The Best Defense
Thor and Loki. The Avengers and Hydra. Superman and Lex Luthor. Superheroes and supervillains. Good vs. evil.
Opposing forces are what make good stories great. Their existence creates conflict, but what happens when they come together? Not as enemies, but as partners working toward the same goal?
As opposite sides of the same coin, Augusta University alumni Doug Burks (BS ’05) and Mark Baggett (BS ’94) understand this give-and-take better than most.
WEARING THEM DOWN (AND MAKING THEM CRY)
Outgoing. Innovative. Highly Intelligent.
Augusta’s own Tony Stark, Doug Burks’ genius manifested at an early age.
When he was 6 years old, Burks received his first computer and soon wrote his first program.
“I was hooked on computers and the fact that it was this thing that you could tell what to do and it had to do it,” he said.
After graduating from Augusta University with a degree in computer science, Burks began working in information technology as a systems administrator and then a computer engineer.
Eventually, Burks realized he was bored. So, he began looking for new challenges and started working in cybersecurity.
Burks accepted a position at Morris Communications, and within three years, became the chief information security officer. Like Tony Stark donning the Iron Man suit, Burks put on a suit of his own and went to work to ensure Morris’ networks were defended from attackers.
In order to do this successfully, he had to understand how cybercriminals would target the Morris network.
“We used to do penetration testing,” Burks said. “We broke into our own network to see where the holes where. That kind of mindset helps you become a better defender. You have to start thinking outside of the box.”
There was nothing boring about cybersecurity. There were always new attacks and vulnerabilities, and he excelled at defending his company’s network – so much so that in September 2010, he received the Global Information Assurance Certification (GIAC) Security Expert certification (GSE), a certification so prestigious less than 200 people in the world have attained it.
Essentially, GSE recipients are the best of the best when it comes to information security. They are considered the elite group of information security.
Information security professionals are tasked with protecting information. They ensure that information is not accessed, disrupted, modified or destroyed by an unauthorized person. GSE recipients have shown mastery in all areas of information security, including intrusion detection and incident handling.
In order to obtain the certification, Burks had to complete several prerequisites. Although he works on the defensive side of cybersecurity, he had to show mastery of both offensive and defensive components. He is the 24th recipient of the GSE.
As Burks continued to work in cybersecurity, he came across a challenge that didn’t have a solution. As time passed, Burks realized he knew how to solve the problem.
“I was getting really focused on the best way to monitor and defend a computer network,” he explained. “I felt there was a need for this. Existing solutions were too expensive or didn’t provide enough visibility. There was a need for software that folks could quickly and easily download.”
In 2008, Security Onion was born.
“Security Onion is a collection of software that is used for peeling back the layers of networks and making your adversaries cry,” Burks said.
Security Onion helps information technology and cybersecurity professionals monitor and defend their networks. Similar to the Iron Man suit, which protects the vulnerable occupant with multiple layers of defenses, the Security Onion software contains layers that keep an organization protected and can aid in times of crisis.
Over the past eight years, the free software has grown in popularity and has been downloaded over 300,000 times.
It is used nationally by the Department of Defense, and Burks spends much of his time teaching at Fort Gordon and other military bases. It is also employed by militaries around the world, including Canada and countries in the European Union.
Burks also provides cybersecurity training and services to businesses and organizations.
Security Onion software is even used by Augusta University’s cyber defense team (see sidebar).
Burks recalls teaching Security Onion software to cybersecurity professionals at a multi-billion dollar utility company.
“I was on site with them and took them through our standard four-day training class,” Burks said. “On the fifth day, I took them on a hunting trip on their own network to find bad guys.”
Within minutes, Burks and his students found one of the company’s database servers was communicating to an IP address in China.
“It shouldn’t have been doing that,” Burks said. “This had been going on for a while. Nobody knew about it.”
Unfortunately, according to Burks, this is symptomatic of many organizations.
“They don’t know what’s going on in their networks until they start looking,” he said. “In this case, it turned out to be a misconfiguration, but it could have been bad. If this had been an actual compromise, they may not have known about it until it was too late. The attacker could have gotten access to confidential information.”
Burks remains busy teaching organizations how to best defend their networks. Like Tony Stark, who has designed and built many versions of the Iron Man armor, Burks must also keep Security Onion up-to-date as well.
“Every piece of software in the world has vulnerabilities,” he said. “Security Onion is no different. The main thing to keep in mind is trying to find vulnerabilities and fix them as quickly as possible.”
Meanwhile, Mark Baggett is also working to keep networks secure … by hacking into them.
KNOCKING THEM OUT
If Burks is the Iron Man of cyber defense, Mark Baggett could be called the Batman of the cybersecurity world. While not exactly a villain, he serves up a darker form of justice through his company In Depth Defense.
