Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.

Kevin Mandia Brings the HammerCon

US Air Force veteran and Mandiant CEO discussed dwell time and state-sponsored attacks at the Military Cyber Professionals Association's HammerCon conference.

Edge Editors, Dark Reading

July 20, 2023

HammerCon is a gathering of US military cyber professionals organized by the Military Cyber Professionals Association. One of the speakers at this year's HammerCon was retired airman and Mandiant CEO Kevin Mandia, who walked the audience through data about intrusions — especially those by nation-state actors — that Mandiant has collected over the years.

In 2022, Mandia said his company opened up 1,163 investigations, for which "we responded in, I think it was, 16 different countries, and then behind that we had 308 threat analysts that speak 30-something languages, and they're located in 26 countries, because we do try to get attribution on every single one of these."

Dwell time — the period of time between when a resource is compromised and when that compromise is discovered — in Mandiant's count is "way down." However, dwell time in a ransomware attack is up from five days in 2021 to nine days in 2022. He suggested the increase could be due to an advanced actor breaking in, then selling access, which extends the amount of time attackers are on the network.

Army veteran Joseph Billingsley started the MCPA back in 2013 to help the US armed forces do a better job of filling its open positions in cybersecurity and to support and train personnel working in the field. Mandia outlined how his Air Force career set him on the cybersecurity path. He was assigned to computer security by the Air Force, despite the specialty being his "last pick." He then went to school to earn a degree in forensic science, but got pulled back into security anyway. Mandia founded Mandiant in 2004, which was acquired by FireEye in 2013, sold to Symphony Technology Group in 2021, and then acquired by Google to become part of Google Cloud in 2022.

"I still remember the first breach I responded to, because it was coming out of Beijing, and back then when it came out of Beijing, it was the Chinese doing it. Now it's gotten a little more complex than that," Mandia said.

On an international level, during Russian's 2022 invasion of Ukraine, "for the first time in my career ever, Russia wasn't the top innovator on offense. ... China won," he said. "So I don't know what that means, but it's been an interesting year."

About the Author(s)

Edge Editors

Dark Reading

The Edge is Dark Reading's home for features, threat data and in-depth perspectives on cybersecurity.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights