Digital forensics

Interview: Dr. Chase Cunningham, Threat Intelligence Lead for FireHost

May 15, 2015 by Infosec

Chase CunninghamAs the threat intelligence lead for FireHost, Dr. Chase Cunningham (CPO USN Ret.) proactively seeks out cyber threat tactics and technical indicators of various threat groups. He is regularly cited as an expert on cyber security and contributes to white papers and other publications. He is also the co-author of *The Cynja*, a comic designed to educate children about security threats and online best practices.

Prior to joining FireHost, Dr. Cunningham was the chief of cyber analytics for Decisive Analytics Corporation in Arlington, VA, where he acted as the principal lead on several research and development efforts. In this role, he led the authoring of a comprehensive paper on cyber workforce framework implementation that has been adopted by a partner nation as its cornerstone cyber future framework initiative.

Dr. Cunningham was also the lead computer network exploitation expert for the U.S. Joint Cryptologic Analysis Course in Pensacola, FL. His work was critical in developing the newly founded cyber training curriculum now used by the Department of Defense and different intelligence agencies’ military subcomponents.

Dr. Cunningham retired from the U.S. Navy in 2011. His tenure was spent in direct operational support of U.S. Intelligence agency operations abroad. During his last assignments as a chief cryptologic technician, Cunningham managed all research and development of cyber entities to assess threat vectors, network forensics, and methodologies of cyber actors across the intelligence community. Dr. Cunningham also acted as the senior cyber/Digital Network Intelligence (DNI) analyst for many new mission threads, where he handled all DNI reporting, analytics, coordination, and research. His analysis prompted action from various intelligence community agencies, including Federal Bureau of Investigation, Treasury, Central Intelligence Agency, Defense Intelligence Agency, Office of Naval Intelligence, Transportation Security Administration, Department of Homeland Security, and the National Security Agency.

You currently serve as the threat intelligence lead at FireHost at a time when cyber security threats keep many IT/IS folks up at night. What sorts of solutions do you offer to help businesses to thwart cyber attacks?

Our focus is really to do what others don’t typically do that well. At FireHost, we work to ensure that we collectively and accurately ingest the right pieces of intelligence across cyberspace so we can counter threat activity. It’s our job to meet the threats where they operate. We truly do leverage every piece of our threat stack and defensive tactics with a singular focus of beating the bad guys at their own game.

What exactly does your job entail on a day-to-day basis, and how has your role changed or evolved since you started working at FireHost?

Funny enough, I wish I could say I have a daily tempo or day-to-day role at FireHost. The very nature of the work we do requires all of us to be extremely dynamic. One day I may spend eight hours looking at packetized data streams and the next day I will be talking to clients and law enforcement about a particular threat activity, and the next I am working on advanced math to try and counter threat actions automatically. The only real change is that I also assist now in evaluating and gauging technology to determine where it might benefit our clients and if we can leverage a tool or tactic for a specific threat-countering purpose.

What hard and soft skills do you require to do your job effectively?

The hard skills are those that I’ve gained from working in the intelligence community for as long as I have. I must be able to walk the line between being very technical but also serve as someone that can work analytically and in a reporting fashion. I leverage my “soft skills” while interacting with C-level executives and during speaking sessions at industry events. It is critical that anyone in this role be very adaptable and able to discuss deeply technical matters across a wide range of knowledge bases.

You retired from the U.S. Navy in 2011. What was your role there, and what skills were you able to take from that experience over to FireHost?

The biggest skill I’ve been able to apply from my time in the Navy is the way we were taught to adapt to problems and always find a way to make things work. The ethos that we all lived by was “Semper Gumbi,” which means always flexible. It’s a bit tongue-in-cheek but it’s a saying that makes a lot of sense when I think about the roles and responsibilities I currently own for FireHost. It’s the learned skill of adaptability and the focus on meeting the needs of the mission which are paramount in the Navy and also in the corporate world.

In your opinion, are businesses generally aware of what they’re up against in terms of cyber security threats?

I think they are generally aware, but I don’t think most of them are focused on really operating in the reality of cyberspace. It is a war-fighting domain; it’s the Wild West and the only way to survive, much less thrive in that arena is to augment your processes as they apply to the environment. The cyber threat is extremely adaptable and malleable; companies need to be open to that as well. Innovation and rapid response to threats is where you thrive instead of just survive.

What sorts of threats do you see on the radar now that perhaps weren’t much of an issue, say, five years ago?

The biggest threat I’m seeing now is certainly the notion of bring your own device (BYOD). Everyone has their own personal device now and each one that is being brought into an environment is a potential threat. In the past, the perimeter was all that had to be defended; now literally everything from the inside-out must be locked down.

Are there recent cyber security threats that, while not a major problem at present, might be the cause of a lot of headaches in the future? If so, please explain.

Certainly, the one that keeps me up at night is the explosion of data that is being moved to the cloud insecurely. Cloud resources are cheap and many vendors are racing to the bottom of the price point to bring in customers with little if any concern for security. The more companies leverage and move to the cloud without a really hard look at not only what they are moving but the processes and security needs around that data, the likelihood of something going really wrong increases exponentially.

How can a company develop a corporate culture that includes a focus on cyber security, and who should be responsible for spearheading such an effort?

It starts with the little things. Most of the operational units I was deployed with had the saying, “take care of the little things, the big ones won’t come back and bite you.” That’s just as true in company culture and cyber security. If companies focus on the details and really apply those small cogs to the mechanism of their overall security culture and posture, they won’t go wrong. Ideally, in my humble opinion, every company should have a dedicated CSO and a dedicated person that trains on issues surrounding cyber security. That should be where the responsibility for a security culture begins, with those folks.

What sorts of mistakes do companies typically make that may leave them open to cyberattacks?

Again it’s always the details that get you; the little things. Typically companies do a great job of locking down the perimeter but they will ignore things like two-factor authentication or having a planned penetration testing schedule. Add that to not having a focused security culture and a mobile device infection scenario and bingo, bad things happen fast. Lastly, patching applications and systems isn’t hard, but most companies are atrocious at it. If companies would just do those simple things, it would make the target harder for the bad guys.

What kind of career advice would you give to a college or university student desiring to eventually get into the threat intelligence space?

Either you love it or you don’t. I have been doing this for years and the folks that do really well in this space love the work. It’s never like “CSI Cyber” or “The Matrix,” but we do get to do some cool stuff. If they have a real love for looking at problems from all angles and are willing to learn a lot about a ton of different things, (math, science, programming, crime, theft, etc.) they will love this space. Finally, I would say be flexible and be ready to get their hands dirty; we operate in the dark regions of cyber space and it’s not always pretty.

Posted: May 15, 2015
View Profile