The Best Defense

Thor and Loki. The Avengers and Hydra. Superman and Lex Luthor. Superheroes and supervillains. Good vs. evil.

Opposing forces are what make good stories great. Their existence creates conflict, but what happens when they come together? Not as enemies, but as partners working toward the same goal?

As opposite sides of the same coin, Augusta University alumni Doug Burks (BS ’05) and Mark Baggett (BS ’94) understand this give-and-take better than most.

Mark Baggett and Doug Burks

Wearing them down (and making them cry)

Outgoing. Innovative. Highly Intelligent.

Augusta’s own Tony Stark, Doug Burks’ genius manifested at an early age.

When he was 6 years old, Burks received his first computer and soon wrote his first program.

“I was hooked on computers and the fact that it was this thing that you could tell what to do and it had to do it,” he said.

After graduating from Augusta University with a degree in computer science, Burks began working in information technology as a systems administrator and then a computer engineer.

Doug Burks
Doug Burks

Eventually, Burks realized he was bored. So, he began looking for new challenges and started working in cybersecurity.

Burks accepted a position at Morris Communications, and within three years, became the chief information security officer. Like Tony Stark donning the Iron Man suit, Burks put on a suit of his own and went to work to ensure Morris’ networks were defended from attackers.

In order to do this successfully, he had to understand how cybercriminals would target the Morris network.

“We used to do penetration testing,” Burks said. “We broke into our own network to see where the holes where. That kind of mindset helps you become a better defender. You have to start thinking outside of the box.”

There was nothing boring about cybersecurity. There were always new attacks and vulnerabilities, and he excelled at defending his company’s network – so much so that in September 2010, he received the Global Information Assurance Certification (GIAC) Security Expert certification (GSE), a certification so prestigious less than 200 people in the world have attained it.

Essentially, GSE recipients are the best of the best when it comes to information security. They are considered the elite group of information security.

Information security professionals are tasked with protecting information. They ensure that information is not accessed, disrupted, modified or destroyed by an unauthorized person. GSE recipients have shown mastery in all areas of information security, including intrusion detection and incident handling.

Last ones standing

student cyber team
From left: Matt Tennis, Matt Atkinson, Steve Clauson, Harry Zane and Jeremy Garcia

On Friday mornings, the Augusta University cyber defense team, a group of students who compete at collegiate cybersecurity competitions, gathers in the undergraduate Cyber Research Lab in University Hall.

And while most students are preparing for the weekend, the cyber team is practicing for an upcoming competition.

The team, led by captain Matthew Tennis, senior computer science major, competed February at the Southeast Collegiate Cyber Defense Competition (SECCDC) hosted at Kennesaw State University in Kennesaw, Georgia.

At SECCDC, Tennis and his team competed against teams from other universities, including the University of Central Florida, two-time reigning champions, Florida State University, University of Florida and the University of South Carolina.

At cyber competitions, teams work in a pseudo-executive environment. They’re tasked with maintaining their job responsibilities as information technology professionals for a given company. However, they are also faced with attacks to their networks from outside forces.

“The nature of the competition isn’t to win,” Tennis said. “You’re going to get destroyed the entire time. The competition is to see how well you survive or if you survive. It’s a lot like Last Man Standing.”

When training for competitions, the team works to balance practicing their IT skills and preparing to handle the stress of competition.

“It’s a big challenge for us,” Tennis said. “We talk about it quite a bit. We’re going to be losing the entire time and need to be okay with that. We’re fortunate that many of our members are former military, so they’re used to high-stress environments.”

Though stressful, team members view these competitions as a way to further their skills.

“It’s a great opportunity to learn extra skills and add an extracurricular activity to your resume,” said Matt Atkinson, senior information technology student and cyber defense team member. “We’re taking what we learn in classes and applying it to a scenario like these competitions. We’re also furthering our own skillset.” Tennis also believes the cyber team is preparing him for his career.

“Classes help a lot because you learn concepts and theory,” he said. “However, this is more a practical-based thing. As with any discipline, you don’t really get practical experience unless you look for opportunities outside the classroom. So, this is definitely more practical experience.”

As the students prepare for competition, they’ve had the opportunity to learn from Augusta University alums, like Doug Burks.

“We had the pleasure of talking to Doug Burks and asking him questions,” Tennis said. “He walked us through how to use the software.”

