In a world where technological complexity is escalating with unprecedented momentum, Americans are coming to terms with the startling reality that we are under a silent siege. Veterans of the digital age, we are well versed in the threats of virtual assailants, and there is an expansive IT security industry focusing its firepower on prevention. The prevalence in firewall utilization, intrusion detection, and access management in corporate compliance requirements testifies to the gravity of IT security threats, and such software has become imperative in the fight to maintain the privacy and security of data.
But what happens if this first line of defense fails? Or, as the constant flux of the virtual atmosphere would beg us to rephrase, what happens when this first line of defense fails? In 2009, cyber crime ousted the illegal drug industry as the most costly high-profile criminal activity threatening the U.S., and its menace has only escalated with time.
Travis Reese, President and COO of MANDIANT Corporation, is among the lone voices posing this question today. Though the incident response industry is in its burgeoning stages, the crises it mends are far from uncommon. “The case studies are countless,” Travis reports. “A Federal Law Enforcement agent hands a company the papers saying they’ve been penetrated by a foreign country and that they’re losing data. The company then spends weeks, even months, trying to identify how their security was breeched, the extent of that breach, what’s been lost, and if their networks are still compromised.”
And Travis isn’t referring to the smaller scale retail hackers that breach companies like WalMart. The companies and banks that turn to MANDIANT for help have generally fallen prey either to Eastern European organized crime targeting tens of millions of dollars, or to nation state sponsored threats. The latter, known as the Advanced Persistent Threat, is most often associated with the Chinese Government and is geared at breaching the intellectual property of different companies or countries to gain economic advantage—an emerging trend MANDIANT has observed with grave misgiving.
“In recent years, we’ve responded to dozens and dozens of Fortune 500 companies building technology for the U.S. government that have been breached by China,” Travis explains. “We’ve seen just about every major U.S. technology targeted, so you can bet that the Chinese are either trying to break in or already in. Alternatively, companies engaged in mergers and acquisitions negotiations with Chinese corporations are also victimized. The attackers go in to determine what the deal will look like, the negotiation tactics you’ll use, your price pressure… It’s the next generation of economic espionage.”
To combat these assailants, who often have no audible footsteps and leave few visible tracks, MANDIANT serves as the premier advanced threat detection and response company, discretely responding to the breaches we read about in the headlines and providing technologies to solve those problems. Founded in 2004 by Kevin Mandia, MANDIANT began as a high end consulting practice, dispatching its incident responders around the world to aid companies whose preventative measures had failed. Travis was hired in 2006 to build the company’s Federal practice, but the industry’s terrain was evolving rapidly under the small company’s feet. MANDIANT soon recognized that the market was burgeoning such that, even if it could hire people fast enough to meet demand, there weren’t enough specialists in the field to hire. Thus, they automated the entire human capital problem into a technology called MANDIANT Intelligent Response.
“What once took three dozen people three months’ worth of time to accomplish could be done in three days with the new software,” Travis explains. “We can now simultaneously turn over every rock and ask the same questions to every computer a company has at the same time, get their responses, and tell our clients exactly which computers were compromised, exactly what the attackers did, and exactly what they stole. This minimizes that window of exposure time, which can in turn limit the damage.”
With the company immersed in rapid growth mode, Kevin found himself pulled in a million directions, and Travis’s skill set and expertise quickly propelled him into the COO role, followed closely by a promotion to President. The two had met in 1996 in the academy of the Air Force Office of Special Investigation (OSI), with Travis and Kevin finishing at the top of their class. Their experience at the academy sparked a competitive streak—and a strong mutual respect—between them that contributes to MANDIANT’s success today.
Travis grew up in upstate New York in a family of modest means. His parents, a woodworker and a hairdresser, put in long and grueling hours, and Travis followed suit at an early age. “I’ve had a job for as long as I can remember,” he remarks, describing his days working a paper route as among his earliest memories. His work never interfered with his schoolwork, however, as he was always an A student and found time for sports as well.
On high school graduation day, Travis had the United States Air Force slogan “Aim High” inscribed on his cap, and he certainly did. He had enlisted in the USAF, and ten days after graduation, his Air Force boot camp commenced. “I was attracted to the structure and the allure,” he laughs now. “I loved James Bond, and I was fascinated by the idea of an intelligence or investigative career path.” Travis’s own career path began in general investigations and law enforcement, followed by a transition over to the Air Force’s Joint Drug Enforcement Team. It was then that OSI recruited him to join the academy, where his path crossed with Kevin’s for the first time.
