Cybersecurity Spotlight: Matt Ahrens, Security Engineer at Coalition

Matt Ahrens, Security Engineer
at Coalition

You’re reading the third post in our Cybersecurity Spotlight series. If you haven’t already, you can check out our first and second posts for further insight into the world of cybersecurity. 

For this next installment of Cybersecurity Spotlight, I chatted with Matt Ahrens, a security engineer for Coalition, which provides comprehensive cybersecurity insurance coverage and tools to small- and medium-sized businesses.

Matt traces the genesis of his passion for security back to when he volunteered to help a teacher build and manage a lab of Linux computers at his high school. He wasn’t paid for his work then – and didn’t much care. As a professional, he spent more than a decade doing penetration testing, digital forensics, and IT operations before helping to start a forensics firm in 2015. Now based in Arlington, Va., at Coalition, Matt applies his expertise to evaluate customers’ cybersecurity vulnerabilities, helping underwriters to assess risk and assign an insurance policy price. He also consults to customers on how to fix the vulnerabilities he finds.

How do you approach this largely unchartered territory of monetizing cyber risk and insuring a network?

There are actuarial tables that’ll tell you that you’re going to die at the age of 86 and if you’re in these categories your percentage goes up by this much, therefore this is how much we charge you for your life insurance. But there aren’t similar models from the cyber side. We’re trying to get some of that straight. I do think insurance is going to drive industry pretty heavily and push companies to apply better cyber security hygiene. There’s a lot more competition to Coalition than there was a few months ago. We’re looking at how we reduce the low-hanging fruit and provide cover for the major events. How do we take on the wide risks, not the narrow risks? What I mean by wide is the very common things. Like, what are three things some kid in Malaysia can scan the internet for and operationalize into cash? Not necessarily the targeted attack, that spear phishing attack that goes in with a Word document to get your credit card numbers. Those are not what I’m focused on right now. I’m really still focused on the basics.

“If you don’t understand what you’re working on, how it works, it’s very difficult to protect it.”

What do you care about the most in your job?

A lot of what I care about the most right now is maybe automating myself out of a job. In order for the business to work, I can’t be manually reviewing a lot of different companies. I have to have those business rules, that knowledge that I’m bringing inside of manual analysis, and taking that out to make it more automated. For example, when we find a version of a Drupal content management system that’s old, instead of doing a manual write up for that, we would simply click the button or the system would say, “It’s version X, it’s older than version Y, here are the procedures to take it up a notch.” It’s making sure that that’s all automated and simplifying that part of the job to build better models.

Thinking back, are you now where you thought you’d be?

Ten years ago, I’d have had no idea that I would be working for an insurance company. As many of the younger people are coming into industry now, I really think there’s a lot of focus on the offensive work, which I was similarly attracted to. I don’t necessarily think that people talk about the blue team and any of the defensive work as much. The investigative work in forensics and breach response is probably the most interesting. When I came on, I wanted to go break into people’s computers and break into networks. But I really pivoted off, widening my experience levels and seeing things more holistically.

What’s your opinion of the cybersecurity product market?

I think there’s a lot of FUD [fear, uncertainty, and doubt] sales. There’s a lot of products that are selling to the security one percenters – those really mature, big programs that can leverage those tools. But if you talk about where there’s a wide market, I think it’s more the traditional tools that almost every organization can use. And for these tools, like your next-gen firewalls or your web content filter—whatever the product is—I think delivery becomes of the utmost importance. Even if you are not the best technology, if you can deliver a polished, consistent, and reliable product, that is going to trump almost everything else in the market. Just the way things look and feel can make a big difference.

“A lot of what I care about the most right now is maybe automating myself out of a job.”

What’s a big misconception about people in cybersecurity, and how do you work to overcome it?

I’d say this is the biggest one: The security person never says yes, always says no. How I try to combat that is I try to avoid saying no but I try to suggest a more secure path. So, for example, if I find something like a company using remote desktop on the internet, I don’t want to tell them to disable remote desktop completely, I want to tell them to secure it in a better way. And maybe that is enabling stronger authentication to prevent brute force or credential stuffing attacks. Or maybe that is writing firewall rules to limit access to known IP addresses. The basic gist of it is that you can still have something risky as long as you’ve applied some mitigating controls to reduce the risk. It’s a method I’ve tried to use throughout my career.

What advice do you have for others looking to get into the cybersecurity field?

I often times like to see new people breaking into cyber security—if they don’t have the right experience set or technical skills—starting off in a security operations center. You get a deep understanding of how a company’s systems operate and act as the security center for the organization. Also, understanding technology and understanding the core functions of IT are very good basis points for making a security professional. If you don’t understand what you’re working on, how it works, it’s very difficult to protect it. And obviously all the functional pieces, like, what’s the difference between caching and encryption. The biggest focus is understanding the basics, understanding IT, and then understanding what the security functions are on top of it.

Matt’s approach is to always try to get to ‘yes’, helping customers to do what they want on their networks but do it more securely. He never anticipated that he’d find himself in the middle of the burgeoning cybersecurity insurance industry. And he now recognizes that the future is in aiming to solve broad risks, putting out reliable products that can automate finding and fixing vulnerabilities, and having people who fully understand the IT infrastructure they’re trying to protect.


An avatar of the author

BlueCat provides core services and solutions that help our customers and their teams deliver change-ready networks. With BlueCat, organizations can build reliable, secure, and agile mission-critical networks that can support transformation initiatives such as cloud adoption and automation. BlueCat’s growing portfolio includes services and solutions for automated and unified DDI management, network security, multicloud management, and network observability and health.

Related content

Banner announcing BlueCat's acquisition of LiveAction, displaying both logos and the phrase "We're about to get bigger."

BlueCat acquires LiveAction to drive network modernization and optimization

BlueCat’s acquisition of LiveAction will allow customers to expand their view beyond DNS and dive deeper into the health of their network.

Read more

Simplify NIS2 compliance with DNS management

Learn whether the EU’s NIS2 requirements apply to your organization and about how DNS management and BlueCat can boost your path to compliance.

Read more

Detect anomalies and CVE risks with Infrastructure Assurance 8.4 

The Infrastructure Assurance 8.4 release features an anomaly detection engine for outliers and a CVE analysis engine to uncover device vulnerabilities.

Read more

Get fast, resilient, and flexible DDI management with Integrity 9.6

With Integrity 9.6, network admins can get support for new DNS record types, architect and configure multi-primary DNS, and automate IP assignments.

Read more

BlueCat has acquired LiveAction

It’s official! BlueCat has acquired LiveAction’s network observability and intelligence platform, which helps large enterprises optimize the performance, resiliency, and security of their networks.