"This was great except it is hard to get a lot of people to download the toolbar," she says. So the team met with Microsoft and told them the toolbar needed to be in the Internet Explorer browser and not be optional. It is now in Firefox and Chrome.
She says the cybercriminals were "extremely creative and extremely tenacious".
"It was just hard," she says. "They were always finding some new attack against the eBay website or customers. After three years of fighting, I was very burned out because I felt like I kept failing."
"It took me around six months to really step back and think, I have built technology when I was at eBay to try to protect users. But I realise we built it slightly wrong, we built it to look at a web server and say 'Is this web server's traffic looking suspicious?'
"That was fairly good. What we needed to do was look across a user and say, what is this user is doing? Does that look suspicious? Until you understand the entire user session [only] then you can understand if it is suspicious."
Mather says she is seeing a "real change" in the demographics of the attackers, who were usually "technological savvy".
"Now there is a sort of 'cybercrime as a service'. The really smart guys are creating the tools to do the attacks and they sell those to people who do not need to have the technological expertise. All they need is the money to buy the tools and they can use those in the attacks. It is very much becoming an actual economy and underground economy."
She says a lot of time information security is viewed as "geeky and not sexy".
"But the way I look at what we do as a company, as RSA, we are CSI computer," she says, in a reference to the popular television crime show. "We are finding attacks, we are investigating those attacks, we are getting to the basis of who is perpetrating those attacks, who the victims are, how can we help those victims? That is pretty darn sexy."
One thing she is sure about is that the information security industry will need as many people as possible in the next 10 years.
"If you want to be hardcore security, you are going to need math, computer science. But there are lots of other ways to do it as well," she says. "We need people who will help us build user interfaces that make the CSI computer guys really quickly find the attack. We need people who are going to help us communicate to the victim, 'hey this is what happened'. That is a hard thing to do and you have to do it in a compassionate and empathic way."
Sign up for Computerworld eNewsletters.