Joseph Slowik | joe@paralus.

co | +1 505 209 5759

Objective
Continue groundbreaking threat intelligence analysis, hunt, and research across a combination of critical
infrastructure, industrial control system (ICS), or vital network systems. Apply 15 years of information
security experience in either high-level individual contributor roles or front-line technical leadership.

Work Experience

Gigamon, May 2021 – December 2022

Cyber Threat Intelligence & Detections Engineering Team Lead, May 2021 – December 2022
• Managed a team of seven analysts in Cyber Threat Intelligence (CTI) research and network
detection development across multiple technologies (Zeek, Suricata, AWS Athena).
• Mentored and developed personnel in technical analysis and public presentation of findings.
• Directed program and platform improvements for a Network Intrusion Detection System (NIDS)
product covering over 30 clients to improve functionality and relevancy of generated alerts.
• Published and presented research on multiple security topics, including vulnerability assessment,
supply chain intrusion analysis, and ransomware mitigation.

Paralus LLC, August 2019 – Present

Owner & Course Author, August 2019 – Present
• Designed and taught multiple training courses focused on CTI, cyber defense strategic planning,
and ICS-specific threat intelligence.
• Engaged in multiple consulting engagements concerning CTI program development, CTI metrics
and measurements of effectiveness, CTI hiring assistance, and ICS defensive planning.
• Provided advice and guidance for ICS-specific security program development and CTI-related
activities in coordination with several government agencies and multinational organizations.

DomainTools, October 2020 – May 2021

Senior Security Researcher, October 2020 – May 2021
• Performed extensive research on adversary infrastructure and hosting tendencies covering both
crimeware and advanced persistent threat (APT) adversaries.
• Published multiple public blogs and white papers covering malicious activity and CTI theory to
further general network defense practices and highlight DomainTools products and data.
• Engaged in multiple discussions with industry leaders, major media outlets, and other entities to
inform public CTI-related reporting and understanding.

Dragos, April 2017 – October 2020

Principal Adversary Hunter, April 2017 – October 2020
• Hunted for ICS-focused malicious activity across public, commercial, and private data sets,
covering over fifteen defined CTI activity groups engaging in ICS-centric intrusions.
• Authored and supervised creation of detection rules and analytics for both threat hunting and
security product implementation, including Snort, YARA, and Zeek rule design.
• Analyzed hundreds of malware samples, including ICS-focused and more general IT samples,
covering various adversary groups while performing behavioral clustering.
• Wrote hundreds of CTI reports and dozens of blogs and white papers covering topics such as
malware analysis, intelligence practices, and strategic implications of observed operations.
• Worked with engineers and analysts to develop and deploy analytics across company detection
platforms while ensuring company products remained relevant to current threat behaviors.
• Performed extensive research into the 2015 and 2016 Ukraine power events, including multiple
publications and presentations describing new insights into the 2016 incident as a process
protection-focused attack intended to cause physical equipment damage.
• Advised multiple government and multinational corporation authorities on ICS and critical
infrastructure security concerns, including multiple in-person briefings and similar engagements.
Joseph Slowik | joe@paralus.co | +1 505 209 5759

Los Alamos National Laboratory, June 2014 – April 2017

Computer Security Incident Response Team Lead; June 2015 – April 2017
• Provided operational leadership and oversight to a diverse team of malware analysts, forensics
professionals, and SOC event handlers while personally contributing to security outcomes.
• Developed and implemented hunting processes for preemptively identifying vulnerabilities within
the network and placing analysts on an active defense posture.
• Regular participant in and key contributor to overall network security architecture planning and
deployment, including developing coverage and response procedures for non-Windows operating
systems and improving response posture on classified networks.
• Completed necessary process and documentation improvement actions to refine incident
response process, improve accountability, and standardize metrics collection.
• Provide technical risk analysis and threat briefings to various decision-makers to support network
development, management, and the acquisition and employment of new technology.
• Continued extensive independent threat intelligence research and technical development work,
combining malware analysis of samples of interest with open and classified source research to
develop actionable signature sets tailored to LANL’s network infrastructure.

