Mark Langston

Leadership Experience

  • As Chief Technical Officer of Taos Mountain, I was responsible for providing strategic technical guidance for the company, including identification of emerging market trends both in the organization’s areas of expertise as well as those of our existing and potential customer base. I worked closely with the owners, CEO, COO, and CFO to help them understand the rapidly-evolving landscape of systems administration and the underlying technologies driving the field, as well as providing guidance and data regarding the recent, current, and possible future state of the consultants with respect to performance, skill development, and industry trends. I provided leadership, guidance, and mentorship to an in-house team of 6 senior techincal consultants and 8 technical sales staff, developing, implementing, and evolving the company’s technical interview process and consultant support process as well as sales strategy. I served as evangelist for the company to the wider professional systems administrator community, liasing with the USENIX and SAGE professional organizations. I led development of the industry’s first Unix systems administrator certification through SAGE, and was a key participant in the development of the Linux Professional Institute’s Linux Systems Administrator certification, which became the CompTIA Linux+ certifcation. I worked with the professional community to establish and evolve industry standards and best practices for systems administration, many of which I spearheaded within Taos Mountain. I mentored individual systems administrators both one-on-one, and as part of a leadership development program I established during my tenure at the company.
  • As Security Champion and Cybersecurity Subject Matter Expert for BlueCross BlueShield South Carolina, I provide mentorship, guidance, and leadership for an 18-person Cybersecurity Operations Team; I work both within the Information Systems organization and with other organizations in the Enterprise to evangelize cybersecurity and to help management, project leadership, technical staff understand the business value of recognizing and addressing risk, and incorporating operational cybersecurity principles into their workflow and process. I bring similar insight and value to senior management for the Enterprise.
  • As a Network Security Analyst for CERT, I provided subject matter expertise to government departments and agencies, such as the Department of Defense, the Department of Homeland Security, the Defense Information Systems Agency, the Federal Bureau of Investigation, and various agencies in the Intelligence Community. I also worked independently within CERT to develop and lead classified research programs, often leading and coordinating work across multidisciplinary teams, both local and remote. I exhibited public professional leadership through presentations of unclassified research at professional conferences.

2021 Accomplishments

  • Presented to BCBSA Spring 2021 ISRT on M365 vulnerabilities
  • Obtained CompTIA Secure Cloud Professional certification
  • Obtained CompTIA Cloud+ certification
  • Discovered and reported multiple critical vulnerabilities in M365 tenant/tenant workloads to management, M365 team, SaaS team, and Microsoft
  • Discovered and reported unintentional exposure of classified documents to DoD
  • Discovered and reported unintentionally exposed credentials and security tokens from CMS to BCBSA, CMS, and CISA
  • Discovered and reported, in conjunction with BlueIntel and BCBSA, unintentionally exposed credentials and security tokens from various federal departments and agencies to CISA
  • Led research into Solarwinds breach, coordinated with BCBSA/BlueIntel, provided security perspective and regular updates to management and organization
  • Led research into Microsoft Exchange breach, coordinated with BCBSA/BlueIntel, provided security perspective and regular updates to management and organization
  • Took CompTIA Pentest+ certification exam
  • Took CompTIA Data+ certification exam
  • Attended Beau Bullock’s “Breaching the Cloud” training
  • Completed Cybrary Advanced Penetration Testing training
  • Completed ISC2 Certified Cloud Security Professional (CCSP) training
  • Attended ISC2 Blue Team Summit
  • Attended ISC2 CloudSecNext Summit
  • Led research into PrintNightmare exploits, coordinated with BCBSA/BlueIntel, provided security perspective, updates to management, guidance/consulting for mitigation/remediation
  • Led research into Accenture breach, coordinated with BCBSA/BlueIntel, provided security perspective and updates to management. Discovered breach went far beyond publicly-disclosed scope. Potential supply-chain attack affecting 1,500 clients, 100,000 users, 12PB of data.
  • Researched Power Apps odata information leakage, notified NL CERT that the full ticket database for their country’s power grid was exposed.
  • Released (the only available) POC for SecureWorks' revealed Microsoft AAD Seamless SSO brute-force/password-spray/account enumeration attack
  • featured in a Recorded Future highlight, and an Ars Technica article (https://arstechnica.com/information-technology/2021/09/poc-exploit-released-for-azure-ad-brute-force-bug-heres-what-to-do/)
  • Uncovered multiple misconfigurations and vulnerabilities in the 60+ servers on which we have WebSphere deployed and accessible from the Internet. Worked with cross-functional teams to find solutions and/or mitigations for these issues.
  • Discovered HCL’s own main website, and its WebSphere test/demo environment, both suffer from similar misconfigurations as those I’ve been discovering and documenting in our own deployments. Reported the issues to HCL.
  • Worked in coordination with Networks and ESSS to have unnecessary Microsoft Exchange Servers removed from the network entirely, or to cut off internet access to those that must remain online.
  • Discovered and reported authentication/AIM weakness in BCBSA’s pension website https://blueplanning.com
  • Exploited and reported vulnerability in internet-facing BigFix deployment to obtain unauthenticated access to configuration and software packages
  • Discovered and reported unauthenticated access to HR and financial data for Tennessee Valley Authority

