Mike Barcomb '87

Bringing his military expertise into the cybersecurity realm

A little over a year ago, IBM Security tapped Mike Barcomb ’87 to lead a new Cyber Incident Command Response team at IBM X-Force to handle pandemic-level cybersecurity attacks. A prestigious threat-intelligence division, IBM X-Force comprises top cybersecurity experts who monitor, analyze, and respond to security issues facing organizations around the world. Although Barcomb had never been directly involved with cybersecurity, his particular combination of enterprise-level IT leadership and military experience seemed perfect for the position.

A retired colonel in the U.S. Army, who served on Active Duty and Reserve, Barcomb received a Bronze Star during a 10-month tour of duty in Afghanistan (2004-2005) for leadership in maintaining a 250-user classified network, upgrading systems for military-intelligence sharing, and using tools to analyze biometric information about enemy combatants. In his civilian career, he had grown with IBM for more than a quarter century, working first with the Lotus Domino server throughout the 1990s and 2000s, and later with the firm’s leading-edge artificial-intelligence platform, Watson.

Cybersecurity attacks, once sporadic and posed mostly by loner, curiosity-fueled hackers, have grown in frequency and scope – often orchestrated by cybercriminals or powerful organizations, sometimes even nation states, such as the 2017 WannaCry and NotPetya ransomware attacks that paralyzed thousands of computers and reached from Ukraine to Australia and the United States.

Combating these legions of attackers calls for a high-level but comprehensive, and strategic as well as tactical, response. Barcomb directs that response for pandemic-level cybersecurity attacks that affect IBM Security clients globally.

Managing widespread threats from the Incident Command Center

Most organizations, Barcomb explains, either manage their own IT security in house or else contract out to a third-party firm, like IBM Security. “These cyber incident response teams quickly mobilize to detect and respond to the cybersecurity threat that affects the company,” he says. “However, if the threat escalates to a level that affects multiple customers, across industries or geographies, and requires a higher-level response, that’s when the Incident Command team is activated and responds.

“We quickly activate an Incident Command Center team focused on understanding how many of our clients were attacked or are vulnerable, identifying the details of the threat and how to mitigate it, and implementing a unified communication model for both internal and external communications,” Barcomb says. “As you can imagine, our clients and the industry in general are looking to IBM for information and guidance about what the threat is, how it affects us, and what we have to do to mitigate it. A unified process is necessary for this level of response.”

Barcomb called upon his experience as a 30-year Army Reserve veteran to develop “runbooks,” which detail specific procedures to follow for the spectrum of likely scenarios, and train people to use them.

“In the military, we train soldiers repetitively to do these tasks over and over, so that when you’re in a combat situation, you know what to do: It becomes muscle memory,” he says.

He brought that discipline and rigor to his cybersecurity role. As the Cyber Incident Command Response Leader, Barcomb ensures that his team is always ready to go into action at the first sign of a pandemic-level cyber incident, and ready to disseminate the proper information to all audiences, from clients to the media.

Since IT systems and threats evolve constantly, Barcomb spends quite a bit of time studying the latest in security and hacker attacks. He’s even working on a third master’s degree in cybersecurity (the other two are an MBA and an M.S. in Strategic Studies).

“If you’re in this field, you have to be flexible, adaptable, and willing to learn new technologies,” he says. “It’s been fascinating to see all the things we’ve been able to accomplish with technology.”

An early start with computers – and leadership

Barcomb’s IT career began at Saint Rose, where he majored in CIS, now called information technology, because “computers were becoming the big thing.” (In recent years, Saint Rose has launched a bachelor’s degree program in cybersecurity, as well as a master’s degree programs in computer science and business analytics.)

When Barcomb began at Saint Rose in 1982, programming was done in Basic, Cobol, Fortran, or Pascal; most computing was done on mainframes. “Desktops were just beginning to break into the market at the time,” he recalls.

“I had a part-time job in the computer center in Saint Joe’s Hall,” Barcomb says. “Students would write programs and send their job to print. My job was handing them their printouts and assisting students with debugging problems with their programs. At the time, that was high tech!”

When he graduated in 1987, the programming language C had become commonplace, as had microcomputers. “It was great to be at that cusp: seeing the mainframe era, and then the PC era,” says Barcomb.

From then-department chair Helen Albanese, he learned lessons that have stood him in good stead throughout his career. “She was good at challenging us with problems and not showing us the solution, but walking us through it,” he says.

It was Colonel (Retired) Martin Dinan ’86, now director of veteran enrollment at Saint Rose, who recruited Barcomb to the Army Reserve Officers Training Corps in 1985.
“Marty was at a recruiting table in the Events and Athletics Center,” remembers Barcomb, who remains good friends with Dinan and spoke at the Saint Rose Veteran Center opening in 2015. “Good, bad, or indifferent, I owe it all to him.”

Barcomb met his wife, Kathryn (Katie) Barcomb ’86, on campus; the couple have two children and celebrated their 30th anniversary last year.

“She’s been a tremendous support through both IBM and the military, through weekends and trips away, and deployments,” says Barcomb. “We both still have great relationships with friends from Saint Rose.”

A little-known fact is that Barcomb first became a leader while at Saint Rose. He took ROTC leadership classes at Rensselaer Polytechnic Institute and the University at Albany, and put his knowledge into practice as a resident assistant at Carondelet Hall. He remembers his classmates fondly.

“So many of those guys did really well,” he says. “I see them now in the alumni newsletters, and they’re so successful.”

Cybersecurity tips from Mike Barcomb:

• Practice good password management
• Avoid phising scams – be wary of suspicious-looking emails, and don’t click on odd-looking links
• Keep software up to date for operating system and programs
• Never leave devices unattended
• Back up data regularly