Computer Security Incident Response Analyst; June 2014 – June 2015

• Perform extensive static and dynamic analysis of malware, resulting in network and host-based
signatures for various malware families, including actors referred to as APT3,
APT28/FancyBear/Sofacy, APT29/CozyBear, and others.
• Develop greater proficiency in malware debugging and reverse engineering, including production
of behavioral-based YARA rules and defeating anti-analysis techniques.
• Perform rapid, response-focused host forensics through tools such as EnCase and Volatility.
• Perform extensive open-source and classified threat intelligence research to identify actor
behaviors, and develop methodology for identifying changes in malware families of interest and
acquiring samples for preemptive analysis.

United States Navy, September 2009 – June 2014

Special Projects Officer, Navy Information Operations Command San Diego; September 2013 –
June 2014
• Directed cyber security and vulnerability assessments for ships in the San Diego area.
• Provided extensive vulnerability and risk assessment services on new and emerging naval
platforms, including work on ICS vulnerabilities and non-traditional C2 channels.
• Led development of new concepts of operations and technical solutions to improve security
monitoring on US Navy afloat platforms, increasing efficacy of network security monitoring.
• Developed and presented computer network defense and cyber warfare presentation for US
Army War College, designed for foreign flag officer exchange and doctrinal integration program.

Information Warfare Officer, USS WAYNE E. MEYER; February 2013 – August 2013
• Managed personnel, physical and information security programs at various levels of classification
for US Navy vessel with over 300 personnel.
• Developed improved information and operational security training programs.
• Regularly briefed chain of command and operational stakeholders on information threat
environment and mitigation procedures for reducing ship vulnerability.

Computer Network Operations Team Lead, National Security Agency; February 2011 – February 2013
• Directed specialized team of senior network analysts conducting network penetration and
intelligence collection operations on behalf of National Security Agency.
• Conducted hundreds of computer network exploitation operations against Windows and Linux
environments using multiple open-source and proprietary software tools.
• Developed high proficiency in vulnerability assessment and exploitation on target platforms of
interest, covering Windows and Linux operating systems as well as Juniper and Cisco devices.
Joseph Slowik | joe@paralus.co | +1 505 209 5759

• Coordinated operations with multiple stakeholders and customer entities, ensuring high-quality
intelligence and computer network operations support in line with received tasking.
• Regularly briefed senior leadership, including NSA, USCYBERCOM and Navy leadership.

Battle Watch Captain, Fleet Information Operations Command Maryland; March 2010 – February 2011
• Supervised a 24/7 watch floor providing intelligence and information operations support.
• Regularly briefed chain of command and supported elements on current intelligence picture while
tailoring watch section actions to best meet customer information requirements.

Selected Papers and Publications

• Exorcising the Ghost in the Machine: Debunking Myths Around Supply Chain Attacks – Gigamon
• Formulating a Robust Pivoting Methodology – DomainTools & SANS CTI Summit
• Stuxnet to CRASHOVERRIDE to TRISIS: Evaluating the History and Future of Integrity-Based
Attacks on Industrial Environments – Dragos
• A complete list of papers and publications can be found at: https://pylos.co/papers-publications-
and-external-postings/

Selected Presentations

• “Evaluating Indicators As Composite Objects” – RSAC 2022

• “Formulating An Intelligence-Driven Hunting Methodology” – FIRST Conference 2022
• “Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors” – RSAC 2019
• A complete list of presentations can be found at: https://pylos.co/presentations/

Education

University of North Carolina; Chapel Hill, NC

Master of Business Administration, October 2015 – December 2017
• Hybrid distance and on-site program for working professionals at a top-20 business school.
• Studies focusing on translating military and technical leadership ability to civilian sector-specific
management skills.

Northwestern University; Evanston, IL

Master of Science in Computer and Information Systems, March 2009
• Primary coursework in software development, project management, and software applications.
• Additional coursework in information security and relational database management.

University of Chicago; Chicago, IL

Master of Arts in the Humanities, June 2005
• Primary coursework in international relations, international trade, and applied ethics.
• Developed skills in statistical and econometric analysis to support applied research.

Michigan State University; East Lansing, MI

Bachelor of Arts in Philosophy, Honors College, w/Honors, May 2004
• Primary coursework in philosophical logic and ethics.
• Additional coursework in political science, international relations, history and economics.