Phelix Oluoch: Keeping ahead of attackers

Written by Richard Broderick

Phelix Oluoch (MSST ’15) is a Senior Information Assurance Engineer for Lockheed Martin’s industrial division. He works on cyber security for Chevron Oil and Gas, which contracts for his services. In the future, he expects to be working under the same arrangement, but for NASA, perhaps, or Boeing.

At Chevron, Oluoch is part of a team tasked with a number of crucial cyber security responsibilities.

“In a nutshell I work with several senior security analysts to prevent, identify, and mitigate security incidents,” he explains. “That includes the monitoring of communication and cyber incident response. The job also has an intelligence aspect—threat intelligence and analysis.”

What this means in practice is that Oluoch is involved in preventing, identifying, and resolving “information security incidences.” He offers an illustration of the kind of work he’s engaged in. “What we do is use a set of information security technologies including SEIM [security information and event management] tools,” he explains. “These are layered hard and soft sensors on a network that detect security anomalies. When one is triggered, we look at the event, analyze, and triage the incident as necessary.”

The most common problems he encounters are phishing, malware, social engineering, and, occasionally, what he calls “opposition intelligence.”“Most of these problem are what we call APT [Advanced Persistence Threats],” Oluoch explains. “In most cases there is an involvement of a nation-state—like China—in an attempt to steal intellectual property and other information that can be used to gain a competitive business edge against Chevron.”

What does he like most about his job? “The challenge,” he said. “There’s almost always something new—and what I mean by that is attackers are always changing their tactics.

“It’s a cat-and-mouse chase. We keep remodeling the security technologies to prevent or detect what attackers are trying to do. That might be either new malware or new phishing methods—techniques for compromising a computer system in order to insert malware into the system. In some cases, that might involve something as simple as an email tricking the recipient into clicking on a link that downloads malware that breach security measures,” Oluoch said.

Another common technique is to send MS Word files that have malicious macros.

“Once you enable macros, the stage is set for all sorts of malicious activities,” Oluoch observes. “The bad guys can use a compromised computer as a pivot point into the company network. Once in the network, they can steal sensitive and other information, security credentials and even elevate their access levels to do more damage.”

“The game is always changing,” he says. “That’s what keeps it interesting.”