Cyber Frontlines: Michelle Alvarez

In this edition of Cyber Frontlines, meet Michelle Alvarez, Manager for Strategic Threat Analysis for IBM X-Force. Michelle has over 20 years of experience in cybersecurity. She currently manages IBM X-Force’s Strategic Threat Analysis team, but her previous roles included a security operations team manager, threat intelligence researcher, and vulnerability analyst.

Stay up to date on Michelles’s work on LinkedIn.

I manage a team of strategic threat intelligence analysts within the Threat Intelligence arm of IBM X-Force. I’m largely responsible for ensuring the successful delivery of threat intelligence to our clients and the broader security community. I’ve been with IBM for nearly 20 years.

I was working for a placement company during the dot-com era, which was a very exciting time for the information technology industry. Interested in a career in web development, I pursued my Master’s in IT. However, after graduation and through a referral from one of my classmates, I landed an interview with Internet Security Systems (ISS). They were hiring an analyst to join their X-Force vulnerability database team (fun fact: X-Force Vulnerability Database is one of the oldest and largest vulnerability databases in the world and reached its 30-year anniversary in 2023). Knowing very little about cybersecurity, I did my homework on the company and the role, put together a portfolio of school projects and a presentation of the type of work I imagined I would be doing. Fortunately, they took a chance on me. I think my soft skills helped… a lot. The rest is history.

We focus on cybersecurity trends, either cross-industry and globally or for a particular industry and geography. I may have to brief a CISO of a North American-based healthcare organization today, and next week pivot to talking to an audience made up of individuals in different roles across a multitude of industries. My focus tends to be dictated by the “soup du jour”.

Not sure that I have a favorite platform, but I have been exploring OpenCTI by Filigran to view our X-Force Premier Threat Intelligence. It’s easy to navigate and has great visualization tools.

There’s likely some bias here, but I am truly impressed by the research that comes out of the IBM X-Force team. Everything from Josh Merrill finding a remote code execution vulnerability in smolagents, a lightweight framework for building AI agents, to Golo Mühr, Joe Fasulo and Charlotte Hammond uncovering ongoing Hive0145 campaigns delivering Strela Stealer malware to victims throughout Europe – there’s no shortage of interesting research originating from the team.

Dark Reading, which will be celebrating its 20-year anniversary next year, has been a cybersecurity news staple for almost my entire career. Topics covered are broad and numerous, and if you have time to just check out one resource during your busy day, it’s a great one-stop shop for the latest news.

Of all the conferences I have attended over the years, one of the most personally impactful conferences is the Women in Cybersecurity (WiCyS). I attended last year for the first time and had the pleasure of meeting so many fascinating women at various stages in their careers. From recent graduates looking for a resume review or a mock interview at the Career Growth Hub, where I volunteered, to women in some pretty impressive roles, such as the Director of Global Cyber Threat Intelligence for Nike, Noureen Njoroge, whom I sat next to while attending the Senior Leader Luncheon. I encourage women in this field to subscribe to WiCyS emails to find out about the various communities and events.

Last year, I participated in more than a dozen podcasts after the launch of the IBM X-Force Threat Intelligence Index to highlight one of the major key findings from the report—attackers are logging in versus hacking in, as we saw a 71% increase year-over-year in the volume of attacks using valid credentials. Organizations would benefit from hardening their credential management practices by implementing multifactor authentication (making it harder for attackers, not easier) and strong password policies to include the use of passkeys (passwordless authentication).

Today’s “it” roles or technology may not be tomorrow’s “it” roles or technology. Be prepared to be flexible and willing to adapt throughout your cybersecurity journey. However, transferrable skills that withstand the test of time are the soft ones – communication, critical thinking, time management and teamwork. These are just a few examples, but also the ones I’ve seen that have made the biggest difference in someone’s cybersecurity career—positively or negatively.

I think it will be interesting to see how the cyber criminal landscape continues to evolve with groups like Funksec, who emerged in December 2024 and offer a hybrid model of both Initial Access Broker (IAB) and ransomware services. The group quickly rose to the top of the most active groups at the end of last year based on our Dark Web observations. Nation-state threat actors are a threat to organizations in many industries and geographies, but cyber crime makes up most of the activity we see impacting organizations globally. Understanding the shifts happening in this landscape is critical to defending against these threats.