Recent experience

BlueCross BlueShield South Carolina

Subject Matter Expert Mar 2017 - Present
  • Acts as cybersecurity champion for the enterprise
  • Provide mentorship, guidance, and leadership for 18-person Cybersecurity Operations team
  • Shares key performance indicators, threat intelligence, strategic planning, operational improvements with board and senior management
  • Collaborates with key teams throughout organization to ensure organizational security needs are being addressed and that best practices are adhered to
  • Develops operational cybersecurity playbooks for security event triage and incident response
  • Develops and maintains cybersecurity operations procedures for real-time monitoring, threat intelligence gathering, and incident response
  • Designs, deploys, and maintains Cyber Threat Analysis Center capabilities (see MITRE’s “Ten Strategies of a World-Class Cybersecurity Operations Center”)
  • Develops cybersecurity documentation, policy, and procedures
  • Performs advanced threat hunt activites
  • Performs threat intelligence gathering, analysis, and dissemination
  • Develops and deploys advanced cybersecurity analytics
  • Develops dark web and deep web hunting techniques and automated monitoring and alerting
  • Tools include Linux, Python, ArcSight, Splunk, FireEye, Palo Alto, Exabeam, ExtraHop, ProofPoint and others

CERT

Software Engineering Institute, Carnegie Mellon University

Network Security Analyst Jan 2015 - Mar 2017

Where I work is not a CERT, it is THE CERT. To understand our mission, please see this page.

  • Explores innovative new ways to bring to bear network flow metadata, raw packet captures, behavior-based indicators, machine learning, and various enrichment techniques to provide government departments and agencies with deeper, more robust, timely, and actionable network intelligence.
  • Designs and employs unique network visualization techniques to provide real-time or retrospective insight into threat behavior.
  • Works in cooperation with various government agencies (DHS, DISA, DoD, USSS, etc.) to understand, coordinate, and satisfy sponsor needs
  • Architects and employs big data analytics (R, Spark, Hadoop, etc.) to quickly mine potential threat data to facilitate and enhance threat hunt and situational awareness capabilities
  • Provides subject-matter expertise (SME) in consultative/advisory roles across functional groups within the organization and to government departments and agencies
  • Works to understand Computer Network Defense (CND), Computer Network Exploitation (CNE), and Computer Network Attack (CNA) in a holistic manner, applying lessons from each across the spectrum of Blue Team/Red Team activities
  • Provides classroom instruction on a variety of topics (e.g., Cyber Kill Chain, cryptography, etc.) to various government departments and agencies
  • Gives back to the community through conference presentations, white papers, etc.

Sabbatical

Jan 2014 - Jan 2015
  • One-year sabbatical to spend more time with family and explore personal interests

Infoblox

Senior QA Engineer Aug 2011 - Jan 2014
  • Provide guidance and leadership to organization regarding performance and security testing of DNS products
  • Instrumental in winning company’s largest multimillion dollar ISP sale, creating test and presentation strategy
  • Hardened DNS, DHCP, and IP Address Management (DDI) products using tools such as Ixia BreakingPoint, Metasploit, Kali Linux, and various fuzzing tools
  • Ensured product security posture by developing automated security regression tests in Python
  • Promoted balance between product security and performance by designing efficient anti-DDoS algorithm

Nominum

Performance Engineer May 2006 - July 2011
  • Work as expert in product performance testing
  • Analyzed product traffic via Wireshark to uncover product weaknesses and worked with developers to devise countermeasures
  • Mined terabytes of packet traffic for pattern analysis using Python and C
  • Collaborated with developers to develop novel product features and attack countermeasures without sacrificing product performance

Self-employed

Vulnerability Assessor Jan 2006 - May 2006
  • Ensured client security through vulnerability assessments using commercial off-the-shelf tools such as Metasploit, Nessus, nmap, hping3, etc.
  • Performed client log analysis to identify suspicious and anomalous behavior
  • Evaluated client attack surfaces and assessed client security
  • Recommended vulnerability remediations and improvements to customer security architecture based on reported findings

Mirapoint

Developer, Security group Jul 2004 - Jan 2006
  • Integrated third-party antivirus solutions into proprietary, legacy C/C++ API on top of sendmail
  • Collaborated on design and development of new security features, including antispam and antivirus solutions
  • Reverse-engineered certain closed APIs via black-box testing

SETI Institute

Senior Unix Systems Administrator Jun 2002 - Jul 2004
  • Provided architecture, installation, configuration, development, and field maintenance for prior, current, and forthcoming SETI observation systems.
  • Provided architecture, installation, configuration, development, and maintenance for team of over 20 scientists and engineers in office.
  • Acted as postmaster for SETI Institute, including design, implementation, and deployment of organization-wide antispam and antivirus solutions.
  • Rearchitected Institute-wide data retention strategy, assisted in development of data integrity policy.
  • Rearchitected data retention strategy for observation system, defined data integrity policy.
  • Implemented and managed remote access solution for Institute (150 employees).
  • Assisted in design, deployment, and maintenance of Institute network and security infrastructure.
  • Assisted in design, deployment, and maintenance of observation system network and security infrastructure.
  • Developed IT policy and procedures for observation system relocation ($5mil-$10mil of equipment, shipped internationally, multiple times per year).
  • Assisted in Institute facilities relocation, including design and deployment of new Institute firewall solution.
  • Provided kernel-level support to observation system developers.

