Austin’s mix of tech talent and a mindset that embraces “hacker culture” has landed the city a major new investment from IBM to increase security testing of consumer and enterprise products from around the world.
The company announced that Austin is one of four cities to host its X-Force Red labs where security-focused experts will try to exploit vulnerabilities in devices and systems before they are put on the market. The other labs will be located in Atlanta; Melbourne, Australia; and Hursley, England.
The lab will be located at IBM’s facility on Burnet Road, and hiring has already begun. But company representatives declined to give a target headcount or dollar investment for the new lab, which will be used to test the digital security of products such as automated teller machines, automotive equipment and Internet of things devices. In a statement the company said its security penetration testing client base has grown by more than 170 percent in the past year, with a doubling of total headcount as a result.
Charles Henderson, global managing partner for the X-Force Red labs, said Austin’s digital creative culture has long made it a fertile ground for hacker culture, with those talents translating easily to penetration testing and vulnerability research.
“There’s a great blend here of education and curiosity, and this field is something that lends itself very well to the curious mind,” he said. “It’s a field where rather than use cases you look for abuse cases of how you can crack these things and find problems before criminals have a chance at them.”
Henderson said there wasn't a bid process or civic recruiting effort to bring the lab to Austin, in part because the city’s pool of available tech talent from the University of Texas made it a top pick for company executives from the start of the process. Current Austin residents are expected to make up a bulk of the new hires for the lab.
X-Force Red’s security testing involves a multi-phase approach that begins with full product scope and objectives, a deep dive on design and security requirements, identification of likely security threats, creation of full security requirements and aggressive penetration testing using real-world tactics favored by attackers.
Henderson said it’s likely that the lab’s location in central Texas could serve as a magnet for companies needing extensive testing of their products to locate some of their operations in the Austin area as well.
“One reason we’ve put these in places all over the world is shipping ATMs and other large, bulky products for testing is expensive and difficult,” he said. “To be able to possibly be located near the lab where you’re testing is happening, there is some kind of a gravitational effect to be expected.”
