I am a Security Researcher currently working with some of the world's best engineers and hackers on Akamai's Security Intelligence Response Team. Since Akamai's customer base represents a large chunk of the internet, most of my/our current focus is on scalable threats like botnets operators and Nation State campaigns. I also love writing code, designing systems, offensive security, and I even enjoy writing policy and research blog posts about all of it. Below is all of the work I have done in the Cyber Security domain, and I hope it protrays sufficiently the level of passion I have for this "career". It means a lot to me and I am excited to be able to share it with anyone who is interested. Thanks!
- GPA: 4.00
- Relevant Courses: Software and Security | Network and Internet Security | Introduction to Python | Privacy in the Digital Age | Cybersecurity Governance and Policy I-II | Information Security Risk Management | Introduction to Information Security Management | Telecommunications Management | Managing Digital Businesses | Tech Startup Market Discovery | IT Project Management | Digital Transformation | Object-Oreinted Programming for Managers | Introduction to Cyber Intelligence
- Capstone: Machine Learning/Artificial Intelligence
- Relevant Courses: Software Vulnerabilities (Grad) | Object Oriented Design | Computer Systems | Systems Security | Networks and Distributed Systems | Network Security | Theory of Computation | Cryptography | Foundations of Cyber | Cyber Law | Human and Computer Interactions
- OpenCTI - Analyst Essentials - Filigran, 2024
- Certified Information Systems Security Professional (CISSP)* - ISC2, 2023
- GIAC Certified Incident Handler (GCIH) - SANS Institute, 2022
- RED TEAM Operator: Advanced Malware Development - Sektor7 2023
- AWS: Associate-Level Developer - VMware, 2022
- Secret Clearance - Department of Defense, 2014
- Security Researcher II, Security Intelligence Response Team (SIRT) @ Akamai Technologies, Inc. (2022 - Current)
- Senior Threat Analyst (MDR) @ VMware Carbon Black (2021 - 2022)
- Freelance Vulnerability Researcher - HackerOne (2021)
- Systems Safety and Resiliency Intern @ Akamai Technologies, Inc. (2021)
- Cyber Security Engineering & Operations Co-op @ MIT Lincoln Laboratory (2020 - 2021)
- Sergeant @ United States Marine Corps (2014 - 2018)
- Akamai's Security Technology Group (STG) MVP - Q1, 2024
- Akamai High Performance Award - Fiscal year 2022
- VMware's "At Our Best" Award (x4) - Feb-Aug 2022
- Carnegie Mellon’s US Military Veterans Scholarship (25% of tuition) - May 2022
- Navy and Marine Corps Commendation Medal - Aug 2018
- Marine Corps Certificate of Commendation - Nov 2017
- InfectedSlurs Botnet Spreads Mirai via Zero-Days - Akamai Security Research 2023
- Proxyjacking: The Latest Cybercriminal Side Hustle - Akamai Security Research 2023
- The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile - Akamai Security Research 2023
- Uncovering HinataBot: A Deep Dive into a Go-Based Threat - Akamai Security Research 2023
- Emulating KmsdBot’s Command and Control and Examining Its Attack Traffic - Akamai Security Research 2022
- Proactive Threat Hunting Case Study: GhostCat - VMware 2022
- ‘TAU-TIN - SocGholish’ - VMware Carbon Black - Threat Analysis Unit 2022
- ‘TAU-TIN - Lorenz Ransomware’ - VMware Carbon Black - Threat Analysis Unit 2022
- Detecting Log4j in the Carbon Black Console - An evaluation Campaign by our Top MDR Analysts - VMware 2022
- 'Sifting for Botnets', In: "97 Things Every AppSec Professional Should Know", O'Reilly Media, Inc., 2024
- 'In Denial of Your Services', In: "97 Things Every AppSec Professional Should Know", O'Reilly Media, Inc., 2024
- SIG Download: Episode Two - The DDoS Deepdive - Akamai Security Intelligence Group 2023
- A new botnet takes a frosty bite out of the gaming industry. - CyberWire (Ep. 285) 2023
