Cyber Frontlines: Limor Kessem (iCyberFighter)

In this edition of Cyber Frontlines, meet Limor Kessem, Cyber Crisis Management Global Lead for IBM X-Force and IBM Consulting. Limor is working to help organizations prepare for and face crisis-level cyberattacks. She also previously served as the Executive Security Advisor for IBM Security. She is a widely sought-after security expert, speaker and author, and a strong advocate for women in information security.

Stay up-to-date on Limor’s work on LinkedIn.

I just celebrated 10 years with IBM, working in different roles with the Security division and with X-Force. Today, I lead global consulting engagements for our Cyber Crisis Management capability, which helps client organizations prepare for and face security crises, such as cyberattacks.

I got into security almost by chance when I started working for a security vendor’s cyber crime intelligence operations. Very quickly, I became passionate about learning more about cybersecurity and threats, deepening my expertise and breadth of knowledge and becoming part of the security community and giving back to the industry that’s done so much for me and my career. Since then, I have not looked back.

While I no longer focus on research, my initial core expertise was financial cyber crime prevention. My experience in this field comes through years of working to serve the world’s largest banking institutions as part of various threat intelligence teams. This experience has allowed me to understand fraud tactics, trends and technical and non-technical means attackers use, and map how different parts of the globe are impacted by different types of cyber crime, fraud, threat actor types and level of sophistication. For many years, I have provided counsel to our customers, global law enforcement agencies, collaborated with industry peers and volunteered to inform and advise about online threats and effective ways to counter them.

Throughout my years in cybersecurity, I have been recognized by different publications and organizations for my work within this field.

When I was a more public figure in cybersecurity, I used to be very active online, on social media, etc., which led to these mentions listed below:

• Epic Women in Cyber | 2021
• 50 Most Influential Women in Cyber Security | SC Media 2019
• 30 Cyber Security Female Role Models | Qatalyst Global 2018
• Honorable Mention 2017 | Women in IT Security
• 857 Women in Cybersecurity We Follow on Twitter, And You Should Too | Cybercrime Magazine 2018
• Top 50 Women in Internet Security | Imperva 2017

Nowadays, I work more behind the scenes, directly interacting with our customers.

One person I really appreciate is former Deputy National Security Advisor Anne Neuberger (ex-National Security Agency) for all her work during her tenure, including her efforts around cyber threats and emerging technologies! And the same goes for Chris Krebs before her, as he served as the Director of the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security and later in the cybersecurity private sector. Another cybersecurity leader I appreciate is Mikko Hyppönen, former longtime expert at WithSecure, who is now at Sensofusion, who often looks at the big picture and shares his perspectives on protecting against cyber crimes in research presentations and published content.

Definitely Anne Neuberger (ex-NSA) for her work in cybersecurity and government to prevent and eradicate cyber threats and combat transnational cyber threats. Long-time journalist and investigative reporter Brian Krebs, for his in-depth coverage, analysis and insights on computer security and cyber crime on KrebsonSecurity, remains an industry staple. Another good journalist to follow is Zack Whittaker, who writes about cybersecurity for TechCrunch and authors a weekly newsletter called This Week in Security. He often shares interesting perspectives on the cybersecurity threat landscape. Within the industry, I also enjoy following Phil Venables, Google Cloud’s Chief Information Security Officer (CISO), as he has a background in the financial industry and now specializes in information and cybersecurity as well as enterprise risk and technology.

My all-time favorite is the RSA Conference! It’s the most comprehensive security event for professionals in this field, no matter their experience level and which organization they come from. Another personal favorite that I find valuable is the Digital Crime Consortium (DCC) for its ability to bring together the community and public sector in a specialized setting.

With my experience in helping clients prepare for and address cyber crises, I recommend that organizations and their leaders figure out the scenarios that can really impact their organization’s ability to operate. Then, begin to plan for that day—it will happen!—and drill your cybersecurity response plans with regularity.

Be passionate about learning, and choose a career path that fits your personality type—it will pay off in the long run. Keep in mind your goal should be to find a career path that is larger than just doing a job—cybersecurity is often a calling, so know your “why.” Once you’ve found that passion in your career, don’t stop evolving, don’t stop learning, stay curious about new technologies and identify ways you can play a part in making those new technologies and innovations more secure for a better future.

With the proliferation of AI use in the enterprise, it has to be AI threats, of course! 😊 I sat in on the RSA Conference’s AI security track last year, and the intersection of AI and security is very interesting. It’s an area where organizations need more help and consulting to build AI governance, guardrails and adapt security controls to reap the rewards of AI for the business while minimizing risks.