Kevin left the Air Force shortly after OSI to accept a position at Sytex and then Foundstone, where he spent several years working in hardcore computer forensics, intrusion, and penthouse training with the FBI. Travis found himself at a crossroads as well in 2000, when he felt compelled to choose between staying in the Air Force another ten years to earn an early retirement or striking out on his own.
It is often said that timing is everything, and Travis’s astute instinct in deciding the appropriate moments to instigate life transitions has proven impeccable. “It became very apparent to me that I needed to get out because things in the Air Force weren’t moving fast enough such that I could see myself having the impact I wanted to have,” he recalls. “I was conducting some very significant investigations and I loved every minute of it, but I realized I wouldn’t be able to impact the organizations around me as fast as I wanted to.” With that, he left to join Aegis Research Corporation, a company that built security around government classified programs to safeguard them from leaking.
Travis, along with another former OSI agent, founded the Computer Forensics and Intrusion Analysis (CFIA) arm at Aegis, and they soon built it up into one of the fastest growing classified components in the defense industrial base. They then continued to build computer forensics labs for various intelligence agencies, providing tools and technologies for the government to use in its computer network operations side of the house. “In a relatively new industry with few leaders, I really had to learn business acumen on my own, and I found building a company to be relatively common sense,” Travis explains. “Make more than you cost, focus on quality execution, and follow the fundamentals. By eliminating bureaucracy and focusing on the mission, I accomplished more for the U.S. government in those six years working for a commercial defense contractor than I could have done in three military careers. From our impact to the war on terrorism, to our impact via the tools and capabilities we provided to government agencies, I found that career transition to be extremely rewarding.”
Aegis was later acquired by ManTech International, and when Travis completed the integration, he exercised his perfect timing intuition again and made the difficult choice to move on. “That was among the hardest career decisions of my life,” he remarks. “When you’ve built a team from the ground up like that, your level of commitment to it is unbelievable, and it’s hard to leave it behind. Looking back, though, I really identify that decision as necessary and life changing.”
Indeed, it was that choice that propelled him into his career with MANDIANT, where Travis has begun to witness the spread of the kind of impact he had always envisioned. Today, he and Kevin form a strong and complementary leadership presence, with Kevin laser-focused on technical quality and the company’s reputation while Travis remains sharply attuned to growth and forward momentum—a skill he continues to hone primarily through experience as opposed to academic training. “There are a lot of people emerging from business programs today who are so focused on strategy, and there’s certainly an important place for that,” he concedes, “but you don’t learn execution until you’ve done it, and from my experience, execution is the most important aspect of business.”
In advising young entrepreneurs today, Travis drives home the importance of passion, capacity, and humility, the three principles he examines in every hire he makes. “When you’re passionate about your work, you’re more committed and dedicated to the mission, and it’s a win for everyone,” he remarks. This couples with capacity, or the foundation and fundamentals that allow a person to succeed in a given position. Add humility, and you have the winning alchemy of traits that has allowed Travis to build the dynamic teams that, by his account, have made his success possible. His leadership style, which focuses on the success of those around him, underscores this sentiment. “You have to recognize that you’re part of something bigger than yourself,” he points out. “I have always seen myself as an enabler and a support resource for my staff. My philosophy is asking myself how I can take my 150-person team and make all of them more successful today than they were yesterday.”
Thus, for Travis and the team at MANDIANT, success is not some end goal. Rather, it’s something that is worked for, achieved, assessed, and reevaluated on a daily basis. That’s why, if you were to ask him today if he’s successful, the answer wouldn’t necessarily be yes. “I think I’m doing well,” he explains. “I’ve been fortunate, I’ve been lucky, and I’ve made good decisions. I’m very happy with where I am, but I’m nowhere near finished.”
Indeed, as the company continues to revolutionize the market that protects the innovation and economic advantage the U.S. has been creating since its earliest days, it also stands poised to transform corporate compliance requirements. With revenues forecasted to double and then triple their current amount over the next several years, Travis aims to make MANDIANT’s managed service offering the global incident response team for corporate America, combating the silent siege and offering an unprecedented line of defense when companies are at their most vulnerable.