In Depth Defense, a private consulting company, specializes in helping organizations’ networks remain safe and secure. Like the Dark Knight, Baggett does this by becoming something of a vigilante, essentially by assuming the role of an attacker and breaking into an organization’s network. It’s the kind of penetration testing Burks did early in his career, but far more targeted.
“Many companies don’t really understand what will happen if an attacker breaks into their network,” Baggett said. “What are the key resources they have? Can attackers get to those? We come in and demonstrate exactly what happens when an attacker breaks into their network.”
Similar to the world’s greatest detective, Baggett usually gets called in after the damage has been done.
In Depth Defense also specializes in incident response. The company gets called in when an organization’s network gets compromised.
“We go in and help organizations determine how attackers got into their network, how they can get rid of the attacker and what kind of information was stolen,” Baggett said. “We contain the problem so that they understand what’s going on and then how they can move forward.”
And like Batman, the only difference between Baggett and cybercriminals is intent.
“If what I do is different than what the attackers do, then I’m not really fulfilling my promise to the customer which is, I will show you what an attacker will do when they get on a network,” Baggett said. “So, I have to behave as much like the criminal as possible so that I can show an organization what is going to happen. But when I gain access to that data, I’m not going to walk away with it.”
To accomplish this, he must think like a cybercriminal.
“If I find a computer had been compromised, my first thought is, ‘If I had compromised this machine, what are the first things that I would have done,’” Baggett said. “‘What are the next places I would have gone? What data would I have taken when I got into this machine?’”
Because Baggett can think like a cybercriminal, he can determine how a hacker got inside a network as well as what the hacker’s next steps would be.
He explains his offensive role like this: “If the only thing you know is defense and you don’t know how you would have gotten here or where you would have gone next, then you’re not able to go and find those clues and see exactly how far the attacker would have gone.”
Baggett’s ability to think like a hacker or cybercriminal goes all the way back to the Atari 2600, his first video game console. His father purchased an 8-bit basic programming cartridge that could be used with the Atari joystick to write a small program. It was Baggett’s first exposure to building code.
As Baggett continued to play video games, he became interested in hacking the system to bypass game controls and change the behavior of his characters.
“It’s been something that I just always knew I wanted to do,” Baggett said. “When the opportunity came up to attend Augusta University and build those skills in a professional way that I could take what I was passionate about and turn that into a career, I jumped on the opportunity.”
Since graduating from Augusta University, Baggett worked in the information technology industry before eventually becoming a security professional, a career path he views as the ultimate challenge. But it’s a challenge that Baggett mastered.
In July 2009, Baggett became the 15th recipient of the GSE, proving his mastery of all aspects of cybersecurity.
However, Burks and Baggett aren’t the only cyber superheroes in Augusta.
According to Baggett, Augusta likely has one of the highest concentrations of people who have passed the GSE in the world. Eight people living in Augusta have received the certification. Baggett attributes this to the U.S. Army Cyber Command at Fort Gordon and Augusta’s growing information security community.
Augusta University has played a large role in expanding this community.
In September, the Augusta University Cyber Institute opened its doors. The Cyber Institute is dedicated to cyber education, outreach and research. The 9,000-square-foot institute includes a state-of-the-art cyber lab, a study lounge for students, a cyber coffee bar area and 15 offices.
A month after the opening, the university and the National Security Agency’s (NSA) Cryptologic School (NCS) publicly signed an articulation agreement that will increase educational opportunities for NCS students by allowing them to earn their undergraduate degrees at Augusta University.
In November, the university was designated an NDS/DHS National Center of Academic Excellence by the NSA and the Department of Homeland Security. This designation places Augusta University among the top 4 percent of U.S. universities teaching cybersecurity across the nation.
And in January, Gov. Nathan Deal announced the creation of the Georgia Cyber Innovation and Training Center, to be located on land adjacent to the Riverfront Campus. (See Securing the Future.)
As the information security community continues to grow, Augusta University will be at the forefront, educating and preparing students to enter the work force.
THE ONE-TWO PUNCH
Though Burks and Baggett approach cybersecurity from different angles, the goal is the same. Protecting information. More often than not, they get the same results.
“The old saying, ‘the best defense is a strong offense,’ very much comes into play when it comes to information security,” Baggett said.
As technology advances, the defensive and offensive aspects of cybersecurity will continue to work together to ensure the safety and security of Augusta’s growing cybersecurity community.
As for Burks and Baggett, they said they both look forward to the challenges yet to come.
“I’m excited to be on the cusp of what’s about to happen,” Burks said. “Dr. Keel has said this is a cyber tsunami. I’m excited to see what happens and continue to work to build our community.”