From the FBI to the Private Sector: What Mark Bowling Has Learned About Cybersecurity

Mark Bowling brings thirty years of cybersecurity and intelligence expertise with him to ExtraHop, including time working at the FBI and the Department of Education. With that wealth of experience, we had a lot of questions for him. Read on for his answers to our top five questions.

Q: What lessons from your time in the public sector can you apply to cybersecurity in general?

A: First, know and respect your frameworks. They help you understand your focus, whether you're an executive, a cybersecurity leader, or a cybersecurity practitioner. Different frameworks apply to different industries, and they also split out into compliance-driven vs. technology-driven categories. Knowing which ones apply to you and how to use them is key.

Second, understand the why behind your security controls. NIST breaks these out into five functions: Identify, Protect, Detect, Respond, and Recover. As an FBI Inspector and as a member of the Office of the Inspector General, we talked about three types of auditing controls: Preventive Controls, Detective Controls, and Corrective Controls. Familiarize yourself with the purpose of each control and you'll get better outcomes.

Third, keep in mind the value of knowledge and intelligence. In some ways I functioned as an intelligence officer. The intelligence community employs what is called the intelligence cycle to process raw information and data into valuable intelligence. Tools like network detection and response (NDR) collect enormous amounts of data and process it into information. That information becomes knowledge and intelligence that empowers you to respond. It brings monumental visibility, but rather than overwhelming you, it provides context enabling you to make the best possible decisions.

Finally, the most important lesson is the value of preparation. The cybersecurity landscape is, in many ways, a battlefield. Preparation is key to victory. It gives greater visibility. It supports more effective security responses. And, it fosters more comprehensive overall risk management, saving both time and money. This is where the response portion of NDR is so important. NDR isn't just detection, it empowers the effectiveness of the response by directly equipping you for the most vigorous, intelligence-driven response.

Q: It sounds like NDR and the intelligence it can provide might be part of what interested you, but what made you decide to come to ExtraHop?

A: Nature hates a vacuum, and true to form, network detection and response is rushing in to fill a huge visibility gap left unaddressed by any other technology on the market today. A few years ago I had the opportunity to use ExtraHop as part of a security and compliance director position with a large regional health care system. It quickly became clear that not only does it provide the covert, out-of-band visibility that can only come from network telemetry, but that the scale and sophistication of this product far outpaced alternative approaches. I'm pleased to join ExtraHop, putting this game-changing technology to work for our customers.

Q: We're thrilled to have you leading the charge on helping customers navigate a rapidly changing threat landscape. Can you tell us more about what you'll be doing?

A: I'm the Vice President of Security Response Services, which means I'll be helping ExtraHop customers respond to complex cybersecurity incidents quickly and in compliance with regulatory frameworks. I can guide them through frameworks such as NERC, SEC, HIPAA, PCI-DSS, ISO, GDPR and CCPA. I'll also be advising customers on risk management and mitigation strategy.

Q: In your time at the FBI, you helped to track down and stop some pretty serious cyber criminals. Can you share some stories of those experiences?

A: I think that the first one who comes to mind is Joseph Konopka, aka Dr. Chaos. I was the case agent for that investigation, from inception until I testified against him. The young man was brilliant. He was a system administrator for a small ISP in Wisconsin, but he misused that position to engage in all manner of insider misconduct—action which eventually seriously impacted critical infrastructures.

It really highlighted how vulnerable our critical infrastructures, such as electrical power systems, manufacturing systems, financial services, and healthcare are. They're dependent on information systems at the supervisory, command, and enterprise layers. But because those systems are so dependent, even in the cloud, on network communications, NDR can provide a huge advantage to the security and regulatory compliance efforts of those critical infrastructures.

Q: Anything else you'd like to add?

A: One of the things I am most excited about is the new modeling capabilities ExtraHop developed in response to the widespread adoption of work-from-home. It started as just a way to remotely demonstrate what our NDR can do, but it quickly became game-changing as a live testing ground for hacking and incident response. The possibilities are really interesting.

I would also like to highlight the effectiveness of ExtraHop in the cloud. We have outstanding cloud-native deployments in the form of Reveal(x) 360, which should be a must for both SaaS operations and FedRAMP.