- HinataBot focuses on DDoS attack. - CyberWire (Ep. 279) 2023
- BSides San Diego 2024 - San Diego, CA (Upcoming)
- Southern California Linux Expo 2024 (SCaLE 21x) - Pasadena, CA
- SANS HackFest Summit 2023 - Hollywood, CA
- AppSec SoCal 2023 - Santa Monica, CA
- Botconf 2023: The Botnet and Malware Ecosystems Fighting Conference - Strasbourg, FR
- MSIT Heinz College of Information Systems and Public Policy - Carnegie Mellon University, 2023
- Security Consultant Roundtable - Akamai Technologies, Inc., 2023
- Akamai Security Masters - Akamai Technologies, Inc., 2023
- Computer Science/Cyber Security Co-op Student Panelist, - Northeastern University, 2021
- Thousands of Routers and Cameras Vulnerable To New 0-Day Attacks By Hostile Botnet - /. SlashDot, 2023
- Thousands of routers and cameras vulnerable to new 0-day attacks by hostile botnet - ArsTechnica, 2023
- NEW INFECTEDSLURS MIRAI-BASED BOTNET EXPLOITS TWO ZERO-DAYS - Security Affairs, 2023
- Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks - The Hacker News, 2023
- Novel Mirai-based DDoS botnet exploits 0-days to infect routers and security cameras - SC Magazine, 2023
- Mirai malware infects routers and cameras for new botnet - The Register, 2023
- https://www.darkreading.com/risk/ssh-servers-hit-in-proxyjacking-cyberattacks - Dark Reading, 2023
- Hackers Use Proxyjacking to Profit from Compromised SSH Servers' Bandwidth - CYWare, 2023
- Attackers add hacked servers to commercial proxy networks for profit - CSO Online, 2023
- Cybercriminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign - The Hacker News, 2023
- New proxyjacking attacks monetize hacked SSH servers’ bandwidth - Bleeping Computer, 2023
- A proxyjacking campaign is looking for vulnerable SSH servers - MalwareBytes Labs, 2023
- Dark Frost Botnet Targets Gaming Industry, Security Researchers Discover - Bitdefender, 2023
- Threatening botnets can be created with little code experience, Akamai finds - Tech Republic, 2023
- Gaming sector subjected to Dark Frost DDoS attacks - SC Magazine, 2023
- Cyber Security Headlines: GDPR turns 5, GitLab patches vulnerability, Russian industrial malware - CISO Series, 2023
- Dark Frost Botnet Launches Devastating DDoS Attacks on Gaming Industry - The Hacker News, 2023
- Mirai Hackers Use Golang to Create a Bigger, Badder DDoS Botnet - Dark Reading, 2023
- New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks - Bleeping Computer, 2023
- New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks - The Hacker News, 2023
- Go-based HinataBot latest botnet to focus on DDoS attacks - SC Magazine, 2023
- New Go-Based HinataBot Abuses Old Vulnerabilities for DDoS Attacks - CYWare, 2023
- Liam Hedsbeth, University of Tampa (2023 - Current)
- Tom Brier, United States Navy SEAL (2022 - Current)
- Erik Wong, United States Marine (2022)
- Security Engineering, CareerVillage.org (2022)
- Computer Science Peer2Peer Mentor, Northeastern University (2020 - 2021)
- ISC2 Associate (2023 - Current)
- San Diego Cyber Meetups, by the CISO Series Podcast (2023 - Current)
- SANS (2022 - Current)
- Malware Analysis Framework (Python, Linode, R2pipe, OpenAI API, Bash, Docker, Elastic)
- Akamai's Central Threat Intelligence Hub (Python, Pycti, OpenCTI, PostgreSQL, Elastic)
- "Helios" Honeypot Exploitation Trend Analysis Tool (Go, Gin, MongoDB, Google Custom Search, OpenAI API, Linode, RabbitMQ, Elasticsearch)
- Automated Linode Abuse Reporting from Global Honeypots (Python, XARF, Elastic, Linode, Web Hooks)
- AI-Powered Static Malware Analysis Tool (Python, R2Pipe, Redress, OpenAI API)
- "UniWebPot" Global HTTP Honeypot Cluster (PHP, Nginx, Linode, Elastic, DigitalOcean, VPS)
- "Snifferpot" Global High-Interaction Honeypot Cluster (Go, Docker, Kubernetes, Nginx, Linode)
