Michael Francess is the senior manager of cybersecurity advanced threat and response at Wyndham Hotels & Resorts. We were able to talk with Michael about his fascination with cybersecurity during his youth, role at Wyndham, and how the RH-ISAC community has impacted him.
Tell us about yourself and your background.
I have been with Wyndham for six years, leading their Advanced Threat team within cybersecurity. In my role, I oversee all functions related to Threat Intelligence, Threat Hunting/Detection Engineering, and Incident Response. My day-to-day involves tracking threat actors of interest, consuming/producing threat intelligence products for internal stakeholders, and assisting our various cybersecurity teams with triage of security events. My biggest passion areas within cybersecurity is the analysis of malware and threat actor tradecraft.
Why did you decide to pursue a career in cybersecurity? How did you start your career?
I grew up early on the internet. I was privileged enough to have early access to cable internet in elementary school back in the 90s through middle and high school in the 2000s and started building computers and playing PC video games in the 6th grade. It was when I first discovered “computer viruses” and adware, I was hooked. I was interested in finding out where it came from, how I got infected, and how I can fix it. I spent a lot of time in the warez software piracy scene in my high school years and dove deep into reverse engineering software, as well as getting hands on the malware that often comes along with downloading software cracks and tools from seedy places. While in college for my cybersecurity degree at a local state school, I got recruited to join CA Technologies as a junior security analyst, and now I have been in the industry for over 15 years now!
Can you expand upon your role? What are some of your day-to-day duties?
Day-to-day I spent most of my day reading the news, reports, various Slack channels, lots of mailing lists, and generally keeping on top of as much as I can landscape wide. It is important in my role that we are informed and ready to answer questions regarding current events related to cybersecurity. We also triage alerts or hunt for specific behaviors across our stack of tools. We produce several different types of intelligence products internally for our stakeholders both on an ad-hoc and weekly basis. We also present monthly to our IT senior leadership team on what we are observing within Wyndham and the landscape writ large.
What do you enjoy most about the cybersecurity sector?
The constant change: every day there is something new to learn about and analyze. That of course is a double-edged sword as it means we are nowhere near as resilient as we need to be at all levels to deter cybercrime and nation state espionage activity. The people in our industry by and large are super passionate about what we do and want to deliver positive outcomes. The RH-ISAC is a testament to that, some folks who work for the biggest business competitors to Wyndham are some of my favorite folks I work with in the industry.
When did you first discover the RH-ISAC? How has the community impacted you?
I have had the opportunity to interact with RH-ISAC via my previous employer wherein I was a member of FS-ISAC. We had some members with dual-membership, so we got to consume and collaborate with some member organizations and the RH-ISAC SOC. Wyndham Hotels was a member of a previous threat sharing group with a group of hospitality organizations, we were very excited to join RH-ISAC as full members and it’s been incredibly beneficial to us. The community has been really helpful as it level sets us compared to our peers; what they are seeing we will likely see so that collaboration two-way is key. Personally, I really enjoy the working groups and learning from our peers and the unique skillsets they bring. I have really leveled up my OSINT game learning from Chris (De La Rosa) at Dick’s Sporting Goods as just one example!
What are a few of your hobbies and interests outside of your career in cybersecurity?
Right now, most of my free time goes to exploring the cosmos in Starfield! I am also a community manager and I build and maintain the main database for Eastside Hockey Manager, a sports simulator played by tens of thousands of hockey fans worldwide. I am a huge ice hockey (and New York Islanders) fan and in building that database, I have made friends across the globe. I plan on learning how to scout players and potentially submit reports for one of the independent scouting services this season.