惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Project Zero
Project Zero
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Google DeepMind News
Google DeepMind News
Recent Announcements
Recent Announcements
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V
Visual Studio Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
G
Google Developers Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Recorded Future
Recorded Future
B
Blog RSS Feed
The GitHub Blog
The GitHub Blog
爱范儿
爱范儿
博客园 - 三生石上(FineUI控件)
D
DataBreaches.Net
博客园 - Franky
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Last Week in AI
Last Week in AI
NISL@THU
NISL@THU
T
Tailwind CSS Blog
博客园 - 【当耐特】
P
Privacy International News Feed
I
InfoQ
L
LINUX DO - 热门话题
H
Help Net Security
博客园 - 叶小钗
aimingoo的专栏
aimingoo的专栏
AWS News Blog
AWS News Blog
Scott Helme
Scott Helme
Cyberwarzone
Cyberwarzone
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Forbes - Security
Forbes - Security
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
WordPress大学
WordPress大学
T
Troy Hunt's Blog
Spread Privacy
Spread Privacy
V
V2EX
Cloudbric
Cloudbric
Security Latest
Security Latest
H
Heimdal Security Blog
S
Securelist
I
Intezer
F
Full Disclosure
V2EX - 技术
V2EX - 技术
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
小众软件
小众软件
Security Archives - TechRepublic
Security Archives - TechRepublic
L
Lohrmann on Cybersecurity
S
Schneier on Security
C
Cybersecurity and Infrastructure Security Agency CISA

SECURITY.COM

AV-TEST Gives Symantec® Endpoint Security Complete a Perfect Score Another Year, Another Win: SE Labs® Recognizes Symantec® Endpoint Security Symantec DLP Cloud and DPSM are the Power Couple Security Strategists Need Symantec DLP Cloud and DSPM are the Power Couple Security Strategists Need Is SIEM Trying to Do Too Much? Every Defender Deserves Frontier AI Stopping Data Leaks at the Speed of AI Enterprise-Grade Security for All in 2026 The U.S. Navy’s Playbook for Cost-Controlled, Reliable Cybersecurity Built for This Moment (and All Those to Come) Real Talk About RSAC 2026 Conference How Catalyst Partners are Winning All the Single Agents Legends Never Die: The 2025 World Tour Recap You Deserve Every Advantage The Cybersecurity MVPs of 2025 Five Cyber Predictions for 2026
Cyber Legends: Inside the Mind of a STAR
About the Author · 2025-10-29 · via SECURITY.COM
  • Cybersecurity veteran Mark Kennedy says innovation often comes from spontaneous insight, but planning is what turns those ideas into sustainable breakthroughs.
  • Learning from experienced professionals like Mark can spark new opportunities for innovation that go beyond what any one team could achieve alone.
  • Threats may seem to drive cybersecurity, but the community and the standards it sets are what truly define resilience and protection. 

The strength of the cybersecurity community lies in how openly we all share what we learn. Threats constantly evolve. The best way to stay ahead is through the collective intelligence of experts who’ve seen it all and are generous enough to pass their knowledge on.  

Few share intel like Mark Kennedy, a Distinguished Engineer at Broadcom and, as he jovially calls himself, “the old man” of Security Threat Analysis and Response (STAR)—Broadcom’s cybersecurity SWAT team whose insights have helped give rise to countless groundbreaking protections. Mark is the longest-tenured employee at Symantec, his 35-year career spanning nearly the entire history of modern cybersecurity. In that time he’s mentored up-and-coming analysts, dismantled emerging threats, and helped shape the very industry he’s served.

I sat down with Mark to talk about the sparks of innovation that led to the development of 

Adaptive Protection

, a unique defense against living-off-the-land (LOTL) and other attacks, and his reflections on his early career, meaningful innovations, and the tests that prove it.

Begin at the beginning

What drew you to engineering as a calling?

When I was in high school, my cohorts sort of assumed that I knew computers, just because I was kind of mathematical, but I didn’t. But then, as I hit my senior year, I thought it would be irresponsible for me to go to college not knowing what I was going to do. That bothered me. 

“And I thought, ‘You know, this computer thing? This might turn into something.’ This was 1977.”

The weird thing about computers at that time was that the colleges were actually lagging. The professors had just come through the early days of computing (50s and 60s) and didn’t quite reflect the reality of the world. All the advancements were out there happening in the real world.

When did you realize your classes lagged behind the real world? 

While I was in college, I had jobs programming, so I knew what was happening with cutting-edge stuff and techniques in the real world. In some of those early courses, the languages they were teaching weren’t really in operation anymore. It’s always funny when later in my career I’d use something I learned in college. It was very rare.

