Meet Anne An

Senior Security Researcher

By Michael Alicea · August 25, 2022

At Trellix, we celebrate and champion our people. I’ve been hearing a lot recently about one of my colleagues, Anne An. My sources tell me she is a highly technical and “intuitive” researcher embedded on our frontlines as a key member of our Advanced Programs Group (APG). She leads threat analysis projects, performs qualitative research on advanced attacks, cybercriminal threats, geopolitical intelligence, risk analysis, as well as cyber campaigns and threat groups in the Asia-Pacific region.

**MICHAEL:**Anne, your reputation precedes you.

ANNE: Thank you, Michael. Not sure what you’re talking about. But since you’re smiling, maybe I should take that as a good sign?

**MICHAEL:**You should, indeed! (Laughing). Thanks for making some time for me today.

ANNE: My pleasure. I understand you want to talk about what I do at Trellix, right?

MICHAEL: Yes. But I also want to get to know you a little bit. I heard you were recruited into the cybersecurity field about 10 years ago?

ANNE: Yes. In 2011. Back at that time, I was at the Project 2049 Institute, a D.C.-based think tank that does a lot of research on the Chinese People’s Liberation Army. I was doing open-source research on the PLA’s ballistic missile force, Second Artillery Corps. It’s a very secretive organization.

**MICHAEL:**Two minutes into the interview and we’re already brushing up against the “secret stuff”. This is great!

ANNE: It was really exciting work. I found the research fascinating. It taught me a lot of skills. I was chasing down information in unconventional ways, lurking in veterans’ forums to see if anyone would spill some stories that I could use. I dialed in on Chinese resources to try to figure out what this group does and where they are located.

“In 10 years, I will still be working in cybersecurity. Inspiring women not to be afraid of this male-dominated industry or worried about not having a degree in computer engineering. If you don’t have a science background, it’s ok because you can learn. You can adapt. You can bridge disciplines and be part of our soulful work.”

MICHAEL: Fascinating. Just fascinating…

ANNE: At that time, not a lot of people knew about cybersecurity. It was especially thought of as IT-related, like fixing computer caches, or something. So, I know a lot about China, but I actually didn’t know a lot about cybersecurity.

MICHAEL: So, you’re not a computer science major?

ANNE: Right. But over time, I picked up technical skills and eventually found myself at Trellix.

**MICHAEL:**Tell me about that. About what you do with us.

ANNE: I’m a member of the Trellix Advanced Programs Group. We’re 100% client-facing and support both government agencies and private sector customers. We answer our clients’ requests for information based on specific intelligence requirements. It’s domain analysis based on a set of indicators or artifacts provided by our customers. I try to determine whether these sets of indicators are associated with a specific threat actor group or a cyber-criminal group or nation-state.

MICHAEL: It’s amazing work!

ANNE: Right, it’s interesting. I think the cybersecurity field needs right now are people who can bridge this gap between the technical world and all the other questions customers need answered. Engineers look at the facts and decide, “OK, I block this threat; I eliminate this IP address; then I add this to a blacklist.” But intelligence analysts look for insights into the human behind the veil. And they say to themselves “Right there. There’s a pattern.”

**MICHAEL:**I’m intrigued. Can you give me an example?

ANNE: Sure. So, a government client discovered several suspicious IPs scanning its network. They didn’t know what they were or what to do with them. They suspected nation-state actors but didn’t have any evidence because the party was using proxies to scan the endpoints. In this case, we took these indicators – a mix of hashes, IPs and domains – and injected them into our own tools. Then we used infrastructure analysis to peer down two or three levels to see their infrastructure connections. We figured out who the most likely actor was and gave the customer recommendations on what they should do.

**MICHAEL:**Got it. What’s your role in the process?

ANNE: As a senior analyst, I delegate or get people’s input together to put together an intelligence report and send it back to our customer. If you’ve been in the industry for this long, you can get a pretty good intuition about where to look, because it’s a vast pool of information and it can be hard to know where to start. My job is to help them get started and look in the right direction.

MICHAEL: And then deliver the customer the full threat assessment?

ANNE: Exactly. When I meet our customer, instead of listening to technical details, they just just want to know “why” and “how” and “who”. Those are the really difficult questions, right? Because you must qualify your answers with various confidence levels and assessments. You can’t just tell them all of this flat out. It’s important to walk them through to process.

MICHAEL: I totally get it.

ANNE: I walk them through it, and show them my approach and my methodologies. I think that’s important to build a trusting relationship. There’s often a tug of war. They don’t want to tell us a lot of what’s happening in their networks, which we understand. That’s not always something you want to tell people. But those insights help us make a more accurate analysis. The more we know, the more we can do. It’s all about earning trust.

MICHAEL: Tell us about you. What languages do you speak?

ANNE: I read and write fluent Mandarin Chinese. My parents were from Taiwan. I travelled back and forth to Taiwan throughout my childhood.

MICHAEL: What do you like to do when you’re not working?

ANNE: I’m pretty active I’m a runner. Triathlons. I just did the women’s half last month. I actually did the New York City half marathon a while ago. I’m an open water certified diver. I also have a five-year-old son and we do yoga together all the time!

MICHAEL: What are your dreams? Where do you see yourself in, say, 10 years?

ANNE: I will still be working in cybersecurity. Managing a bigger team. Having a bigger impact speaking and influencing more women to participate in STEM-related areas. Inspiring women not to be afraid of this male-dominated industry or worried about not having a degree in computer engineering. If you don’t have a science background, it’s ok because you can learn. You can adapt. You can bridge disciplines and be part of our soulful work.

**MICHAEL:**Well, I certainly hope you’ll still be here. With us. With Trellix.

ANNE:(Laughing). I don’t see why not!

**MICHAEL:**Seriously, though, why do you think Trellix is the right place for you?

ANNE: Ah. Well one reason is that it is fun. I love my job.

**MICHAEL:**Fun? What do you mean?

ANNE: Yes. Like every day, our APG team has lunch together. At the same time. The whole team stops work and we watch very “nerdy” videos. Like ones that focus on really epic fails. We just hang out and play games. We have nerf guns in the office. Does that tell you anything? (Laughing again). The balance between work and play and getting together is always there.

**MICHAEL:**That’s great you feel that way.

ANNE: Yes. But also the company is investing in its people. And I say that because, since the company started, I do see we’re investing resources in me and they care about my career development, which I appreciate. Trellix appreciates people and I have a really good team - having a team is definitely a big drive for me to stay.

I feel appreciated, and I think the work is very interesting. I also have a great platform to publish. The company recognizes our work individually, not just “hey, you’re just one of the teams.” I think that makes Trellix unique in a lot of ways.