Mark Langston
Leadership Experience
- As Chief Technical Officer of Taos Mountain, I was responsible for providing strategic technical guidance for the company, including identification of emerging market trends both in the organization’s areas of expertise as well as those of our existing and potential customer base. I worked closely with the owners, CEO, COO, and CFO to help them understand the rapidly-evolving landscape of systems administration and the underlying technologies driving the field, as well as providing guidance and data regarding the recent, current, and possible future state of the consultants with respect to performance, skill development, and industry trends. I provided leadership, guidance, and mentorship to an in-house team of 6 senior techincal consultants and 8 technical sales staff, developing, implementing, and evolving the company’s technical interview process and consultant support process as well as sales strategy. I served as evangelist for the company to the wider professional systems administrator community, liasing with the USENIX and SAGE professional organizations. I led development of the industry’s first Unix systems administrator certification through SAGE, and was a key participant in the development of the Linux Professional Institute’s Linux Systems Administrator certification, which became the CompTIA Linux+ certifcation. I worked with the professional community to establish and evolve industry standards and best practices for systems administration, many of which I spearheaded within Taos Mountain. I mentored individual systems administrators both one-on-one, and as part of a leadership development program I established during my tenure at the company.
- As Security Champion and Cybersecurity Subject Matter Expert for BlueCross BlueShield South Carolina, I provide mentorship, guidance, and leadership for an 18-person Cybersecurity Operations Team; I work both within the Information Systems organization and with other organizations in the Enterprise to evangelize cybersecurity and to help management, project leadership, technical staff understand the business value of recognizing and addressing risk, and incorporating operational cybersecurity principles into their workflow and process. I bring similar insight and value to senior management for the Enterprise.
- As a Network Security Analyst for CERT, I provided subject matter expertise to government departments and agencies, such as the Department of Defense, the Department of Homeland Security, the Defense Information Systems Agency, the Federal Bureau of Investigation, and various agencies in the Intelligence Community. I also worked independently within CERT to develop and lead classified research programs, often leading and coordinating work across multidisciplinary teams, both local and remote. I exhibited public professional leadership through presentations of unclassified research at professional conferences.
2021 Accomplishments
- Presented to BCBSA Spring 2021 ISRT on M365 vulnerabilities
- Obtained CompTIA Secure Cloud Professional certification
- Obtained CompTIA Cloud+ certification
- Discovered and reported multiple critical vulnerabilities in M365 tenant/tenant workloads to management, M365 team, SaaS team, and Microsoft
- Discovered and reported unintentional exposure of classified documents to DoD
- Discovered and reported unintentionally exposed credentials and security tokens from CMS to BCBSA, CMS, and CISA
- Discovered and reported, in conjunction with BlueIntel and BCBSA, unintentionally exposed credentials and security tokens from various federal departments and agencies to CISA
- Led research into Solarwinds breach, coordinated with BCBSA/BlueIntel, provided security perspective and regular updates to management and organization
- Led research into Microsoft Exchange breach, coordinated with BCBSA/BlueIntel, provided security perspective and regular updates to management and organization
- Took CompTIA Pentest+ certification exam
- Took CompTIA Data+ certification exam
- Attended Beau Bullock’s “Breaching the Cloud” training
- Completed Cybrary Advanced Penetration Testing training
- Completed ISC2 Certified Cloud Security Professional (CCSP) training
- Attended ISC2 Blue Team Summit
- Attended ISC2 CloudSecNext Summit
- Led research into PrintNightmare exploits, coordinated with BCBSA/BlueIntel, provided security perspective, updates to management, guidance/consulting for mitigation/remediation
- Led research into Accenture breach, coordinated with BCBSA/BlueIntel, provided security perspective and updates to management. Discovered breach went far beyond publicly-disclosed scope. Potential supply-chain attack affecting 1,500 clients, 100,000 users, 12PB of data.
- Researched Power Apps odata information leakage, notified NL CERT that the full ticket database for their country’s power grid was exposed.
- Released (the only available) POC for SecureWorks' revealed Microsoft AAD Seamless SSO brute-force/password-spray/account enumeration attack
- featured in a Recorded Future highlight, and an Ars Technica article (https://arstechnica.com/information-technology/2021/09/poc-exploit-released-for-azure-ad-brute-force-bug-heres-what-to-do/)
- Uncovered multiple misconfigurations and vulnerabilities in the 60+ servers on which we have WebSphere deployed and accessible from the Internet. Worked with cross-functional teams to find solutions and/or mitigations for these issues.
- Discovered HCL’s own main website, and its WebSphere test/demo environment, both suffer from similar misconfigurations as those I’ve been discovering and documenting in our own deployments. Reported the issues to HCL.
- Worked in coordination with Networks and ESSS to have unnecessary Microsoft Exchange Servers removed from the network entirely, or to cut off internet access to those that must remain online.