- "Omni" VMware Carbon Black's Automated IOC Analysis Plugin (JavaScript, Carbon Black)
- New Customer Threat Hunt Framework (Carbon Black, Excel)
- File-Infector Virus (C)
- Timing Side-Channel Password Recovery Exploit (Python)
- Application Fuzzer (Python)
- Return to Libc Demos (Python)
- Buffer Overflow Research (C)
- Manipulating System Calls Demo (C)
- Remote Buffer Overflow Demo (Python)
- Othello AI Using Minimax (Python, Jupyter)
- Wumpus World AI Using MDPs and Q-Learning (Python, Jupyter)
- Sentiment Analysis Machine Learning Classifier (Python, Jupyter)
- Fifteen Puzzle AI Using A* Search (Python, Jupyter)
- Sudoku Speed Solver AI (Golang)
- Sudoku Speed Solver AI (Golang)
- Cache-Oblivious Algorithm Research (C++)
- Thread-Safe Parallel Sort (C)
- Distributed Replicated Key-Value Datastore (Rust, Python)
- IP Flooder (Rust)
- IP Spoofer (Python)
- Timing Side-Channel Password Recovery Exploit (Python)
- Resilient Authentication Server (Python)
- Distributed Replicated Key-Value Datastore (Rust, Python)
- FTP Client (Python)
- Social Media Web Crawler (Python)
- BGP Router Firmware (Python)
- Network Scanner (Python)
- ARP Poisoner (Python)
- File-Infector Virus (C)
- Return to Libc Demos (Python)
- Buffer Overflow Research (C)
- Clipboard Logger (Python)
- Manipulating System Calls Demo (C)
- Remote Buffer Overflow Demo (Python)
- Key-Logger (Python) | MAC Changer (Python)
- Application Fuzzer (Python)
- Thread-Safe Memory Allocator (C)
- Digital Expansion of Aldi into Rural Regions (Managing Digital Business)
- AI-Powered Class Schedule Manager Design (IT Project Management)
- Market Discovery for SMB Regulation Management Product (Tech Startup Market Discovery)
- E-Payment System Design for Pittsburgh International Airport (Managing Digital Business)
- Risk Management Policy for JPMorgan Chase (Risk Management)
- Northeastern Course Registration App (Python)
- Draw.io System Design Plugin (Javascript)
- CSV to Draw.io System Diagram Converter (Python)
- Interactive Animator (Java)
- "Certified Information Security Manager Exam Prep Guide", by Hemang Doshi
- "The Industries of the Future", by Alec J. Ross
- "CISM Review Manual 2015", by ISACA
- "Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us Abouut Who We Really Are", by Seth Stephens-Davidowitz
- "Digital Minimalism: Choosing a Focused Life in a Noisy World", by Cal Newport
- "CISM Certified Information Security Manager All-in-One Exam Guide" by Peter H. Gregory
- "The Staff Engineer's Path: A Guide for Individual Contributors Navigating Growth and Change", by Tanya Reilly
- "Essential CISM: Updated for the 15th Edition CISM Review Manual", by Phil Martin
- "Building a Second Brain: A Proven Method to Organize Your Digital Life and Unlock Your Creative Potential", by Tiago Forte
- "System Design Interview - An Insider's Guide", by Alex Xu
- "Thinking Better: The Art of the Shortcut in Math and Life", by Marcus du Sautoy
- "The Hacker Playbook: Practical Guide to Penetration Testing", by Peter Kim
- "Competing in the Age of AI: Strategy and Leadership When Algorithms and Networks Run the World", by Marco Lantisi
- "RTFM: Red Team Field Manual v2", by Ben Clark
- "Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities", by Vickie Li
- "Eleventh Hour CISSP: Study Guide", by Eric Conrad
- "(ISC)2 CISSP Ceritified Information Systems Security Professional Official Practice Tests", by Mike Chapple (x2)
- "Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us", by Eugene H. Spafford
- "Managing Kubernetes Resources Using Helm: Simplifying how to build, package and distribute applications for Kubernetes", by Andrew Block
- "The Official (ISC)2 CISSP CBK Reference" by Arthur J. Deane
- "Cyber Threat Intelligence Field Manual (CTI FM): For Decision-Makers, Analysts, and Operators across All Industries", by Chris Anthony
