Michael Bailey

About Me

A relatively recent graduate of George Mason University, I'm fundamentally interested about how to get slower things done quickly (automation), how to make things that are working break (security), and how to make things that are broken work (development).

I work at the Crypsis Group as one of their earliest employees (~10 employees at the time, May 2016), and continue to work for them after their Palo Alto Networks acquisition. I've had a direct role in a lot of different pots at Crypsis, from leading a incident response R&D project that made millions to working with the Director of IT to get SOC2 Type 1 (company acquired before Type 2 period) for Crypsis.

As a remote worker, generally I like to spend a decent amount of my free time in whatever city I'm in. Previously that's been DC and Philadelphia, but I have immediate family in London and NYC and plan to rent in the Central US throughout Spring 2021.

Education and Certification

George Mason University
BS in Information Technology, InfoSec Concentration
Class of 2019
Leadership:
Mason Competitive Cyber - Founder and President
Student Government - Undersecretary of IT
Mason SRCT - Systems Administrator

AWS Certified Solutions Architect Associate
Passed December 2020
Expires December 2023
Credential ID MBSXL3TBKBQQQ9S5
Got entirely too many questions on tape backups, still traumatized

Work Experience

Crypsis Group (a Palo Alto Networks Company)

DFIR ConsultantSeptember 2020 - Present
Security EngineerJanuary 2020 - September 2020
Junior Security EngineerMarch 2018 - January 2020
InternMay 2016 - March 2018

A mixture of internal security, development and DevOps, and external client work depending on which role you land on in this list.

NanoTech Computers

IT ConsultantMay 2015 - March 2018

Having Linux and Security background, not only was I able to handle the usual "You spilled soda on your keyboard" situations, I unlocked new service offerings for NanoTech, such as legal device unlocks, Linux administration and installation, etc.

Metier Defense Solutions

Technical ConsultantMay 2014 - August 2014

Worked in Metier's office (Sterling, VA, 9am-5pm) over the high school summer partially on overhead IT/Ops work, partially on the main mission which was mobile reverse engineering with the ultimate goal of exploitation.

Relevant Experience

Mason Competitive Cyber
President and FounderAugust 2016 - December 2019

Founded an organization from scratch that by the time I left had hundreds of Slack members, hosted both Linux and Cryptography advocacy workshops, several corporate guest circuits, weekly meetings, multiple sponsors, enough paperwork for a small enterprise, and and ran a relatively popular on-site CTF event. We were characterized even from GMU as very "self sustaining" and brought our own presentations week-after-week. While I frequently spoke when nobody else would, by the time I left I was largely just giving weekly announcements and handing it over to students trying to hone their speaking/presentation skills.

Mason Student Run Computing and Technology
Systems Administrator, Executive OfficerMay 2018 - May 2019

As an elected position, I had two primary roles as Systems Administrator.
As systems administrator, I supported applications such as URL shorteners, a "What's Open at this hour" application, and more. Monitored and responded to abuse complaints, which was critical having a strong .edu presence under my own school. Some of our apps were so well supported that GMU embedded them into their official apps. As the systems admin, I even signed an MOU alongside the president with Mason Dining around SLAs, etc for our most popular application "What's Open." I also introduced a bug bounty program. I personally found and patched a critical CSRF vulnerability in a relatively popular application.
As an executive officer, I had a vote in org matters. I was a significant part of executive conversations in the organization around events, networking (such as under the Mozilla Open Source Student network), how to handle member disputes, and even having to call a motion of no confidence on the president (unanimously passed) after members and leadership repeatedly complained in camera.

Mason Student Government
Undersecretary of ITMay 2017 - May 2019

According to the 2020 bylaws, the Undersecretary of IT (seemingly renamed) is as such:

[...] The Undersecretary shall be responsible for serving as a liaison between the students and the university technical community, working with various other entities to disseminate information to the student body, and serving as a technical resource to other areas of Student Government as needed.

As Undersecretary of IT, I advocated for 2FA adoption in the university, worked on the official .edu SG website, and tried to address WiFi issues by aggregating data about the problem amongst students. I also attempted to serve as a liaison between STEM majors and the Student Government, which I feel was very productive - after making introductions, a SRCT member took a higher secretary position before I had even left. STEM majors were under-represented in Student Government and I advocated for more outreach.

