Michael Bailey

Cybersecurity engineer, developer, DevOps & Cloud Enthusiast

About Me

A relatively recent graduate of George Mason University, I'm fundamentally interested about how to get slower things done quickly (automation), how to make things that are working break (security), and how to make things that are broken work (development).

I work at the Crypsis Group as one of their earliest employees (~10 employees at the time, May 2016), and continue to work for them after their Palo Alto Networks acquisition. I've had a direct role in a lot of different pots at Crypsis, from leading a incident response R&D project that made millions to working with the Director of IT to get SOC2 Type 1 (company acquired before Type 2 period) for Crypsis.

As a remote worker, generally I like to spend a decent amount of my free time in whatever city I'm in. Previously that's been DC and Philadelphia, but I have immediate family in London and NYC and rented through the central US throughout Spring 2021.

Education and Certification

GMU logo

George Mason University
BS in Information Technology, InfoSec Concentration
Graduated Winter 2019
Mason Competitive Cyber - Founder and President
Student Government - Undersecretary of IT
Mason SRCT - Systems Administrator

AWS Certified Solutions Architect Associate
Passed December 2020
Expired December 2023
Got entirely too many questions on tape backups, still traumatized

Work Experience

Palo Alto Networks

Senior Security Automation EngineerDecember 2021 - Present
DevOps EngineerFebruary 2021 - December 2021
DFIR Consultant (in Merger)September 2020 - Feb 2021

Taking a advantage of all that Palo has to offer as a best-in-class product enterprise to engineer the solutions I really always have.

Crypsis Group (a Palo Alto Networks Company)

DFIR ConsultantSeptember 2020 - Feb 2021
Security EngineerJanuary 2020 - September 2020
Junior Security EngineerMarch 2018 - January 2020
InternMay 2016 - March 2018

A mixture of internal security, development and DevOps, and external client work depending on which role you land on in this list.

NanoTech Computers

IT ConsultantMay 2015 - March 2018

Having Linux and Security background, not only was I able to handle the usual "You spilled soda on your keyboard" situations, I unlocked new service offerings for NanoTech, such as legal device unlocks, Linux administration and installation, etc.

Metier Defense Solutions

Technical ConsultantMay 2014 - August 2014

Worked in Metier's office (Sterling, VA, 9am-5pm) over the high school summer partially on overhead IT/Ops work, partially on the main mission which was mobile reverse engineering with the ultimate goal of exploitation.

Relevant Experience

Mason Competitive Cyber
President and FounderAugust 2016 - December 2019

Founded an organization from scratch that had hundreds of members, hosted both Linux and Cryptography advocacy workshops, several corporate guest circuits, weekly meetings, multiple corporate sponsors, enough paperwork to be more complicated than the average SMB, and ran a relatively popular on-site CTF event by graduation. We were characterized even by GMU itself in presentations as very "self sustaining" and conducted our own training under a peer model. While I frequently led training initially, by the time I left my day-of involvement was largely giving weekly announcements and handing it over to students trying to hone their speaking/presentation skills.

Mason Student Run Computing and Technology
Systems Administrator, Executive OfficerMay 2018 - May 2019

As an elected position, I had two primary roles as Systems Administrator.

  • As systems administrator, I supported applications such as URL shorteners, a "What's Open at this hour" application, and more. Monitored and responded to abuse complaints, which was critical having a strong .edu presence under my own school. Some of our apps were so well supported that GMU embedded them into their official apps. As the systems admin, I even signed an MOU alongside the president with Mason Dining around SLAs, etc for our most popular application "What's Open." I also introduced a bug bounty program. I personally found and patched a critical CSRF vulnerability in a relatively popular application.
  • As an executive officer, I had a vote in org matters. I was a significant part of executive conversations in the organization around events, networking (such as under the Mozilla Open Source Student network), how to handle member disputes, and even having to call a motion of no confidence on the president (unanimously passed) after members and leadership repeatedly complained in camera.

Mason Student Government
Undersecretary of ITMay 2017 - May 2019

According to the 2020 bylaws, the Undersecretary of IT (seemingly renamed) is as such:

[...] The Undersecretary shall be responsible for serving as a liaison between the students and the university technical community, working with various other entities to disseminate information to the student body, and serving as a technical resource to other areas of Student Government as needed.

As Undersecretary of IT, I advocated for 2FA adoption in the university, worked on the official .edu SG website, and tried to address WiFi issues by aggregating data about the problem amongst students. I also attempted to serve as a liaison between STEM majors and the Student Government, which I feel was very productive - after making introductions, a SRCT member took a higher secretary position before I had even left. STEM majors were under-represented in Student Government and I advocated for more outreach.

Mason VSE STEM Outreach
STARS MemberSeptember 2015 - November 2016

Went to local area middle/high schools advocating for George Mason University STEM programs, helping plan the pre-college program, etc. Quickly funding dried up faculty-side but I continued to advocate for STEM and the university on my own, with my own strategies. I also mentored the CyberPatriot team at Frost Middle School in this same vein after funding dried up and I left the outreach arm.

Key Projects

1,000s of suspicious hosts triaged
Platform that collected, processed (parsers, analyzers, etc), and ingested forensic details of checked-in systems at scale. Used as the main Crypsis driver for the majority of the company's existence (still used as a secondary system).

Host Forensics

Crypsis ELK-SIFT Auto-Scaling Fleet
Investigation servers spinning up and down daily
Responsible for the pipeline of infrastruction integrated with our ticketing system to automatically spin up/down servers - commonly referred to as "ELK/SIFT" internally - though they are customized much more. Highly customized base image, deployment pipeline, and controls all made with careful consideration to the daily process of a DFIR consultant. A significant footprint of Crypsis's infrastructure.


Serverless document management system Implemented a system in AWS utilizing Zappa, a serverless framework system. Secured via a 2FA system and user management admin system - including 2FA lockout mechanisms. Also included serverless antivirus scanning. If a document was uploaded and failed a scan, it was locked out from the user, requiring a rotatable unlock password to load. Very strong CI/CD. Worked with a real company as part of our college capstone project. Lead development.

Security Best Practices
SDLC Management

patriotCTF 2018 Head Organizer
Attended by ~80 including multiple schools from the tri-state area
Organized one of George Mason University's most significant cybersecurity events to date, bringing in competitive teams from most major schools in the VA region, as well as one or two from Maryland. Accepted and delivered on corporate sponsors.


GRR Fleet Management System
Large scale response system
Multi-tenant secure system built to allow consultants to quickly spin up internet facing (leveraging SNI) by writing Nginx, HAProxy rules and Docker infrastructure on the fly over a provisioning API, providing both timed health feedback (scanning proxies for orphaned routes, etc) and provisioning results via Slack.


Forensics Extraction via OAuth Flaw
OAuth abuse returns Digital Forensics artifact
Abused a major cloud provider's OAuth process in order to access account insights to faciliate forensic investigations, giving a massive competitive advantage to Crypsis. Note: did not hack anyone else's Oauth tokens or compromise any accounts.


Awards & Achievements

2nd Place - Commonwealth Cyber Cup


1st Place - Commonwealth Cyber Cup


Tie for 1st - AWS Security Coding Challenge @ AWS Herndon


1st - Booz Allen CTF @ GMU


1st - Capital One Wargame @ Capital One


1st Place - VT (Virginia Tech) Summit


2nd Place - VT (Virginia Tech) Summit


CyberPatriot National Finalist Team


1st - Virginia Governor's Cyber Challenge


Contact Me!

Forked from the extremely impressive Timothy Chen