- "(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide", by Mike Chapple
- "AI 2041: Ten Visions for Our Future", by Kai-Fu Lee
- "The Innovator's Dilemma: The Revolutionary Book that Will Change the Way You Do Business", by Clayton M. Christensen
- "The Kill Chain: How Emerging Technologies Threaten America's Military Dominance", by Christian Brose
- "Bug Bounty Playbook", by Alex O. Thomasex
- "Bug Bounty Automation With Python: The secrets of bug hunting", by Syed Abuthahir
- "The Dark Net: Inside the Digital Underworld", by Jamie Bartlett
- "Information Security Policies and Porcedures: A Practitioner's Reference", by Thomas R. Peltier
- "Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones", by James Clear
- "The Hacker Crackdown: Law and Disorder on the Electronic Frontier", by Bruce Sterling
- "Quantum Computing for Everyone", by Chris Bernhardt
- "Cyber Threat Intelligence: The No-Nonsense Guide for CISOs and Security Managers", by Aaron Roberts
- "Software Security: Building Security In", by Gary McGraw
- "Learn Python the Hard Way", by Zed A. Shaw
- "Future Crimes", by Marc Goodman
- "CSSLP Certification All-in-one Exam Guide", by William Arthur Conklin
- "Eniac: The Triumphs and Tragedies of the World's First Computer", by Scott McCartney
- "Official (ISC)2 Guide to the CSSLP CBK ((ISC)2 Press)", by Mano Paul
- "Cyber Hacking: Wars in Virtual Space", by Scientific American
- "Bad Blood: Secrets and Lies in a Silicon Valley Startup", by John Carreyrou
- "The Rust Programming Language", by Steve Klabnik
- "Artificial Intelligence: A Modern Approach", by Stuart Russell
- "You'll See This Message When It Is Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches", by Josephine Wolff
- "Hackable: How to Do Application Security Right", by Ted Harrington
- "How the Internet Happened: From Netscape to the IPhone", by Brian McCullough
- "Creativity Code", by Marcus du Sautoy
- "Cyberjutsu: Cybersecurity for the Modern Ninja", by Ben McCarty
- "Engineering a Safer World: Systems Thinking Applied to Safety", by Nancy G. Levenson
- "The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage", by Clifford Stoll
- "The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders, and Deceivers", by Kevin D. Mitnick
- "The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data", by Kevin D. Mitnick
- "The Art of Deception: Controlling the Human Element of Security", by Kevin D. Mitnick
- "Ghost in the Wires: My Adventures as the World's Most Wanted Hacker", by Kevin D. Mitnick (x2)
- "Kingpin: How One Hacker Took Over the Billion-Dollar Cyberrime Underground", by Kevin Poulsen
- "Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon", by Kim Zetter (x2)
- "Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers", by Andy Greenberg
- "Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World", by Joseph Menn
- "Spam Nation: The Inside Story of Organized Cybercrime - from Global Epidemic to Your Front Door", by Brian Krebbs
- "Dark Territory: The Secret History of Cyber War", by Fred Kaplan
- "Hello World: Being Human in the Age of Algorithms", by Hannah Fry
- "Blockchain Basics: A non-Technical Introduction in 25 Steps", by Daniel Drescher
- "Click Here to Kill Everybody: Security and Survival in a Hyper-connected World", by Bruce Schneier
- "Computer Networks: A Systems Approach, Fourth Edition", by Larry L. Peterson
- "Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World", by Marcus J. Carey
- "Continuous Discovery Habits: Discover Products that Create Customer Value and Business Value", by Teresa Torres
- "Practical IoT Hacking: The Definitive Guide to Attacking the Internet of Things", by Fotios Chantzis
- "Penetration Testing: A Hands-On Introduction to Hacking", by Georgia Weidman
- Email: allwestj@gmail.com
- LinkedIn: Allen West - Security Researcher
- Twitter: @CybersaurusWest