Despite growing interest in the economic and policy aspects of information security, little academic research has used field data to examine the development process of a security countermeasure provider. In this paper, we empirically examine the learning process a security software developer undergoes in resolving a malware problem. Using the data collected from a leading antivirus software company in Asia, we study the differential effects of experience on the malware resolution process. Our findings reveal that general knowledge from cross-family experience has greater impact than specific knowledge from within-family experience on performance in the malware resolution process. We also examine the factors that drive the differential effects of prior experience. Interestingly, our data show that cross-family experience is more effective than within-family experience in malware resolution when malware targets the general public than when a specific victim is targeted. Similar results—for example, the higher (lower) effect of cross-family (within-family) experience— were observed in the presence of information sharing among software vendors or during a disruption caused by a catastrophe. Our study contributes to a better understanding of the specific expertise required for security countermeasure providers to be able to respond under varying conditions to fast-evolving malware.