Peter L. Jones, information security analyst, monitors for security vulnerabilities on the tens of thousands of devices in the WashU environment. Peter and the vulnerability management team keep track of everything from simple devices like phones to critical systems and servers by using regular scans and monitoring. His role involves problem-solving and decision-making, including determining “if a vulnerability is critical enough that people might need to be contacted the same morning.” If the vulnerability is critical enough, he asks, “whether the devices exist here, in a pretty big space.” Peter reports the answer to that question is often, “Because there are so many things on campus – they probably do, but can you find them? And then who is the human contact that can update them?” This scavenger hunt keeps Peter and his team very busy, on top of addressing known “vulnerabilities that must be handled in an automated methodical way.”
This sense of mission attracted Peter to a career in information security. He notes, “Once someone figured out how to make money off hacking things used by normal people, it was like inventing a new accelerant.” These bad actors use ransomware “to target wherever they can find a payoff- not just large corporations, but also hospitals, and independent dentist offices.” Some groups are “using ransomware to simply destroy things, regardless of a payoff.” Threats like these keep Peter and his team on their toes while they work to “prevent WashU from falling victim to these kinds of incidents.” Peter thinks a program called Splunk is “absolutely amazing” and makes his job more manageable. Peter uses Splunk to “normalize logs across applications and platforms.”
While Peter is responsible for identifying vulnerabilities, he must also communicate the issues with the device owners and ensure any vulnerability is updated or patched. Because of this, Peter wants our community to know that when they receive an email from his office, it isn’t simply “another level of inefficiency that you must deal with to get your work done.” While their team can relate to inconveniences and speed bumps that slow us down, “the consequences of not remediating critical vulnerabilities is evident in the news every day!” Our vulnerability management team is “trying to find ways we can all work together to avoid getting hacked.”
Peter started his journey in infosec with his father, where they wrote BASIC programs together. Peter eventually received a degree from the McKelvey School of Engineering, where he “worked on informatics projects for cancer research, psychiatry, and genetics.” He eventually worked on “system administration, looking at logs, creating rules for firewalls, remediating vulnerabilities in local applications and on websites.”
When Peter isn’t busy protecting our environment, he likes to walk and play with his rescue dog, Ernest or Ernie, for short. In addition, Peter is exploring the world of AI “to reverse engineer the ringtones on his phone.” He has also spent a lot of time attending They Might Be Giants concerts. While he doesn’t have an exact number, he says he has been to “over 15, but less than 50!”
Some resources that Peter recommends to the community to learn more about infosec are the books The Cuckoo’s Egg by Clifford Stoll, Lights Out by Ted Koppel, and Sandworm by Andy Greenberg. If you prefer podcasts, he recommends Safe Mode.