Pittsburgh-based cybersecurity nonprofit to expand to Los Angeles, NYC |

Pittsburgh-based cybersecurity nonprofit to expand to Los Angeles, NYC

Philip G. Pavely | Tribune-Review
Adam Mosesso, a malware analyst at the National Cyber-Forensics & Training Alliance, works at one of several computer monitors where the nonprofit tracks the nastiest-known computer viruses. The Pittsburgh-based Alliance tracks dozens of viruses at any time in its malware laboratory, watching for changes so it can alert members. (Philip G. Pavely | Tribune-Review)
Philip G. Pavely | Tribune-Review
Adam Mosesso points out malware at National Cyber-Forensics & Training Alliance, Wednesday, Jan. 7, 2016.
Philip G. Pavely | Tribune-Review
David Johnson, malware program manager at the National Cyber-Forensics & Training Alliance in Pittsburgh, looks for changes in the code of a computer virus. The nonprofit tracks dozens of the nastiest-known computer viruses so it can alert members to any changes. (Philip G. Pavely | Tribune-Review)
Philip G. Pavely | Tribune-Review
By tracking the nastiest computer viruses continuously, the National Cyber-Forensics & Training Alliance can watch for changes and alert its members, says Steve Mancini, the nonprofit's chief technology officer. The Alliance plans to open new offices in New York City and Los Angeles. (Philip G. Pavely | Tribune-Review)

A quiet, Pittsburgh-based cybersecurity nonprofit expects to announce plans this week for offices in New York City and Los Angeles, marking its first expansion out of Western Pennsylvania, the Tribune-Review has learned.

The National Cyber-Forensics & Training Alliance keeps a low profile but has been hailed by President Obama and national leaders for bringing together public agencies and private companies to fight online crime.

The group began informing its members about the expansion during the past two weeks.

“It’s only going to make us stronger,” Matt LaVigna, the group’s interim president, CEO and director of operations, told the Trib. “By going to Los Angeles and New York, these are going to be extensions of the work we’re doing here. The command and control will still be here in Pittsburgh.”

The Alliance formed here in 2002, and the planning for it started even earlier — years before data breaches became a household concern. The nonprofit’s founders wanted to create a place where public agencies and private companies could share quick-moving information about computer threats.

When the Alliance started, spam emails were considered the biggest online threat to industry.

Today, the nonprofit Alliance operates out of the Second Avenue technology center, bringing together federal officials with representatives from more than 100 national companies involved in finance, energy, medicine, manufacturing, retail and other sectors. Companies pay to become members.

FBI Director James Comey singled out the nonprofit during a visit to the agency’s Pittsburgh office last week, praising it for bridging communication gaps with business. The FBI’s national office has deployed agents to work with the Alliance.

“We’re trying to forge relationships with the private sector that are appropriate and lawful and effective,” Comey said. “We have to figure out ways to talk to each other. … We have shown how to do that here in a lot of different ways.”

Workers at the Alliance’s headquarters sit among cubicles, each marked with the person’s name and corporate affiliation. If one company or group detects a software weakness or online attack, they can quickly alert the others and mount a common defense, LaVigna said.

For example, an energy company that detects a virus might end up alerting a retailer to an emerging threat, LaVigna said. “Where else can that happen?” he noted.

Michael Spring, an information science professor at the University of Pittsburgh, said that “one of the most significant problems faced in battling cybercrime is the secrecy with which it’s handled. People don’t want to let other people know they’ve been compromised.”

Strong roots

The Alliance’s plan to expand to the nation’s opposite coasts is a natural outgrowth as computer security concerns have become more widespread, Spring said.

The office in New York will seek to reach more Wall Street and financial companies, while the Los Angeles office will target entertainment, energy and port-related companies, LaVigna said. The Alliance will seek to have a broader impact by being in closer proximity with more clients, he said.

“One thing is expanding our reach to industries that we normally wouldn’t have access to, primarily for distance,” LaVigna said. “… There’s value to having that physical touch.”

Inside a malware laboratory lined with banks of monitors, the Alliance’s employees watch computers infected with the nastiest viruses known. At any moment, analysts might be tracking dozens of variants and following them for as little as a couple of weeks to as long as several years, said David Johnson, malware program manager.

The goal is to learn the behavior of each attack and to watch for changes or updates so the Alliance can alert its members, said Steve Mancini, the chief technology officer.

Groups in Japan and Singapore recently replicated the Alliance model, and cybersecurity experts from around the world routinely seek out the Alliance for insight and collaboration.

“We’re proud of our roots here in Pittsburgh,” LaVigna said. “This was definitely an organization that was created here in Pittsburgh. It was not thought of and planted here; it was born here.”

The nonprofit expects to open the offices by August. That could mean moving some Pittsburgh-based employees, though many are glad to be here, LaVigna said.

“They like having the opportunity to do the work they’re doing on a global basis and still be here in Pittsburgh,” he said.

Andrew Conte is a member of the Tribune-Review investigations team. Reach him at 412-320-7835 or [email protected]

TribLIVE commenting policy

You are solely responsible for your comments and by using you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.