- Discovered and reported authentication/AIM weakness in BCBSA’s pension website https://blueplanning.com
- Exploited and reported vulnerability in internet-facing BigFix deployment to obtain unauthenticated access to configuration and software packages
- Discovered and reported unauthenticated access to HR and financial data for Tennessee Valley Authority
Recent experience
BlueCross BlueShield South Carolina
Subject Matter Expert Mar 2017 - Present
- Acts as cybersecurity champion for the enterprise
- Provide mentorship, guidance, and leadership for 18-person Cybersecurity Operations team
- Shares
key performance indicators
,threat intelligence
,strategic planning
,operational improvements
with board and senior management Collaborates
with key teams throughout organization to ensure organizational security needs are being addressed and thatbest practices
are adhered to- Develops operational cybersecurity
playbooks
for security eventtriage
andincident response
- Develops and maintains cybersecurity
operations procedures
forreal-time monitoring
,threat intelligence
gathering, and incident response - Designs, deploys, and maintains
Cyber Threat Analysis Center
capabilities (see MITRE’s “Ten Strategies of a World-Class Cybersecurity Operations Center”) - Develops cybersecurity
documentation
,policy
, andprocedures
- Performs advanced
threat hunt
activites - Performs
threat intelligence
gathering,analysis
, and dissemination - Develops and deploys
advanced cybersecurity analytics
- Develops
dark web
anddeep web
hunting techniques andautomated monitoring and alerting
- Tools include
Linux
,Python
,ArcSight
,Splunk
,FireEye
,Palo Alto
,Exabeam
,ExtraHop
,ProofPoint
and others
CERT
Software Engineering Institute, Carnegie Mellon University
Network Security Analyst Jan 2015 - Mar 2017
Where I work is not a CERT, it is THE CERT. To understand our mission, please see this page.
- Explores innovative new ways to bring to bear
network flow
metadata, rawpacket captures
,behavior-based indicators
,machine learning
, and variousenrichment
techniques to provide government departments and agencies with deeper, more robust, timely, andactionable network intelligence
. - Designs and employs unique
network visualization
techniques to provide real-time or retrospective insight intothreat behavior
. - Works in cooperation with various government agencies (DHS, DISA, DoD, USSS, etc.) to understand, coordinate, and satisfy sponsor needs
- Architects and employs
big data
analytics (R
,Spark
,Hadoop
, etc.) to quickly mine potentialthreat data
to facilitate and enhance threat hunt andsituational awareness
capabilities - Provides
subject-matter expertise (SME)
in consultative/advisory roles across functional groups within the organization and to government departments and agencies - Works to understand
Computer Network Defense (CND)
,Computer Network Exploitation (CNE)
, andComputer Network Attack (CNA)
in a holistic manner, applying lessons from each across the spectrum ofBlue Team
/Red Team
activities - Provides classroom instruction on a variety of topics (e.g.,
Cyber Kill Chain
,cryptography
, etc.) to various government departments and agencies - Gives back to the community through conference presentations, white papers, etc.
Sabbatical
Jan 2014 - Jan 2015
- One-year sabbatical to spend more time with family and explore personal interests
Infoblox
Senior QA Engineer Aug 2011 - Jan 2014
- Provide guidance and leadership to organization regarding performance and security testing of DNS products
- Instrumental in winning company’s largest multimillion dollar ISP sale, creating test and presentation strategy
- Hardened
DNS
,DHCP
, andIP Address Management
(DDI
) products using tools such asIxia BreakingPoint
,Metasploit
,Kali Linux
, and variousfuzzing
tools - Ensured product security posture by developing
automated security regression tests
inPython
- Promoted balance between product security and performance by designing efficient
anti-DDoS algorithm
Nominum
Performance Engineer May 2006 - July 2011
- Work as expert in product performance testing
- Analyzed product traffic via
Wireshark
to uncover product weaknesses and worked with developers to devisecountermeasures
- Mined terabytes of packet traffic for
pattern analysis
usingPython
andC
- Collaborated with developers to develop novel product features and attack
countermeasures
without sacrificing product performance
Self-employed
Vulnerability Assessor Jan 2006 - May 2006
- Ensured client security through
vulnerability assessments
using commercial off-the-shelf tools such asMetasploit
,Nessus
,nmap
,hping3
, etc. - Performed client
log analysis
to identify suspicious and anomalous behavior - Evaluated client attack surfaces and assessed client security
- Recommended vulnerability remediations and improvements to customer security architecture based on reported findings
Mirapoint
Developer, Security group Jul 2004 - Jan 2006
- Integrated third-party
antivirus
solutions into proprietary, legacyC/C++
API on top ofsendmail
- Collaborated on design and development of new security features, including
antispam
andantivirus
solutions Reverse-engineered
certain closed APIs viablack-box testing
SETI Institute
Senior Unix Systems Administrator Jun 2002 - Jul 2004
- Provided architecture, installation, configuration, development, and field maintenance for prior, current, and forthcoming SETI observation systems.
- Provided architecture, installation, configuration, development, and maintenance for team of over 20 scientists and engineers in office.
- Acted as postmaster for SETI Institute, including design, implementation, and deployment of organization-wide antispam and antivirus solutions.
- Rearchitected Institute-wide data retention strategy, assisted in development of data integrity policy.
- Rearchitected data retention strategy for observation system, defined data integrity policy.
- Implemented and managed remote access solution for Institute (150 employees).