After a final competition, Tennis and Atkinson will both graduate in May and hand over the reins of the cyber defense team. With the recent opening of the Cyber Institute space on the Summerville Campus, the pair believes next year’s team will be in good hands.

“When we joined the team, we had a good system and support, but not the environment we needed,” Tennis said. “With the opening of the Cyber Institute, it’s been easier to put the knowledge we learn from professors and textbooks into practice and see how it would be used in an enterprise environment.”

After graduation, both men hope to begin careers in the technology field. They are confident that two years as members of the cyber defense team combined with their education at Augusta University have prepared them for whatever comes next. [/su_note]

In order to obtain the certification, Burks had to complete several prerequisites. Although he works on the defensive side of cybersecurity, he had to show mastery of both offensive and defensive components. He is the 24th recipient of the GSE.

As Burks continued to work in cybersecurity, he came across a challenge that didn’t have a solution. As time passed, Burks realized he knew how to solve the problem.

“I was getting really focused on the best way to monitor and defend a computer network,” he explained. “I felt there was a need for this. Existing solutions were too expensive or didn’t provide enough visibility. There was a need for software that folks could quickly and easily download.”

In 2008, Security Onion was born.

“Security Onion is a collection of software that is used for peeling back the layers of networks and making your adversaries cry,” Burks said.

Security Onion helps information technology and cybersecurity professionals monitor and defend their networks. Similar to the Iron Man suit, which protects the vulnerable occupant with multiple layers of defenses, the Security Onion software contains layers that keep an organization protected and can aid in times of crisis.

Over the past eight years, the free software has grown in popularity and has been downloaded over 300,000 times.

It is used nationally by the Department of Defense, and Burks spends much of his time teaching at Fort Gordon and other military bases. It is also employed by militaries around the world, including Canada and countries in the European Union.

Burks also provides cybersecurity training and services to businesses and organizations.

Security Onion software is even used by Augusta University’s cyber defense team (see sidebar).

Burks recalls teaching Security Onion software to cybersecurity professionals at a multi-billion dollar utility company.

“I was on site with them and took them through our standard four-day training class,” Burks said. “On the fifth day, I took them on a hunting trip on their own network to find bad guys.”

Within minutes, Burks and his students found one of the company’s database servers was communicating to an IP address in China.

“It shouldn’t have been doing that,” Burks said. “This had been going on for a while. Nobody knew about it.”

Unfortunately, according to Burks, this is symptomatic of many organizations.

“They don’t know what’s going on in their networks until they start looking,” he said. “In this case, it turned out to be a misconfiguration, but it could have been bad. If this had been an actual compromise, they may not have known about it until it was too late. The attacker could have gotten access to confidential information.”

Burks remains busy teaching organizations how to best defend their networks. Like Tony Stark, who has designed and built many versions of the Iron Man armor, Burks must also keep Security Onion up-to-date as well.

“Every piece of software in the world has vulnerabilities,” he said. “Security Onion is no different. The main thing to keep in mind is trying to find vulnerabilities and fix them as quickly as possible.”

Meanwhile, Mark Baggett is also working to keep networks secure … by hacking into them.

Knocking them out

Mark Baggett
Mark Baggett

If Burks is the Iron Man of cyber defense, Mark Baggett could be called the Batman of the cybersecurity world. While not exactly a villain, he serves up a darker form of justice through his company In Depth Defense.

In Depth Defense, a private consulting company, specializes in helping organizations’ networks remain safe and secure. Like the Dark Knight, Baggett does this by becoming something of a vigilante, essentially by assuming the role of an attacker and breaking into an organization’s network. It’s the kind of penetration testing Burks did early in his career, but far more targeted.

“Many companies don’t really understand what will happen if an attacker breaks into their network,” Baggett said. “What are the key resources they have? Can attackers get to those? We come in and demonstrate exactly what happens when an attacker breaks into their network.”

Similar to the world’s greatest detective, Baggett usually gets called in after the damage has been done.

In Depth Defense also specializes in incident response. The company gets called in when an organization’s network gets compromised.

“We go in and help organizations determine how attackers got into their network, how they can get rid of the attacker and what kind of information was stolen,” Baggett said. “We contain the problem so that they understand what’s going on and then how they can move forward.”

