Greg LeBlanc

Hi! I am a security researcher who has a facination with automation, development and scalable technology.
Throughout my career I've been fortunate enough to work on several amazing teams with talented folks who share the same passion. Currently I am focused on developing tactical solutions and workflow optimizations that enable other researchers and analysts to work faster and smarter.

Education

2013

Western Governors University

Master or Science in Information Security and Assurance

2010

Wentworth Institute of Technology

Bachelor of Science in Computer Networking and Information Systems

Experience

November 2022 - Current

Google (acquired Mandiant in 2022)

Staff Security Engineer

Delivered automated workflow enhancements to internal analyst and researcher cohort
Supported data gathering optimizations for large scale yearly public report
Automated workflow audit mechanism to codify manual processes in knowledge graph
Migrated infrastructure from on-premise deployment to native GCP aaS archiecture and Google-first technology
Architected client side analyst tooling to server sided, asynchronous solution
Worked closely with other internal teams to integrate data and analyst capabilities for both internal tooling and external products

March 2018 - Current

Mandiant

Principal Security Researcher

Led internal function that develops and delivers tactical solutions to analysts and researchers

Senior Security Researcher

Helped prototype and deliver large scale analysis platform.
Forward deployed into engineering team and performed actual engineering duties
Served as intermediary element between analysts and engineering
Helped proof of concept requirements to ensure accurate delivery
Deployed various systems and services to cloud platforms (SaaS & PaaS)
Helped troubleshoot production systems

October 2017 - March 2018

IBM

Intelligence Developer

Architected scalable intelligence infrastructure
Developed extensible Synapse API with custom middleware for robust role based access control and rate limiting
Began migration of existing data to new containerized infrastructure
Designed and completed beta Synapse UI written in Python & Flask
Enrolled current development efforts into a simple CI pipeline

September 2013 - October 2017

EMC

Principal Security Engineer

Developed, designed and implmented a robust Threat Intelligence (TI) framework that ingested, enriched, stored and disseminated TI to both analysts and automated controls
Served as a Level 3 analyst that handled escalations and coordinated efforts during large-scale incidents
Performed various Threat Hunting activities along with basic static and dynamic malware analysis
Helped categorize and attribute external threat actors using internally developed tradecraft
Deployed, managed and upgraded a clustered Threat Intelligence curation platform
Integrated a real-time collaboration solution for a Global Team including various custom automated bots that allowed user interaction to various tools
Managed multiple large high-performance computing environments that stored, analyzed and summarized internal packet, log and endpoint data
Deployed an internal source code repository that helped legitimize internal development efforts
Tutored Level 1 and Level 2 analysts various Intelligence and system administrative methods along with Python
Helped Implement the ISR (Intelligence, Surveillance and Reconnaissance) methodology to the Threat Intelligence workflow
Spoke at an internal RSA conference on ISR and Automation

Febuary 2011 - September 2013

MIT Lincoln Laboratory

Security Analyst

Architected and managed a Splunk Enterprise deployment
Managed and detected network based threats
(Dynamically) Reverse Engineered malware samples
Analyzed network traffic and third-party indicators for suspicious activity
Performed Threat Intelligence work, gathered indicators post compromise
Analyzed and categorized IoCs of known adversaries
Performed day to day incident handling roles and responsibilities

Side Projects and Interests

Raspberry PI Kubernetes Cluster
Cloudflare Tunnel Integration
Traefik Reverse Proxy
Home Assistant
OCR Driven Wood Stove Monitoring via Thermocouple Sensor
Wazuh OSS SIEM
Greylog Log Server
Zeek & Suricata IDS off of passive network sensor

Security, Systems and Technology Skills

Threat Intelligence & Network Forensics

95%

Linux Systems Administration

80%

Cloud Infrastructure

80%

Docker & Containerization

75%

Development

Python

100%

Javascript

50%

Scala

50%

Go

45%