top of page
Search

watchTowr Taps Hacker Legend Ryan Dewhurst to Supercharge Threat Intel Arm at Machine Speed

In the escalating race between attackers and defenders, watchTowr has just added nitro to its tank. The Singapore-based cybersecurity upstart, known for its high-velocity external attack surface management (EASM) platform, announced the appointment of Ryan Dewhurst—one of the industry’s most battle-hardened security researchers—as its new Head of Threat Intelligence.


Dewhurst isn’t just another hire with a résumé full of acronyms. He’s the creator of Damn Vulnerable Web App (DVWA), the go-to testbed for ethical hackers, and founder of WPScan, the WordPress vulnerability scanner that became so essential, Automattic snapped it up. His recent work on KEVIntel, a real-time feed for known exploited vulnerabilities, has become a favorite among defenders desperate for speed and signal in a noisy threat landscape.


Now, Dewhurst brings his full-stack offensive know-how to watchTowr’s already-aggressive threat intelligence program.


“Threat intelligence is at its best when it drives fast, confident, and actionable decisions,” said Dewhurst. “My role is to inject even more speed, precision, and insight into that engine… This is all about giving watchTowr customers the upper hand against ransomware gangs and APTs who are betting they can move faster than defenders.”

And that speed isn’t just marketing fluff. watchTowr’s platform routinely analyzes and replicates vulnerabilities hours—or even days—before other firms add them to their threat feeds. It's not unusual for the company to detect in-the-wild exploitability before CVEs are fully published, thanks to Attacker Eye, a massive honeypot network engineered to behave like real cloud and enterprise environments.


The telemetry captured from this global decoy grid fuels watchTowr Instinct, a machine learning engine that attempts to forecast which new vulnerabilities will get weaponized—and how fast.


“Ryan brings deep technical expertise and a strategic mindset to watchTowr at a critical moment,” said Benjamin Harris, CEO and founder of watchTowr. “It’s all about helping defenders accurately identify, validate, and prioritize the exposures that matter most at a speed that’s unmatched in the industry.”


That timing couldn’t be more urgent. Threat actors—including ransomware groups and state-sponsored APTs—now routinely exploit critical flaws within four hours of public disclosure. And those are just the bugs we know about. watchTowr’s approach isn’t just to catch up to attackers—it’s to beat them to the punch.


Dewhurst will lead the charge in transforming raw telemetry and TTP data into operational threat intelligence inside the watchTowr Platform, with a specific focus on automating red team behavior, surfacing exploitable exposures, and shortening the gap between discovery and defense.


If watchTowr’s past performance is any indicator, Dewhurst’s addition could push the industry’s threat intelligence tempo into an entirely new gear. And in this race, milliseconds matter.

bottom of page