Member Spotlight: Jason Reaves

In today’s member spotlight, Jason Reaves of Walmart shares how cybercrime has changed over the course of his career, from a focus on nation-states to the recognition of organized ransomware groups.
Jason Reaves

Today’s member spotlight is Jason Reaves, senior-level individual contributor for Walmart Global Tech. We asked him to share with us his journey in cybersecurity and how he is utilizing his RH-ISAC membership.

RH-ISAC: What is your background in cybersecurity? Where did you get your training and education?

Jason: I moved from a development and military intel background to cybersecurity, starting in the financial space doing alerts and handling triaging and incident response work before eventually moving into reverse engineering and detection engineering-based roles. There wasn’t much training and nothing in universities at the time when I got into cybersecurity, so primarily, I learned on the job and did crackmes and hung out on kernelmode forums to learn.

RH-ISAC: What made you decide to get into cybersecurity? 

Jason: When I was young, I was always interested in learning how game hacks and viruses worked. I didn’t know jobs existed in malware research, so when I saw a job opening, I thought it would be really fun.

RH-ISAC: What is your current role? What do you do in the day-to-day? 

Jason: My current role is a senior-level individual contributor for Walmart Global Tech. I have a pretty diverse background in multiple fields within InfoSec, along with some formal intel background and development work, so I get the freedom to work with various teams across InfoSec globally. It’s pretty fun because I get to work on a large variety of projects. Most of my day-to-day work is primarily in the realm of threat intelligence and malware research.

RH-ISAC: What do you enjoy most about working in the cybersecurity field? If you’ve had past careers, how has cybersecurity differed? 

Jason: I enjoy working on new things, which is good because this field changes daily. Cybersecurity has come a long way. When I started in the industry, cybercrime was considered a joke, and everyone focused on APT or nation-state activity. Since I started as a reverse engineer, my focus was always primarily on cybercrime because the toolsets were more interesting 99% of the time than in the APT realm, with the exception of an oddball zero-day in use. Over time people have realized that cybercrime isn’t just random teens on hackforums hanging out in a basement. It can actually surpass nation-states in complexity and tactics to the point where now we see collaboration happening between the groups. There have been lots of transitions from the reign of blackhole EK to Angler dropping zero-days, from nobody paying attention to clickfraud to all major EKs having their own clickfraud bots, from ransomware only showing up around the holidays to the surgical use against enterprises, and many more than I don’t have time to talk about here.

RH-ISAC: Sharing and collaboration are key to what we do. Can you share a story of how you were helped or when you helped another?

Jason: I presented a TLP-Red presentation a number of years ago at a BSides conference. At the time, Josh Platt and I had been researching Angler EK and the TDS rotator they were using. We discovered a specific affiliate involved and ended up finding a server that was being used as a main proxy node right before the main gate controller in Germany. I had a contact with a malware RE in a German security vendor, and so we reached out, and they managed to help the people clean up their server while retrieving all the code from the server. They shared it with us, so we began collaborating on how to leverage that information. We also shared our research with law enforcement. We ended up both creating frameworks to auto pull Angler EK payloads, exploits, and shellcode, leveraging that data from the server. That is probably one of the best cases I’ve had of collaborating with a trusted researcher that led to lots of cool things before Angler went down.

RH-ISAC: What do you think is the greatest benefit that the RH-ISAC community brings to your company?

Jason: Collaborating with other people is probably the biggest benefit. Sometimes the smallest clue can lead to the biggest wins when tracking threat groups and being able to collaborate on what others are seeing can end up providing lots of value.

RH-ISAC: What do you enjoy outside of work? 

Jason: I have 15 acres, so I spend lots of time outdoors with my family. I’ve also enjoyed powerlifting for a number of years now.

More Recent Blog Posts