, and the capabilities of our customers?
Edgewater has a couple of different areas where we’re leading R&D efforts in cybersecurity. One of them is deploying managed services to all of our Federal clients. This is a concept that’s been around for several years on the commercial side, but we’re starting to see that a lot of Federal organizations are really open to the concept of outsourcing their cybersecurity, whether that be as a managed detection response provider or more of an integrated MSSP-type approach. Federal customers have realized that a lot of the problems that exist in the commercial space, like the inability to attract and retain talent and the challenges of defending larger, complex networks that are just beyond the scope of their current capabilities. There’s a real opportunity there for us to fill in the gap and provide those services.
The second part, I would say, is related to our previous conversation about AI is developing ways to use AI for cyber defenders. Whether it’s developing autonomous agents that can enrich and correlate data, or agents that are capable of triaging certain types of alerts, there are a lot of areas where we can use large language models, facilitate cyber defenders, and increase their efficiency and their capabilities to detect and deter attacks.
What proactive steps should organizations take to strengthen their cybersecurity posture?
I get asked this question a lot, and I always say if you only have $1.00 to spend, you patch your vulnerabilities. This may not be the most exciting answer, but by and large, simply scanning and patching is the most effective way to keep avoid many potential cyber attacks.
Now, if you have $2.00 to spend, then the second thing you should purchase is an EDR tool. Modern EDR tools provide a great amount of visibility for cyber defenders. They also provide great preventative measures and are really good at stopping a lot of commodity malware before it even becomes a problem. They’re a fundamental tool for organizations of any size and they’re definitely worth the investment.
What do you enjoy most about working in cybersecurity?
For me, I think it’s the thrill of the hunt because, like I said, I really like to focus on the threat detection problem. I get excited when something that I developed or code that I wrote detects a cyber threat. Then we can go in, investigate, see what happened, and get to the ground truth. Some people call that the investigative mindset. I really want to understand everything that’s happening on a system, like going into processes and scheduled tasks and services, even pulling memory and doing forensics and malware analysis. I think that technical depth is what really gets me excited, and then it’s even better when you know that you’re applying those skills to actually stopping some sort of cyber attack or cyber adversary.
What career advice do you wish to share with other cyber professionals?
I think a lot of cyber practitioners assume that there’s one path for cybersecurity, and I don’t think that that’s true at all. A lot of people tend to start in more of a junior analyst role, but I really think it’s important to expose yourself to lots of different roles within cybersecurity. There are a lot of niche areas. You can be a really in-depth malware analyst or reverse engineer. You could be a specialist who produces reports and visualizations and tells the story of cybersecurity. You can be an incident responder who thrives in high-pressure situations. There’s no one right or wrong way to do it. I think it’s more important that you experience lots of different roles and really find what your niche is and what you like to do because, ultimately, that’s where you’re going to be the most successful.
Second, I would say to ask questions. Cybersecurity is hard, it’s complicated. Nobody has all the answers. One of the great things about being in cybersecurity is that you are surrounded by a team of smart, technical people. So, you shouldn’t be afraid to ask for help and should take advantage of opportunities to learn from your team.