About Me

#

My name is Mike, also known by my handle “Rem” in most internet circles. I am a SANS Technology Institute graduate, with a focus on digital forensics and incident response. I am also involved in the Python Software Foundation as a supporting member, and dedicate a large portion of time towards open source security.

Professionally, I work at Huntress as a security analyst by day and run a Cybersecurity organization of my own called Vipyr Security by night.

I can also be found on the Python Discord, where I contribute frequently towards Cybersecurity related discussions and help steer new members towards appropriate resources, answer questions, and assist in internal projects.

Experience

#

1. Huntress

   Present

   Security Analyst

   Security analyst levying malware reverse engineering skills to detect, triage, and mitigate security threats. Experienced in ELK, Sigma, YARA, Python, and Typescript with a focus on detection and response in enterprise-sized domains.

2. Vipyr Security

   Present

   Founder, Detection Engineer

   Founder & detection engineer implementing hand-written YARA schema to detect and mitigate at-scale supply chain security threats on the Python Package Index. Led program design specifications for cluster-based code security engine.

3. Wells Fargo

   Risk Management Analyst

   Analyzed corporate financial risk utilizing SQL & Python to perform data reconciliation and deviation analysis. Also authored secure and maintainable tooling for organizational data pipelines utilizing Python, Powershell, and M (Language), and SQL in PowerBI and Excel.

4. United States Air Force

   Program Analyst

   Performed a variety of duties including software testing, IT asset management, configuration management, software distribution lifecycles, and physical penetration testing. Managed secure systems and oversaw unit IT compliance auditing measures.

Certifications & Education

#

• GIAC Enterprise Penetration Tester (GPEN)
• GIAC Certified Forensic Analyst (GCFA)
• GIAC Certified Forensic Examiner (GCFE)
• GIAC Certified Intrusion Analyst (GCIA)
• GIAC Python Coder (GPYC)
• GIAC Certified Incident Handler (GCIH)
• GIAC Security Essentials (GSEC)
• GIAC Information Security Fundamentals (GISF)
• GIAC Foundational Cybersecurity Technologies (GFACT)

Publications & Referenced Work

#

• Managed SIEM and the Art of Perfecting Cyber Defense - 5 December 2024, Huntress
• Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors - 18 September 2024, Unit 42
• Cracks in the Foundation: Intrusions of FOUNDATION Accounting Software - 14 September 2024, Huntress
• Mapping Threats with DNSTwist and the Internet Storm Center - 20 August 2024, SANS Internet Storm Center
• When Trust Becomes a Trap: How Huntress Foiled a Medical Software Update Hack - 23 July 2024, Huntress
• Respawning Malware Persists on PyPI - 16 May 2023, Phylum

Accolades

#

• Deans List - SANS Institute Spring 2024
• PicoCTF 2024 - 138/6957, Global Leaderboard
• NCL Spring 2024 - 33/7412, Individual
• NCL Spring 2024 - 7/4199, Team (Team Captain)
• GIAC Advisory Board

Getting in Touch

#

The simplest way to contact me is through my Twitter handle @sudo_Rem.