Greg LeBlanc

Hi! I am a security researcher & engineer who has a fascination with automation, development and scalable technology.
Throughout my career I've been fortunate enough to work on several amazing teams with talented folks who share the same passion. Currently I am focused on developing tactical solutions and workflow optimizations that enable other researchers and analysts to work faster and smarter.

Education

2013

Western Governors University

Master or Science in Information Security and Assurance

2010

Wentworth Institute of Technology

Bachelor of Science in Computer Networking and Information Systems

Experience

November 2022 - Current

Google (acquired Mandiant in 2022)

Staff Security Engineer

Led the technical direction and development of critical, internal security tooling platforms used by the Google Threat Intelligence Group. Served as co-primary developer and maintainer, ensuring high availability, performance, and scalability.
Architected, deployed, and managed infrastructure for security tooling on Google Cloud Platform (GCP).
Provided expert-level support and troubleshooting for complex technical issues related to security tooling and infrastructure. Helped resolve production incidents, debugged code, and collaborated with cross-functional teams to identify and implement solutions.
Designed and implemented robust testing strategies for internal codebase which included unit tests, smoke tests, and integration tests to ensure code quality and reliability.
Managed and prioritized ticket queues, triaged new tickets, and served as a point of contact for security tooling inquiries. Provided timely and effective support to internal stakeholders and users.
Led and contributed to various internal initiatives focused on improving efficiency and automation. Identified opportunities for automation and developed product requirements.
Mentored and provided technical guidance to junior engineers. Shared knowledge, provided code reviews, and assisted with troubleshooting complex issues.
Contributed to the development and maintenance of documentation for security tooling and infrastructure. Created and updated technical documentation, contributing guides, and onboarding materials.

March 2018 - November 2022

Mandiant

Principal Security Researcher

Led internal function that develops and delivers tactical solutions to analysts and researchers

Senior Security Researcher

Helped prototype and deliver large scale analysis platform.
Forward deployed into engineering team and performed actual engineering duties
Served as intermediary element between analysts and engineering
Helped proof of concept requirements to ensure accurate delivery
Deployed various systems and services to cloud platforms (SaaS & PaaS)
Helped troubleshoot production systems

October 2017 - March 2018

IBM

Intelligence Developer

Architected scalable intelligence infrastructure
Developed extensible Synapse API with custom middleware for robust role based access control and rate limiting
Began migration of existing data to new containerized infrastructure
Designed and completed beta Synapse UI written in Python & Flask
Enrolled current development efforts into a simple CI pipeline

September 2013 - October 2017

EMC

Principal Security Engineer

Developed, designed and implemented a robust Threat Intelligence (TI) framework that ingested, enriched, stored and disseminated TI to both analysts and automated controls
Served as a Level 3 analyst that handled escalations and coordinated efforts during large-scale incidents
Performed various Threat Hunting activities along with basic static and dynamic malware analysis
Helped categorize and attribute external threat actors using internally developed trade craft
Deployed, managed and upgraded a clustered Threat Intelligence curation platform
Integrated a real-time collaboration solution for a Global Team including various custom automated bots that allowed user interaction to various tools
Managed multiple large high-performance computing environments that stored, analyzed and summarized internal packet, log and endpoint data
Deployed an internal source code repository that helped legitimize internal development efforts
Tutored Level 1 and Level 2 analysts various Intelligence and system administrative methods along with Python
Helped Implement the ISR (Intelligence, Surveillance and Reconnaissance) methodology to the Threat Intelligence workflow
Spoke at an internal RSA conference on ISR and Automation

Febuary 2011 - September 2013

MIT Lincoln Laboratory

Security Analyst

Architected and managed a Splunk Enterprise deployment
Managed and detected network based threats
(Dynamically) Reverse Engineered malware samples
Analyzed network traffic and third-party indicators for suspicious activity
Performed Threat Intelligence work, gathered indicators post compromise
Analyzed and categorized IoCs of known adversaries
Performed day to day incident handling roles and responsibilities

Side Projects and Interests

Raspberry PI Kubernetes Cluster
Cloudflare Tunnel Integration
Traefik Reverse Proxy
Home Assistant
OCR Driven Wood Stove Monitoring via Thermocouple Sensor
Wazuh OSS SIEM
Greylog Log Server
Zeek & Suricata IDS off of passive network sensor

Security, Systems and Technology Skills

Threat Intelligence & Network Forensics

95%

Linux Systems Administration

80%

Cloud Infrastructure

80%

Docker & Containerization

75%

Development

Python

100%

Javascript

50%

Scala

50%

Go

45%