• United States



Amy Bennett
Executive Editor

5 questions: A short Q&A with Thomas Brown of Silk Road takedown fame

Mar 07, 20164 mins
IT LeadershipSecurity

Thomas Brown joined global advisory and consulting firm Berkeley Research Group (BRG) in February as Global Leader of Cyber Security/Investigations. If Brown’s name is familiar, it’s because he and his team spearheaded the investigation into underground drug website Silk Road. They also investigated and prosecuted the leadership of the hacktivist groups Anonymous and LulzSec.

CSO Online checked in with Brown to learn more about his new role, the major cyber threats he’s seeing now, and where enterprises are spending their security dollars.

The press release announcing your hire referred to your team as “cyber security firepower.” Is that how you see yourselves?

We see ourselves as a team with varied yet complementary capabilities, as well as experience that is unique in the marketplace. We have former federal prosecutors, ex-FBI cyber agents, and computer scientists, each of whom brings a different skill set and perspective to the table to provide a holistic approach to whatever cyber challenge a client is facing. And we have successfully addressed every category of cyber risk out there, and then some — everything from investigating and arresting the leadership of the notorious hacktivist groups Anonymous and LulzSec to taking down the Silk Road hidden drug marketplace to charging the hack of NASDAQ. Our capabilities and experience allows us to provide clients not only with market-leading service but also the valuable perspective we have developed from decades of working in the trenches. In our experience, clients value our background and find it provides them with peace of mind.

What makes now the right time for you to join BRG?

As you know, the bad guys don’t stand still and the cyber threat continues to evolve. BRG’s leadership has a keen understanding of this developing threat and has made a strong commitment to my team’s practice. BRG’s global footprint and deep bench of experts across a wide range of disciplines with whom we can work to enhance our service offering was also an important reason for the move.

Can you tell us about some of the major cyber threats you’re seeing?

One of the biggest threats continues to be one of the simplest — social engineering attacks. Even the most sophisticated external defenses can be defeated by, for example, an employee who clicks on a link which downloads malware or who passes sensitive information in response to a spoofed email. We see that a lot. Another significant threat we see are insider attacks, principally to steal valuable data, including trade secret information. Many companies not only still need to work on shoring up their outward facing security, but also need to make sure they are properly securing data stored on their networks and control access to it by insiders.

What are some of your key objectives in this new role?

Strategically, our principal goal is to expand our presence in the U.S. market and overseas. BRG’s world-wide office network and scale are a good starting point.

Hiring a renowned team of 5 people is a bold move and, presumably, a big investment, by BRG. What can we infer about enterprise and/or government investments in cyber security?

Both business and the government are spending significant time and money to address cyber security risk. I think it’s clear that private businesses understand the cyber threat and have moved on to answering the question “now what?” by conducting internal evaluations, identifying areas of improvement, and getting down to the nitty gritty of implementing detailed remediation programs. All of that should be considered a wise investment in light of the litigation risk arising from a data breach and the mandates of existing and proposed cyber security and data privacy regulatory regimes on both the state and federal level in the United States, in the European Union, and elsewhere. The federal government, for its part, recently announced a multi-billion dollar program to address cyber vulnerabilities.