September 14, 2001 — that was the day that Alex Holden, Founder and Chief Information Security Officer (CISO) at Hold Security, truly became a cybersecurity leader.

Three days after the September 11th attacks in New York and Pennsylvania, the enterprise security world was reeling. At the time, Holden worked in IT at Baird, a financial services & brokerage firm. “Everybody was still shaken up from 9/11. I remember waiting in a long line to our chief information officer, and I asked him a question: “What if the next attack is a cyberattack?’” Holden’s CIO asked him to investigate the idea further, and “the next day was my first official cybersecurity task,” he says.

Before 2001 came to an end, Holden held his first Information Security Officer role, and shortly thereafter became Chief Information Security Officer at Baird, a role he held for nearly a decade. “I didn’t have many jobs, but at the same time, I had a lot of different opportunities,” Holden reflects. During his tenure at Baird, Holden built out vulnerability identification and penetration testing functions at the organization and expanded his view of cybersecurity intelligence. He says that a challenge from a top manager at the brokerage firm sparked his interest in proving cybersecurity risks. “When someone would find a cybersecurity vulnerability in the organization’s defenses, his quote was ‘Show me the data.’ This pushed me not to accept everything for granted, but to actually demonstrate that something is vulnerable.”

As a CISO, Holden honed his ability to build robust cybersecurity defenses. “I could build very tall walls, but I never considered who was on the other side of that wall — simply because I didn’t have to,” he says. After the financial crisis of 2008, Holden left Baird and built Hold Security, a cybersecurity threat intelligence consultancy. When Holden began consulting, questions from organizations he was aiding post-breach made him shift his perspective on cyberattack response and threat intelligence. When Holden started responding to incidents through his private practice, he started getting asked who was behind breaches, what their motivations were and where enterprise data was. “That was a great transformation from my CISO perspective, when I didn’t consider who the bad guy was.”

Holden used this perspective to help build Hold Security into what it is today: one of the world’s top threat intelligence firms. Holden credits Hold Security’s three-pronged approach to cybersecurity threat intelligence for the firm’s success. “We look at the human factor, which is often the most valuable for investigations and the weakest link in the bad guys’ offenses or defenses,” Holden notes. Technology is the second consideration — both how bad actors leverage technology and how organizations can use it to bolster their own defenses — and artificial intelligence (AI) serves as the third prong, “leveraging AI in many ways to get ahead of the bad guys and recover data before they can weaponize it.”

Holden says that while Hold Security’s roots still lie in penetration testing and incident response, the firm excels in crime prevention. Their focus on social engineering has been critical in many aspects of cyber defense, from analyzing ransomware group activity to identifying breaches. “We’ve found some of the biggest breaches of our time,” says Holden. “We work on the cornerstones of some of the most severe events in the world, including the Target breach, Adobe breach, Yahoo breach and parts of the Equifax breach.” The firm also served as the driving force behind @ContiLeaks, a threat intelligence investigation that gave security leaders insights into how ransomware collectives operate. “Trying to figure out the bad guys has been one of the most interesting parts of my career,” says Holden. “When you know how the bad guys function, you can fight them — you can defend against them.”

Beyond being able to understand Ukrainian and Russian, being born in Ukraine and emerging from the Soviet Union gives Holden deep insights into the culture, informing cybercrime from that region. “My background helped me to understand the culture, and even now I improve myself by learning more about the modern culture as an adult. I understand some of the components of Russian cybercrime and surround myself with linguistic experts, technology experts and people who understand the culture there. In order to understand cybercriminals, you need to understand not only technology, but what drives them socially, politically, economically and so on. That way, we can understand their motives.”

Alongside the human aspect of threat intelligence, Holden says it’s impossible to underestimate the importance of technology. “I figured out a long, long time ago that if you try to keep your technology stagnant, you’re going to eventually fail. Threats in the cybersecurity field are emerging very quickly, things are changing,” he says. Enterprise cybersecurity leaders need to watch the trendsetters and adapt their technology accordingly. “The trendsetters are not the companies that build these things. The trendsetters are the cybercriminals,” says Holden. “They are the ones who are putting pressure on us. Our response to their advances drives technology growth.”

According to Holden, cybersecurity requires constant innovation. At Hold Security, he leads a team of IT security professionals who strive towards the same goals. If you ask him what he’s most proud of throughout his career, he’ll tell you it’s his team. “My accomplishments would be nothing if not for the people that helped me along the way,” he says. He’s also proud of the wide impact his firm has had on global enterprise cybersecurity. “We’ve made more than a quarter billion people more secure directly, whether that’s having them change passwords or update their websites. Indirectly — by finding social security numbers, finding information about stolen identities— we’ve helped more than 4 billion individuals.” Realizing the scale of his firm’s cybersecurity reach was an impactful moment for Holden. “When we got those statistics, I thought, ‘Wow, this is powerful. We’re doing something good on the greater scale.’”