Bill retired as the Supervisory Special Agent at Coast Guard Investigation Service (CGIS) Boston. As well as retiring as an 1811 after a full Federal stint, ran the Cleveland, OH Fusion Center, and was teaching active shooter classes when I caught up with him.
Some of you remember our first guy --an AFG vet --a Marine E5 who came to us about two years ago and I'm happy to say, he just got accepted to college full time. He started by being taught to dissect email headers and load databases. In the end he was doing all of our pushes into external facing systems. He wasn't much of an IT guy, but he helped out a lot.. he's going to school for Psychology.
Two months ago we hired another --a former Army MP. He's a young guy that'd been sweeping floors in that VA Transition Program. Turns out he's a pretty skilled guy, running systems, chasing bad guys. This kid's a rock star in the making. He needs some training and discipline --and we'll help with that, but the skills are all there.
Last week we hired another from that Transition Program --a Marine mechanic of 16 years. This guy had a collateral duty as IT, and now we've got him running social media and basic forensic analysis processes searching for threats. In my early days I had coworkers grepping for hints child porn in user logs. He is this guy --only not searching for porn, and yesterday he had his first good hit.
Yesterday interviewed another --our last for now. A former Army CI guy who'd been heading for a
'walking security' job in a mall or something. I asked Bill to interview him (which, as a guy who used to do background checks for the CG will now do ALL of our interviews), and we'll likely bring him on as well.
So why do I bring this up?
We've formed this new team. We call it "Team Jaeger" --the Hunt Team.
I really wanted a team who could hunt for threats to our customers (hunt, not hack) --proactively --and know what a threat looks like when they see it; when one of our customers is talked about in a bad way or some knucklehead in the dark web takes conversation a bit to far. Or maybe when our tripwire indicators start throwing flags suggesting a physical event is about to take place using cyber as the catalyst. I wanted a team that could communicate, and when needed, act as one. The team lead by a strong leader who understands what transitioning vets need, and could work both the personalities and the desire to learn something new --and something both valuable and very cool.
Bill is shaping this team of new folks that we're training up, and then introduce to the Red Sky membership for long term jobs. Our first interns (those who survived) did amazingly well.. Now we're (re)training hungry returning warriors in NH who understand the (cyber)warrior, (cyber)hunter mentality, and who can tell a threat when they see it, and, know how to write a SITREP.
Some of you know Jesse. I dropped him into the cell as the Advanced Cyber Analyst --the senior techie to help teach these wounded warriors. Jesse wears his tinfoil hat like a badge of honor, and knows the space better than anyone. He's a master in the underground and can help these guys navigate. He's the perfect guy for that job.
Results? Within the first couple of weeks we've completely reshaped some of our proactive reporting --reading tea leaves, and following footprints; blending traditional hunter techniques with cyber tipping and queuing and traditional all-source fusion processes. We tipped off a local (Oklahoma local) PD to a possible movie theatre shooting, and one of our banking customers to some negative activity by a guy that we researched a while back. We're tracking from early noise and coordination through the attack, and if need be, after the attack --And we're training wounded warriors to be the tip of the spear. Are we moving from cyber? No. But if we see something, we now have the manpower to say something --and we should --and we will.
Returning Warriors can be funded by a company or organization. We'll train them to hunt on your behalf, and when they're ready --if you choose, we'll roll them over to as an employee, keep them on in our SOC, or get them interview with companies in the Red Sky membership.
We're a cash flow company and we've hired as many of these folks as we can afford right now. We are looking for funding sources to fill our new spaces --we rented a handicapped accessible bunker for the new operations center, and we've partnered with a local NH company (FlowTraq) for the two principals --two Dartmouth PhDs to help teach these guys the ins and outs of monitoring flow.
Some props: Thank You to Richard and Audrey at Manchester, NHs VA Medical Center's Vocational Transition Program for supporting this program. The VA gets a lot of bad press, but these guys are rock stars.
Interested in participating? Funding a student? A training provider? Have a great product? Drop me a note. Or better yet, drop Bill Schenkelberg (the Jaeger Miester?) a note! Our guys need training on great products. If you're interested in partnering, we'd love to hear from you.
- We posted an update on Gh0stRAT, with full technical details and mitigation strategies.
- We pushed information related to SWIFT
- We pushed "new format" tailored cyber threat intelligence to subscribers
- We're preparing for our next round of Threat Intelligence University and...
As a reminder, we're co-hosting a Cyber Symposium in Huntsville, AL on June 7th. The agenda looks great with speakers from Red Sky/Wapack Labs (me and Chris), Lockheed Martin, Morphick Security and i3. Space is limited and we're filling up. If you're interested, drop our marketing person (Pamela) a note to get your name on the list.
Last, Threat Day in Stamford is coming up fast. The agenda there is also pretty full. This is a members only event, so if you've not RSVP'd to Pamela, please do so quickly.
OK folks.. that grass isn't going to mow itself!
Have a great weekend!