Welcome to a special edition of Breaking Badness. In this bonus episode you’ll hear from two Principal Threat Researchers from Mandiant: Regina Elwell and Alyssa Rahman. They will share how they got started in infosec, what they’re working on right now, and other insights into cybersecurity in general. Plus: speedflying!
Breaking Badness On the Road: Rock Star Researchers from Mandiant, Regina Elwelland Alyssa Rahman
During the first week of October, Mandiant—having recently separated from FireEye—put on its annual Cyber Defense Summit in Washington DC, and Breaking Badness microphones were there. We were fortunate enough to catch up with Regina Elwell, who gave a great presentation with her colleague Daniel Perez, on methodologies for tying seemingly disparate uncategorized (“UNC”) activity groups together in order to better characterize them and attribute activities. A few days later, we also caught up with Mandiant researcher Alyssa “@ramen0x3f” Rahman, who is also studying various activity groups, but from a slightly different perspective. We asked each of them how they got started in infosec, what they’re currently working on, and what they like to do when they’re not busy helping make the Internet safer.
First up was Regina. She got her start in infosec after being inspired by one of the all-time great books on the topic, Cliff Stoll‘s The Cuckoo’s Egg. (Aside: if you haven’t read it, do yourself a favor and get a copy. It’s fascinating, insightful, and quite funny!) At the time, she was working in a completely different industry, but the book made cybersecurity sound fascinating. She got a degree in it, dived in, and hasn’t looked back since. Her presentation at the Summit focused on the methods Mandiant’s Advanced Practices Team (note the acronym!) uses to determine whether clusters of activity that are initially tracked separately are, in fact, the efforts of a common group. This talk was pretty reflective of the day-to-day work Regina and her team are doing on an ongoing basis. Regina doesn’t spend all her time on the ground, however: it turns out that she’s a paragliding enthusiast, and within that sport, speedflying is her jam! It was great getting to know Regina and her world.
Alyssa Rahman is also on Mandiant’s APT (see what they did there?), but her focus is slightly different from Regina’s. One part of her research focuses on learnings from intrusions investigated by the Incident Response team, particularly around techniques used by malicious actors. But she also is quite active as a threat hunter, looking both inside customer environments and out in adversary-space as well. In her hunt activity, she particularly focuses on weak signals: tidbits of tradecraft that, by themselves, may not give a defender much to go on, but which, when correlated with other such signals, can provide significant insights into the nature of a given set of activities. So how did Alyssa get into the field? Well, in a sense there’s a connection to Regina’s background, because she was always intrigued by spy and detective stories, but also into computers. She got a computer science degree with a focus on IR and defenses; shortly after graduation, she joined Mandiant’s red team, and from there transitioned over to the APT after doing a rotation with them. When she’s not at work, Alyssa enjoys krav maga, rock climbing, going to festivals, and hanging out with her cat.
We hope you’ll enjoy hearing from Regina and Alyssa!
That’s about all we have for this week, you can find us on Twitter @domaintools, all of the articles mentioned in our podcast will always be included on our podcast recap. Catch us Wednesdays at 9 AM Pacific time when we publish our next podcast and blog.
*A special thanks to John Roderick for our incredible podcast music!