Veteran of the Cyber Wars
Wesley Shields
March 2011
 |
Wes Shields, a scientist for MITRE's Cyber Security Operations Center (CSOC), helps defend MITRE from cyber-attack while advising our sponsors on the effectiveness of cyber tools and processes. |
|
|
"Cybersecurity is like Cold War espionage with a modern twist," says Wesley Shields. "In the Cold War it was about stealing secrets from humans, but now information is stored on computers." Shields is a lead information security engineer and scientist for MITRE's Cyber Security Operations Center (CSOC). He and the rest of the CSOC team help defend MITRE from cyber-attack while advising our sponsors on the effectiveness of security tools and processes for mitigating cyber threats.
Just like those who pitted their wits against our Cold War foes, cybersecurity professionals enjoy few clear-cut victories and no ceasefires. "There's no end to the battle," says Shields. "The bad guys will never stop trying to steal our information. We just have to do the best we can to detect their attacks and defend against them."
In this battle, the rallying cry is "Know thy enemy!" Shields' role in MITRE's defense is to study the tools and techniques of cyber adversaries and build countermeasures to them. His intelligence forays can sometimes require no more than a day's work.
"Recently a new kind of attack made an appearance," he explains. "We needed to find out what defenses we had in place to mitigate this kind of attack or what defenses we could quickly adapt to do so. I took the phone off the hook, turned off my IM, and was able to come up with a fairly effective detection for this particular attack in the matter of an afternoon."
Other countermeasures can take longer to devise. "Often we'll say, 'We need to be able to detect malicious protocol X'. So we'll get a two- or three-person team together, take a close look at how the threat works, and spend one or two weeks developing and testing a new detection tool."
The Relentless Sentry
Shields' job is one that doesn't allow for inattentiveness. "As our adversaries evolve and change their tactics, we have to change our defenses to match. If our defenses are six months behind where our adversaries are, they're worthless. Tools that I built a year ago are not being used anymore. You just have to accept the fact."
He admits that it takes a certain kind of personality to fight a never-ending, all-but-unwinnable battle. "You need someone who's most interested in learning and building. If I build a software tool that doesn't get used, I don't care because at the end of the day I still learned something from building it."
Most of all, Shields says, you have to be someone who "always wants to be doing this kind of stuff." And Shields has been doing this stuff since he was a kid. "One of my earliest memories is coming home from elementary school and sitting next to my brother as he was programming something. My brother, who is six years older than me, was in high school and learning how to program in Pascal.
"I would watch him for hours just asking questions periodically. I had no clue what he was doing, but over time things became clear." To this day Shields and his brother work on projects together, sharing ideas and code.
A Culture of Freedom
When introducing Shields to the hacker culture, his brother took pains to point out that hacking skills could be used for activities other than sabotage or theft. Hackers, in fact, were the ones in the best position to make computers and the Internet more resilient against malicious programming.
Shields took his brother's lessons to heart; he has been employed in the computer security field in one guise or another since he was 16 years old. It wasn't until he arrived at MITRE, though, that he found the freedom to put his considerable training to its best use.
"The first time I sat down with my MITRE section leader, she had a list of projects that needed to get done in front of her. She showed me the list and said, 'What interests you? What do you want to work on?' And I was like, are you kidding me, you're my boss, you tell me!"
But Shields quickly became comfortable with MITRE's culture of trust and collaboration. "There's freedom at MITRE to address problems as you see fit. And over time, as you start to build relationships with your co-workers, and they start to understand your skill set, they start searching you out to help them address their problems."
Shields' co-workers often pass on to him cybersecurity questions from their customers. He is always happy to share what knowledge he has. Because in the cyber wars, the good guys can never afford to rest.
—by Christopher Lockheardt
Related Information
Articles and News
Technical Papers and Presentations
Websites
|
