What are you passionate about?
Developing software and conducting vulnerability research which will have an impact beyond a small group of people.
Who would you most like to swap places with for a day?
Tavis Ormandy, a well established and famous information vulnberability security researcher at Google’s Project Zero. It would be incredible to see his setup and how he conducts research into the internals of open and closed source operating systems and their security models, such as sandboxes on Windows.
How did you hear about ManTech?
LinkedIn. I found an internship that seemed related to reverse engineering and information security and became interested.
What do you like most about ManTech?
The amount of care the company puts into treating you well and finding you interesting work.
When I saw the internship by ManTech, I applied late at night and got a call the next morning. That alone was unheard of compared to all of my other applications, which took weeks and numerous forms before I got as much as an email which was not completely automated. The interview with ManTech was serious and really actually addressed our skills, aptitude, and passion, as opposed to the generic LeetCode interviews that you get everywhere else. Then, when COVID-19 happened, they found a way to transfer which office I would be working for and get me equipment so I could still do an internship. Finally, the people I worked with seemed genuinely interested in both teaching and guiding us, and getting us to do work that would create a serious, real world, viable product.
What about ManTech most appealed to you?
The area and type of work which ManTech does.
How have you balanced your internship/full time work, school (if currently taking courses) and home life through the pandemic?
The mere fact that ManTech took the time to find a way to get everyone who accepted an internship not only some work to do, but interesting, expansive work during a global pandemic and pay us competitively as interns was itself amazing. My method of dealing with the pandemic has been taking many medium to long walks of 20 minutes or more. Just simply not being inside the entire day is important.gm
What’s the coolest thing about what you’re working on now?
The work I did during my internship was expansive. We used programming languages in ways I had not used them before, and did some programming on a much lower level than I normally did at the time. The coolest part was that our two person intern team continued a project from a previous year and made it more effective, automated, and well documented to the extent where the tool is genuinely useful for assisting in serious, real world projects. I had not expected to do any work in that research area before the internship, but I am glad that I did.
Why did you choose your school and/or major?
Illinois Tech is certified by the NSA as a 4 year center of academic excellence in cyber defense education (4Y CDE). Illinois Tech also allows you to do a “co-terminal” degree that lets you get your bachelor’s with a minor and a master’s degree all at the same time in 5 years rather than 6, with the last year being undergraduate pricing and you get to take master’s classes as early as your fourth semester. In terms of my interest in cyber security, I have been interested in the “hacking” community since I was young when I would see people cheating in games. However, I did not jump into security until I read Kevin Mitnick’s autobiography “Ghost in the Wires,” at which point I picked up an introduction to information security book on Amazon and read through it in highschool. When I first when into university, I assumed I would be doing work along the lines of more conventional penetration testing, but have switched to interest in the research and development of the tools rather than just using them, resulting in me doing research in both IT and computer science, and choosing a minor of computer science: operating systems.
How will this internship/job help to advance your career?
When I start full time, I hope to be doing more research and development in the areas of interest that I have developed since the end of my internship and the start of my computer science research in areas such as automated vulnerability research through ARM and Windows fuzzers and automated harness generation for such fuzzers, and researching the viability of the exploits found. Understanding the vulnerability research and exploitation processes is useful everywhere, from the developers at game development studios and Internet of Things companies, to the cyber defense companies looking to make tools which mitigate and detect exploitation or reverse engineer and detect malware, to cyber offense.
What do you hope to accomplish within the next 10 years?
Become highly familiar with the internals of two or mote operating systems, conduct vulnerability research on them, and conduct exploit development on them. Develop open source tools in my free time and closed source tools at work which better my country and the world.
What advice do you have for someone thinking of interning/working at ManTech?
Do two or three CTF competitions to get some general knowledge. Choose an operating system you are interested in. Then, look at interesting tools on GitHub, blog posts, and books related to that operating system. Then, do a couple of small projects on it, like writing a couple of simple kernel modules for Linux, filter drivers for Windows, or even video game cheats against a game which allows you to safely turn of protection features and practice in an insecure environment, such as CS:GO. Always feel the need to poke around, but also always be careful not to do anything illegal, harmful, or without consent. Websites like HackThisSite.org, HackTheBox.eu, and exploit.education are free or cheap and always use protection technologies like virtual machines, containers, and VPNs, and are explicitly made for practicing penetration testing and software security assessments safely and responsibly.
One word to describe your time at ManTech so far.
Expansive.