LogRhythm Champion: Gene Cupstid

LogRhythm Network Champion Gene Cupstid

The LogRhythm Champions Network is an exclusive community of LogRhythm’s most passionate and strategic customers. This elite group of customer leaders in the InfoSec community are experts in all things LogRhythm. The LogRhythm Champions Network works to recognize these leaders for their advocacy efforts, connect them with fellow experts, and empower them to reach their personal and professional goals. Learn more about the people who choose to partner with LogRhythm.

This Champion Profile showcases Gene Cupstid, Senior InfoSec Operations Administrator. Here is Mr. Cupstid’s story, condensed from a recent interview.

What organization do you work for, and what is your current role?

For three years, I have worked for C.H. Robinson, which is a transportation company. Historically the company has focused on land, air, and sea logistics. However, recently the company has pivoted into a pure tech company by enabling our customers to leverage our platform to perform multiple functions along a supply chain.

My role revolves around security monitoring and threat detection. The LogRhythm SIEM is a central focus of my position. Consolidating important security data from different systems and tools around my is environment is a high priority. I write all the necessary collection scripts and parsing/Message Processing Engine (MPE) rules to ensure necessary data streams are pulled into LogRhythm. Once that data is in the SIEM, I also spend a lot of time engineering solutions, maintaining the system, and developing automation and correlation rules.

Were you hired to work specifically with LogRhythm and security tools or was it something you have adopted over the years?

C.H. Robinson hired me to work on the SIEM. I’ve been working with SIEM solutions since 2005. I’ve used pretty much all the major platforms available today, including Splunk, ArcSight, and QRadar. I cut my teeth on a product called enVision, which was owned by Network Intelligence and then bought by RSA. I had not actually used LogRhythm prior to being hired but based on all my prior experience with all the other SIEMs, I knew what was going on. Overall, it was a very easy transition.

What is your educational background?

I have an associate’s degree in science and also spent a year at Virginia Commonwealth University studying music. About three-quarters of the way through that first year, I realized I wasn’t going to be able to build a career around music and pivoted towards technology and computers. I found that self-learning worked far better for me than in a rigorous classroom environment. I’ve picked up my IT skills through a combination of books and videos while learning at my own pace.

Tell me a bit about your journey as an InfoSec professional. What personal experiences motivated you to get into this line of work?

I made the decision to get into the technology space around 2001; I’m feeling really old right now… I was going through a personal crisis since I realized that getting a chance to play in an orchestra was like winning the lottery. It’s not enough just to be good. At the time, I had a friend who worked at an international financial institution pull up his laptop and begin to help another friend troubleshoot a web server using a Linux terminal. He had cool background wallpapers and could create something in front of my eyes by simply typing in commands. I thought it was the coolest thing I’ve ever seen. It was like something straight out of the Matrix. I wanted to learn, so I asked him to teach me. He helped me get a job and became my mentor for four to five years.

Over time I naturally eased into security. I cut my teeth on Linux. Since it allows a user to gain exposure to more aspects of the operating system, than Windows, I was able to quickly learn the foundations and intricacies of computer technology. While I was learning my way around a computer, my mentor also showed me how to properly configure applications, and also how to exploit them. My coworkers would have impromptu hacking competitions or just mess with each other by doing things like compromising someone else’s workstation.

At the same time, I couldn’t get enough of the hacker culture. I saw the hacker movies and even read Neil Stevenson’s, In the Beginning was the Command Line. I was on the forums in the early days of the internet where a lot of collaboration and knowledge-sharing was taking place. It was all very cool. All of those things had a strong security bend to them. So, it was natural for me to go in that direction.

What drives you to continue to work in cybersecurity?

What drives me to continue working in cybersecurity is the creation. I have a natural love for what I do. Being able to bring things to existence with a terminal amazes me. Ever since joining this space, I have grown a deeper connection with what I do.

I found that I had a natural love for security. It’s difficult to describe. When I first saw my friend in the Linux terminal, he seemed to be able to create and control his world. Computers allow me to create and bring things into existence. It’s creation. It’s creativity. That’s my primary driver.

What is your cybersecurity philosophy? How does it drive your security programs?

My philosophy as a security professional is built around doing the right thing and upholding a high standard of behavior. I see myself as a wall that provides protection against the bad guys. I also don’t see myself standing alone but as part of a community. As cybersecurity professionals, we all work together to achieve a common goal.

Here is where knowledge-sharing and information-sharing become extremely important. Huge, actually. A robust and collaborative community that shares TTPs, IOCs, and tools stands a better chance of succeeding in protecting against threats. That was my primary driver behind co-developing LogRhythm Tools. I wanted to solve my business challenges, but also build them in a way others could benefit from it.

Which concerns you the most from an InfoSec perspective?

Two things concern me most: ransomware and the whole Continuous Integration/Continuous Delivery (CI/CD) Pipeline. Right now, we’re seeing a lot of supply chain attacks, for example, the recent SolarWinds breach, where if attackers can compromise the software pipeline, they can compromise everybody that uses that software.

Taking a step back, ransomware is certainly the thing that I’m most concerned about. Plain and simple, ransomware will bring a company to its knees. I’ve been on the wrong side of a breach, as a government contractor, and that company no longer exists. I’ve seen how a company can come crumbling down from the inside and how that affects individuals. There is a real-world impact to people and the injustices that play out as a result.

How do you feel cybersecurity has evolved over the years?

Both sides of cybersecurity have certainly evolved quite a bit. The security landscape is dual in nature: on one side, you’ve got the white hat, and on the other, the black hat. Those two sides are in a continuous evolution back and forth. This balancing act drives innovation and progression on both sides. On the white hat side of things, in the early 2000s, a lot of companies didn’t even have a security team or program of any kind. Security wasn’t even a consideration due to a lack of awareness and understanding. When you look at those same organizations today, they have established programs and teams in place with complex tools and procedures. So that’s been a big evolution in the role of security within a business.

Technology and visibility have changed radically over that time as well. In some cases, we’re at a point where AI is recognizing a threat and writing analytics rules on our behalf. At the same time, the amount of available security data I can analyze has dramatically improved. It was always frustrating in the early days to figure out what happened after an incident. There was a point in time where I had to grab a physical copy of impacted computers and serves to do forensic analysis. Thankfully, nowadays, we have endpoint detection and response (EDR) solutions, network solutions, and host forensics that provide real-time insights.

What do you do for fun? What do you like to do outside of the office?

First and foremost, I’m a husband and father of two boys. We spend a lot of time together as a family and even more so now that I work from home due to COVID. As a family, we enjoy board games and have a lot of fun with them. It is always a good time inviting neighbors over to play some board games as well.

Aside from my family, I love Legos. I’d say I’m a Lego enthusiast. I’ve got thousands of pieces and have created a mini-city with streets and houses with multiple levels fully furnished. Legos are a huge passion of mine, and I’m proud of what I’m able to create.

Why did you join the LogRhythm Champions Network?

I joined LogRhythm Champions Network for the community. I’m all about community in and around cybersecurity. When I see an opportunity to participate or help build community, I’m all about it.

To learn more about how to participate in the LogRhythm Champions Network, reach out to [email protected] or visit us here.