Taos Mountain

Chief Technical Officer Sep 1998 - Mar 2002
  • Reporting to CEO, predicted market share for new technologies as a basis to direct corporate strategy.
  • Provided leadership and guidance for in-house and field technical consultant teams as well as technical sales team.
  • Led effort to redesign technical interview process
  • Led effort to redesign/refocus internal technical training programs and resources.
  • Drove executive-level tactical and strategic issues including initiatives to identify and productize key services for targeted markets; design and growth of high-end service products; identification and initiation of partnerships and strategic alliances; identification and development of industry Best Current Practices.
  • Focused product development planning for enterprise-scale datacenter migrations and targeted infrastructure assessments to increase mindshare, client contact, placement, and revenue over a 6-month period.
  • Initiated and solidified key long-term partnership opportunities including service alliances with industry leading security service providers and product partnerships with best-of-breed infrastructure monitoring vendors
  • Implemented concise, corporate-wide career tracking plan within field of systems administration, focusing on both technical and soft skills
  • Evangelized Taos to larger sysadmin community through professional relationships as board member for the SAGE Certification effort, and through speaking engagements at various professional gatherings, including the USENIX/SAGE LISA conference, the RubiCon security conference, and SVLUG.
  • Provided mentorship, guidance, and leadership for over 700 systems administrators.

Commonwealth Edison (via IBM Global Services)

Unix Systems Administrator May 1997 - July 1998
  • Provided general development and production Unix support (7/24/365) on over 200 SunOS and Solaris servers, both in-office and field-deployed, including data collection servers critical to the collection of all metered billing data for northern Illinois, and all systems used for split-second energy trades.
  • Postmaster for company, providing e-mail solutions and management for a system handling more than 10 gigabytes (GB) of mail per week in a heterogeneous mail environment (Lotus Notes, cc:mail, Microsoft Exchange, and UNIX sendmail)
  • Managed SecurID remote-access solution for over 5,000 remote users.
  • Responsible for the maintenance of corporate DNS and NIS name server solutions, serving over 10,000 hosts.
  • Played key role in acquisition, design, and deployment of multiple Sun E10000 servers for corporate IT consolidation project (several of the first Sun E10000 servers deployed by Sun).
  • Rearchitected corporate backup solution to increase efficiency and lower cost of maintenance.
  • Designed and maintained one-terabyte (TB) database architecture using a Sun Ultra Enterprise 4000 server and dual fiber-channel attached arrays.

     

Clearances

  • DoD Top Secret/SCI (Current)
  • DHS Top Secret Suitability (Current)

     

Certifications

  • DoD 8570/8140 IAT Level 3 Certified
  • DoD 8570/8140 IAM Level 2 Certified
  • DoD 8570/8140 IAM Level 3 Certified
  • DoD 8570/8140 IASAE Level 1 Certified
  • DoD 8570/8140 IASAE Level 2 Certified
  • ISC2 CISSP
  • Offensive Security OSCP
  • CompTIA Security+
  • CompTIA Linux+
  • CompTIA Cloud+
  • CompTIA PenTest+
  • CompTIA Secure Cloud Professional
  • CompTIA Network Vulnerability Assessment Professional

     

Education

  • University of Chicago, M.A. and A.B.D. Experimental Cognitive Psychology

    • Created a connectionist, simulated-annealing model of expository and narrative text comprehension. Coursework included graduate-level statistics, connectionist modelling, robotics.
  • University of Memphis, B.S. Experimental Cognitive Psychology

    • minors: mathematics, computer science, philosophy

     

Honors and Awards

  • Invited researcher at the DEUTSCHE FORSCHUNGZENTRUM FÜR KÜNSTLICHE INTELLIGENZ GMBH (German Institute for Artificial Intelligence)
  • Advisor, Linux Professional Institute (LPI) Certification (this became the CompTIA Linux+ certification)
  • Chair, SAGE Certification Ethics subcommittee
  • Director and Vice President, SAGE Certification
  • Founder and Leader, GOSSiP Project
  • Invited keynote speaker, USENIX LISA Conference
  • Founder, ISSA Silicon Valley Chapter

Selected Publications

  • Langston, Mark C. (2014). The Accidental Altruist: Inferring Altruism from an Extraterrestrial Signal. In Vakoch, D. A. (Ed.), Extraterrestrial Altruism: Evolution and Ethics in the Cosmos (pp. 131-140). New York, NY: Springer.
  • Langston, Mark C. (2003). Documentation Writing for Systems Administrators. Berkeley, CA: USENIX Association.
  • Langston, Mark C., Trabasso, T., and Magliano, J. P. (1999). A Connectionist Model of Narrative Comprehension. In Ram, A. & Moorman, K. (Eds.), Understanding Language Understanding: Computational Models of Reading (pp. 181-226). Cambridge, MA: MIT Press.