Sandia LabNews

Virtual tools bring cybersecurity experts together to tackle tough problems

Image of West Coast Winter Cohort 2020
HACKER ATTACKERS — The West Coast Winter Cohort, photographed in 2020 prior to the COVID-19 pandemic, brings together cybersecurity experts from all over the nation every year to tackle security issues and create collaborative relationships between agencies. (Photo by Michael Ellis Langley)

An annual workshop designed to bring the best minds in cybersecurity from Sandia and the federal government together to tackle pernicious security issues found a way to bring more people to the table despite a virtual environment.

Sandia cybersecurity researcher Jon Crussell runs West Coast Winter Cohort, which is organized by the Labs and in its fourth year.

“The purpose of the West Coast Winter Cohort is to bring together some of our partners in the federal government to foster working relationships and problem solving,” Jon said.

Every year, the cohort presents the participants with a current cybersecurity issue to tackle. The people are broken into teams to work on various parts of the issue, all to create relationships between agencies and cyber professionals with different skillsets.

“The challenge this year was malware obfuscations, which are basically impediments that are added to programs by cyber adversaries in order to make analysis harder,” Jon said. “They are explicitly put there by adversaries to make the process of reverse engineering the program harder. It’s very challenging to remove, so we were looking at techniques to automatically mitigate some of those impediments and remove them to help speed up malware analysis.”

Cybersecurity researcher Sophie Quynn builds tools to analyze malware at Sandia and, during the cohort, was the static analysis team lead.

“When it comes to malware analysis, there are two main types of analysis techniques: static and dynamic,” Sophie said. “Dynamic analysis is when you activate the malware in a sandbox environment and collect data on what it does. Static tools analyze the malware without running it, examining the code itself for malicious activity.”

Virtual success

Jon and Sophie said the event was a success.

“We had some nice feedback from one of the new entities where they are interested in some of the tools that are being built and looking for opportunities to collaborate some more,” Jon said. “Also, the problem space is quite large, and so I think we’ve identified some paths to continue working on in order to provide even more advanced cybersecurity capabilities.”

Sophie said the workshop will benefit her work at Sandia. “You get an insight into the little things that matter to our partners that you don’t think about from a user experience perspective when you’re just focused on the research. You get a sense of the kind of problems they’re facing and what’s helpful to them. One thing I learned was how important it is to build tools that seamlessly integrate into their systems.”

Staying together, apart

The event, held between Jan. 31 and Feb. 24, was virtual for the second year in a row, so Jon and his team made some enhancements for people working remotely on the same project at the same time.

“We had participants scattered across all U.S. time zones,” he said, “So we had this concept of core hours where people were expected to be online and available and to use those as the major time of the day to collaborate.”

Sophie said that it was important that no one was isolated.

“We had a buddy system, something that Jon implemented,” she said. “Every team member had a buddy that they needed to check in with every day. The idea was that no one was ever going a full day without having a one-on-one conversation with somebody about how they were doing.”

They also encouraged people to turn on video and set up social hours after the core hours so the 31 participants could chat socially.

“I think we were able to replicate that collaborative research environment,” Sophie said. “I did feel like I got to know my fellow teammates very well although we did not meet in person.”

Recent articles by Michael Ellis Langley