Armin Pelkmann

Threat Researcher

Talos Security Intelligence and Research Group

Almost immediately after making his first connection to the Internet in his early teens, Armin Pelkmann began diving into the world of hackers and security. By the time he was 18, he already had his first job in security, writing about security threats for a large Internet service provider in Germany. He then took that real-world experience to the University of Applied Science (Fachhochschule) in Münster, where he studied Internet and computer engineering. An opportunity to intern in Munich for Northern California-based IronPort Systems set in motion Pelkmann’s journey to become a Threat Researcher for the Cisco Talos Security Intelligence and Research Group. At IronPort, Pelkmann did malware research, primarily for email security initiatives, and applied that knowledge to complete a master’s thesis on Simple Mail Transfer Protocol (SMTP).

Today, as part of the Talos team at Cisco, Pelkmann is the “go-to guy” for email security issues, and has expanded his expertise to include web security. His research helps the Talos team to connect the dots on campaigns launched through email or the web, so they can develop the full picture of an attack. Additionally, Pelkmann pursues original threat research, and works with law enforcement agencies to help them identify threat actors.

Previous roles

Pelkmann was hired by IronPort after completing his education, and for the next four years served as a software engineer for the backend of the company’s anti-spam software. He joined Cisco after it acquired IronPort. He soon moved into the role of Technical Product Manager, where he assumed technical leadership for Cisco Security web properties.

In 2013, he became a Threat Researcher for Cisco, and now spends his workdays exploring what he calls the “giant playground” of Cisco threat intelligence data—a “maze of gold where you can find something awesome behind every corner.”

More about Armin Pelkmann …

Pelkmann grew up in Münster, Germany, but now calls the San Francisco Bay Area his home. Since moving to Northern California, he has taken up surfing, and enjoys many other sports, including swimming, yoga, and cycling. Pelkmann is also an avid snowboarder, and first became a fan of the sport when living in Germany. He also enjoys photography.


September 22, 2014


Threat Spotlight: “Kyle and Stan” Malvertising Network 9 Times Larger Than Expected

3 min read

This post was authored by Armin Pelkmann. On September 8th, Cisco’s Talos Security Intelligence & Research Group unveiled the existence of the “Kyle and Stan” Malvertisement Network. The network was responsible for placing malicious advertisements on big websites like amazon.com, ads.yahoo.com, www.winrar.com, youtube.com and 70 other domains. As it turns out, this was just the tip of the iceberg. Ongoing research now reveals […]

September 8, 2014


Threat Spotlight: “Kyle and Stan” Malvertising Network Threatens Windows and Mac Users With Mutating Malware

9 min read

This post was authored by Shaun Hurley, David McDaniel and Armin Pelkmann. Update 2014-09-22: Updates on this threat can be found here Have you visited amazon.com, ads.yahoo.com, www.winrar.com, youtube.com, or any of the 74 domains listed below lately? If the answer is yes, then you may have been a victim to the “Kyle and Stan” […]

July 14, 2014


Big Data: Observing a Phishing Attack Over Years

4 min read

Overview Phishing attacks use social engineering in an attempt to lure victims to fake websites. The websites could allow the attacker to retrieve sensitive or private information such as usernames, passwords, and credit card details. Attacks of this kind have been around since 1995, evolving in sophistication in order to increase their success rate. Up until now, […]