A journey through the rise of modern cybersecurity

What were the early years of your career like?  

My first job coming out of college was working for Mattel Electronics writing video games for the Intellivision console. I thought, “I’m going to be working at such a highly sought-after position. I’m going to be working with the best of the best.” It was a lot of fun until the video game industry as we knew it crashed in 1984…which is when I knew I had to get a real job. 

I then moved through a number of startups. In my first nine years I worked for five and a half companies before I joined Symantec. It’s sort of been the norm for engineering—people move around, get some expertise, market it, and move on to the next one.

What made you stick with Symantec?

“It’s meaningful work, you know? We’re fighting bad guys, we’re doing good. We have a great team of engineers, and it’s always been fun—and continues to be.”

I told my kids when they were growing up that there’s what you’re good at, what you enjoy, and what you get paid for. I’ve been fortunate that I have all three. And that’s why I’m still doing it. It’s like a perpetual hobby that I’m getting paid for.

Is there anything from your time in cybersecurity that you’re particularly proud of?

In the early 2000s, cybersecurity was dealing with the transition from files being infected to machines being infected. We came up with a fundamental change in the way that security should be handled. We’re only now beginning to realize the system we envisioned 20 years ago—we were pretty ahead of our time. It’s one of those interesting what-ifs that make you appreciate the innovation that started it all.

The making of Adaptive Protection

How did Adaptive Protection, one of your standout projects, emerge as a solution?

Much as it chagrins me, Adaptive Protection sort of came out of the open seating arrangement that Symantec had adopted—which I was very opposed to.

I was sitting at my desk, and some people were talking. Something clicked in my head about what they said. I was like, “Wait a minute. What if we could learn what behaviors were used in an organization and make the policy adapt to those normal behaviors, and block abnormal behaviors that could be signs of malicious activity?” 

That’s when I realized we needed to break the one-size-fits-all paradigm of traditional security. Since we couldn’t block these actions for everyone, we needed to mold protection to reflect how each organization actually behaved. The idea is if a behavior is unused in the organization, or has specific patterns, our default is that we don’t allow that behavior, or we limit that behavior using exceptions. It all just came together.

When you were developing Adaptive Protection, how did you decide what to remove from systems?

A computer system is like a toolbox. It's got all these tools that do good things, but they can also be used for bad things (such as with LOTL attacks). Our goal was to kick things out of the toolbox that you didn't need. Like, if your house only has screws, then you don’t need a hammer. There’s nothing wrong with a hammer, but a hammer can break a window.

If you don’t need it, let’s take it off the table.

MRG Effitas found Adaptive Protection was able to identify malware activity 4 seconds sooner. Why does that matter?

“Those 4 seconds could be the difference between a protected machine and total destruction.” 

In that time, how much critical data could be exfiltrated? How many files could be destroyed? And could the threat escape to another machine before it can be stopped. Adaptive Protection breaks traditional security testing because it’s designed to adjust to an organization’s unique configurations.

Why is the right kind of testing so important?

Testing has to reflect real-world environments. If you just run a file against one configuration, you’re missing the point. Malware behaves differently across setups, and Adaptive Protection is built for that reality.

Redefining standards for a more secure future

Why is your work with standards organizations like AMTSO and IEEE ICSG so critical?

Testing isn’t just about internal validation. It has industry-wide implications, which is why testing standards are so important. Being able to influence stuff like testing standards is… something I feel I made a real contribution to not only the company, but also to the industry.

What trends in cybersecurity are more likely to drive innovation next, aside from AI? 

If I could fast-forward to the end of where we would be, we would not be needing to write proactive signatures. We would have a system that takes all of these disparate events from everything, with an engine that quickly starts contributing to it. We want to make it as difficult as possible for attackers to circumvent. This is what drives innovation.

Experience shapes our community and our security

In cybersecurity, no one has all the answers. Progress happens when we pool our knowledge, challenge our assumptions, and look out for one another. With Broadcom’s R&D engine (the company spent over $11,000 a minute on R&D in fiscal 2025), Symantec and Carbon Black strive to ask the important questions and share what we’ve learned—across teams, companies, and the community at large. 

After decades in the trenches, experts like Mark remind us that protection must evolve as quickly as the threats do. Breakthroughs like Adaptive Protection embody years of insight, collaboration, and innovation across Symantec’s legendary team.

Read the Putting Adaptive Protection to the Test whitepaper to see how Adaptive Protection stops LOTL attacks and other threats without disrupting day-to-day operations for end-users. 

You might also enjoy

Cyber Legends: Inside the Mind of a STAR

Dan Mellinger

Dan Mellinger

Head of Communications, Enterprise Security Group