Mason VSE STEM Outreach
STARS MemberSeptember 2015 - November 2016

Went to local area middle/high schools advocating for George Mason University STEM programs, helping plan the pre-college program, etc. Quickly funding dried up faculty-side but I continued to advocate for STEM and the university on my own, with my own strategies. I also mentored the CyberPatriot team at Frost Middle School in this same vein after funding dried up and I left the outreach arm.

Key Projects

Crypsaurus
1,000s of suspicious hosts triaged
Platform that collected, processed (parsers, analyzers, etc), and ingested forensic details of checked-in systems at scale. Used as the main Crypsis driver for the majority of the company's existence (still used as a secondary system).

Security

Windows

AWS

Ruby

Host Forensics

Crypsis ELK-SIFT Auto-Scaling Fleet
Investigation servers spinning up and down daily
Responsible for the pipeline of infrastruction integrated with our ticketing system to automatically spin up/down servers - commonly referred to as "ELK/SIFT" internally - though they are customized much more. Highly customized base image, deployment pipeline, and controls all made with careful consideration to the daily process of a DFIR consultant. A significant footprint of Crypsis's infrastructure.

Linux

Python

VMware

Forensics

AccessAnywhere
Serverless document management system Implemented a system in AWS utilizing Zappa, a serverless framework system. Secured via a 2FA system and user management admin system - including 2FA lockout mechanisms. Also included serverless antivirus scanning. If a document was uploaded and failed a scan, it was locked out from the user, requiring a rotatable unlock password to load. Very strong CI/CD. Worked with a real company as part of our college capstone project. Lead development.

Security Best Practices

SDLC Management

AWS

Serverless

patriotCTF 2018 Head Organizer
Attended by ~80 including multiple schools from the tri-state area
Organized one of George Mason University's most significant cybersecurity events to date, bringing in competitive teams from most major schools in the VA region, as well as one or two from Maryland. Accepted and delivered on corporate sponsors.

Leadership

Organization

Planning

Fun

GRR Fleet Management System
Large scale response system
Multi-tenant secure system built to allow consultants to quickly spin up internet facing (leveraging SNI) by writing Nginx, HAProxy rules and Docker infrastructure on the fly over a provisioning API, providing both timed health feedback (scanning proxies for orphaned routes, etc) and provisioning results via Slack.

Security

Python

HAProxy

Nginx

Forensics Extraction via OAuth Flaw
OAuth abuse returns Digital Forensics artifact
Abused a major cloud provider's OAuth process in order to access account insights to faciliate forensic investigations, giving a massive competitive advantage to Crypsis. Note: did not hack anyone else's Oauth tokens or compromise any accounts.

Cloud

APIs

Authentication

Logs

Awards & Achievements

What caused the Iowa Democratic Caucus app debacle? Too little software testing	siliconAngle
Ethical Hacking at Mason	IV Estate (GMU Student Pub)
The Mason Competitive Cyber club captures Commonwealth Cyber Cup at state competition	George Mason University
Mason Competitive Cyber students compete, collaborate, and create a winning experience for all	George Mason University
Intro to Engineering Students Teach, Learn, and Serve During Mini STEM Showcase	George Mason University
Six Tips to Make Web Compromises Hurt a Little Less	Crypsis Group (self authored)
Keeping AWS Safe in an Unsafe World	Crypsis Group (self authored)
Open Source Tool Release: Gaining Novel AWS Access With EBS Direct APIs	Palo Alto Networks' Unit 42 (self authored)
Using New S3 Features to Give CloudTrail Logs Service-Side Enrichment	Palo Alto Networks SecOps (self authored)

2nd Place - Commonwealth Cyber Cup	2019
1st Place - Commonwealth Cyber Cup	2018
Tie for 1st - AWS Security Coding Challenge @ AWS Herndon	2018
1st - Booz Allen CTF @ GMU	2018
1st - Capital One Wargame @ Capital One	2018
1st Place - VT (Virginia Tech) Summit	2018
2nd Place - VT (Virginia Tech) Summit	2017
CyberPatriot National Finalist Team	2015
1st - Virginia Governor's Cyber Challenge	2014