Evan Pena, a student in the George Mason MS in Management of Secure Information Systems (MSIS) program, presented at the 2013 Defcon Hacking Conference in Las Vegas. Defcon—one of the largest and oldest hacker conventions in the world— hosted about 15,000 attendees ranging from hackers to cyber security experts.
Pena is currently a consultant at Mandiant, a leading cyber security firm specializing in security response management, and presented on the company's behalf. Mandiant's clients include Fortune 500 companies and large government agencies. As a consultant, Pena handles incident response and computer forensics, along with penetration testing. Prior to consulting for Mandiant, Pena worked as a cyber security technician at Northrop Grumman.
A Texas native, Pena discovered he wanted to pursue a career in cyber security while attending The University of Texas at San Antonio and pursuing his degree in information systems and infrastructure assurance. Once he had discovered the career path he wanted to take, he decided moving to the DC metro area would be the best move for him.
"This area is great for networking," says Pena. "I came here to diversify my network which I might be able to leverage in my future."
Pena's next step in laying a strong foundation for his future was to return to school for a graduate degree.
"If I was competing for a higher level position, like manager or director, I think I would stand out as opposed to a different candidate with similar experience if I had a master's degree," he says.
The conveniently located Fairfax campus, along with the MSIS program's strong curriculum and flexibility attracted Pena to Mason.
"I work in Alexandria which isn't too far from the Fairfax campus," he says. "More importantly, the MSIS program works really well with the professional career schedule. Also, the program is ideal for someone who eventually wants to get into management at some point of their career, like me."
Working in a fast-paced field with an increasingly complicated landscape provides Pena with a high level of technical knowledge. He believes that the greatest benefits of the MSIS program are the leadership, management, and strength finding skills he is learning.
"The program definitely gets you to a different level of thinking. That's something I can take and apply to the workplace," he says.
Another skill gained through the MSIS program which Pena finds key in the cyber security field is the ability to communicate security issues with non-technical people.
"We often brief executives and can't go into the technical detail because they may not understand it. So what we have to try to do is present the big picture," says Pena. "In the more technical classes, I've had to tailor my papers for that demographic."
Due to the demographics of the attendees at Defcon, Pena's presentation titled, "Got Spies in the Wires?" was able to go into a lot of technical detail. The presentation covered malware beaconing techniques Mandiant has observed that avoid typical signature-based network IDS/IPS detection, as well as techniques used for command and control communication using common protocols.
"A lot of industry leaders and people I look up to go [to Defcon] and present," Pena told us before his presentation. "I'm very excited to get the opportunity to present. It's a pretty big deal."