- Assisted in design, deployment, and maintenance of Institute network and security infrastructure.
- Assisted in design, deployment, and maintenance of observation system network and security infrastructure.
- Developed IT policy and procedures for observation system relocation ($5mil-$10mil of equipment, shipped internationally, multiple times per year).
- Assisted in Institute facilities relocation, including design and deployment of new Institute firewall solution.
- Provided kernel-level support to observation system developers.
Taos Mountain
Chief Technical Officer Sep 1998 - Mar 2002
- Reporting to CEO, predicted market share for new technologies as a basis to direct corporate strategy.
- Provided leadership and guidance for in-house and field technical consultant teams as well as technical sales team.
- Led effort to redesign technical interview process
- Led effort to redesign/refocus internal technical training programs and resources.
- Drove executive-level tactical and strategic issues including initiatives to identify and productize key services for targeted markets; design and growth of high-end service products; identification and initiation of partnerships and strategic alliances; identification and development of industry Best Current Practices.
- Focused product development planning for enterprise-scale datacenter migrations and targeted infrastructure assessments to increase mindshare, client contact, placement, and revenue over a 6-month period.
- Initiated and solidified key long-term partnership opportunities including service alliances with industry leading security service providers and product partnerships with best-of-breed infrastructure monitoring vendors
- Implemented concise, corporate-wide career tracking plan within field of systems administration, focusing on both technical and soft skills
- Evangelized Taos to larger sysadmin community through professional relationships as board member for the SAGE Certification effort, and through speaking engagements at various professional gatherings, including the USENIX/SAGE LISA conference, the RubiCon security conference, and SVLUG.
- Provided mentorship, guidance, and leadership for over 700 systems administrators.
Commonwealth Edison (via IBM Global Services)
Unix Systems Administrator May 1997 - July 1998
- Provided general development and production Unix support (7/24/365) on over 200 SunOS and Solaris servers, both in-office and field-deployed, including data collection servers critical to the collection of all metered billing data for northern Illinois, and all systems used for split-second energy trades.
- Postmaster for company, providing e-mail solutions and management for a system handling more than 10 gigabytes (GB) of mail per week in a heterogeneous mail environment (Lotus Notes, cc:mail, Microsoft Exchange, and UNIX sendmail)
- Managed SecurID remote-access solution for over 5,000 remote users.
- Responsible for the maintenance of corporate DNS and NIS name server solutions, serving over 10,000 hosts.
- Played key role in acquisition, design, and deployment of multiple Sun E10000 servers for corporate IT consolidation project (several of the first Sun E10000 servers deployed by Sun).
- Rearchitected corporate backup solution to increase efficiency and lower cost of maintenance.
- Designed and maintained one-terabyte (TB) database architecture using a Sun Ultra Enterprise 4000 server and dual fiber-channel attached arrays.
Clearances
- DoD Top Secret/SCI (Current)
- DHS Top Secret Suitability (Current)
Certifications
- DoD 8570/8140 IAT Level 3 Certified
- DoD 8570/8140 IAM Level 2 Certified
- DoD 8570/8140 IAM Level 3 Certified
- DoD 8570/8140 IASAE Level 1 Certified
- DoD 8570/8140 IASAE Level 2 Certified
- ISC2 CISSP
- Offensive Security OSCP
- CompTIA Security+
- CompTIA Linux+
- CompTIA Cloud+
- CompTIA PenTest+
- CompTIA Secure Cloud Professional
- CompTIA Network Vulnerability Assessment Professional
Education
-
University of Chicago, M.A. and A.B.D. Experimental Cognitive Psychology
- Created a connectionist, simulated-annealing model of expository and narrative text comprehension. Coursework included graduate-level statistics, connectionist modelling, robotics.
-
University of Memphis, B.S. Experimental Cognitive Psychology
- minors: mathematics, computer science, philosophy
Honors and Awards
- Invited researcher at the DEUTSCHE FORSCHUNGZENTRUM FÜR KÜNSTLICHE INTELLIGENZ GMBH (German Institute for Artificial Intelligence)
- Advisor, Linux Professional Institute (LPI) Certification (this became the CompTIA Linux+ certification)
- Chair, SAGE Certification Ethics subcommittee
- Director and Vice President, SAGE Certification
- Founder and Leader, GOSSiP Project
- Invited keynote speaker, USENIX LISA Conference
- Founder, ISSA Silicon Valley Chapter
Selected Publications
- Langston, Mark C. (2014). The Accidental Altruist: Inferring Altruism from an Extraterrestrial Signal. In Vakoch, D. A. (Ed.), Extraterrestrial Altruism: Evolution and Ethics in the Cosmos (pp. 131-140). New York, NY: Springer.
- Langston, Mark C. (2003). Documentation Writing for Systems Administrators. Berkeley, CA: USENIX Association.
- Langston, Mark C., Trabasso, T., and Magliano, J. P. (1999). A Connectionist Model of Narrative Comprehension. In Ram, A. & Moorman, K. (Eds.), Understanding Language Understanding: Computational Models of Reading (pp. 181-226). Cambridge, MA: MIT Press.