And like Batman, the only difference between Baggett and cybercriminals is intent.

“If what I do is different than what the attackers do, then I’m not really fulfilling my promise to the customer which is, I will show you what an attacker will do when they get on a network,” Baggett said. “So, I have to behave as much like the criminal as possible so that I can show an organization what is going to happen. But when I gain access to that data, I’m not going to walk away with it.”

To accomplish this, he must think like a cybercriminal.

“If I find a computer had been compromised, my first thought is, ‘If I had compromised this machine, what are the first things that I would have done,’” Baggett said. “‘What are the next places I would have gone? What data would I have taken when I got into this machine?’”

Because Baggett can think like a cybercriminal, he can determine how a hacker got inside a network as well as what the hacker’s next steps would be.

He explains his offensive role like this: “If the only thing you know is defense and you don’t know how you would have gotten here or where you would have gone next, then you’re not able to go and find those clues and see exactly how far the attacker would have gone.”

Baggett’s ability to think like a hacker or cybercriminal goes all the way back to the Atari 2600, his first video game console. His father purchased an 8-bit basic programming cartridge that could be used with the Atari joystick to write a small program. It was Baggett’s first exposure to building code.

As Baggett continued to play video games, he became interested in hacking the system to bypass game controls and change the behavior of his characters.

“It’s been something that I just always knew I wanted to do,” Baggett said. “When the opportunity came up to attend Augusta University and build those skills in a professional way that I could take what I was passionate about and turn that into a career, I jumped on the opportunity.”

Since graduating from Augusta University, Baggett worked in the information technology industry before eventually becoming a security professional, a career path he views as the ultimate challenge. But it’s a challenge that Baggett mastered.

In July 2009, Baggett became the 15th recipient of the GSE, proving his mastery of all aspects of cybersecurity.

However, Burks and Baggett aren’t the only cyber superheroes in Augusta.

According to Baggett, Augusta likely has one of the highest concentrations of people who have passed the GSE in the world. Eight people living in Augusta have received the certification. Baggett attributes this to the U.S. Army Cyber Command at Fort Gordon and Augusta’s growing information security community.

Augusta University has played a large role in expanding this community.

In September, the Augusta University Cyber Institute opened its doors. The Cyber Institute is dedicated to cyber education, outreach and research. The 9,000-square-foot institute includes a state-of-the-art cyber lab, a study lounge for students, a cyber coffee bar area and 15 offices.

“If what I do is different than what the attackers do, then I’m not really fulfilling my promise to the customer…”

—Mark Baggett

A month after the opening, the university and the National Security Agency’s (NSA) Cryptologic School (NCS) publicly signed an articulation agreement that will increase educational opportunities for NCS students by allowing them to earn their undergraduate degrees at Augusta University.

In November, the university was designated an NDS/DHS National Center of Academic Excellence by the NSA and the Department of Homeland Security. This designation places Augusta University among the top 4 percent of U.S. universities teaching cybersecurity across the nation.

And in January, Gov. Nathan Deal announced the creation of the Georgia Cyber Innovation and Training Center, to be located on land adjacent to the Riverfront Campus. (See Securing the Future.)

As the information security community continues to grow, Augusta University will be at the forefront, educating and preparing students to enter the work force.

THE ONE-TWO PUNCH

Though Burks and Baggett approach cybersecurity from different angles, the goal is the same. Protecting information. More often than not, they get the same results.

“The old saying, ‘the best defense is a strong offense,’ very much comes into play when it comes to information security,” Baggett said.

As technology advances, the defensive and offensive aspects of cybersecurity will continue to work together to ensure the safety and security of Augusta’s growing cybersecurity community.

As for Burks and Baggett, they said they both look forward to the challenges yet to come.

“I’m excited to be on the cusp of what’s about to happen,” Burks said. “Dr. Keel has said this is a cyber tsunami. I’m excited to see what happens and continue to work to build our community.”

Like
Like Love Haha Wow Sad Angry
Share your story
Our best stories often come from suggestions from the campus community.

For nearly 200 years, Augusta University and its legacy institutions have been centers of learning and drivers of discovery and innovation in Augusta, the state of Georgia and beyond. Our community of alumni, students, faculty and friends are amazing people living incredible lives and making invaluable contributions to our world.

We are pleased to publish four magazines in which we get to tell their stories: